RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2416.128892] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2416.129709] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2416.130515] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2416.131326] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:56:58 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c0550000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2416.214355] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. 23:56:58 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:56:58 executing program 0: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:56:58 executing program 2: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:56:58 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:56:58 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 5) [ 2416.350811] FAULT_INJECTION: forcing a failure. [ 2416.350811] name failslab, interval 1, probability 0, space 0, times 0 [ 2416.354048] CPU: 1 PID: 18990 Comm: syz-executor.5 Not tainted 5.10.234 #1 [ 2416.355785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2416.357697] Call Trace: [ 2416.358317] dump_stack+0x107/0x167 [ 2416.359152] should_fail.cold+0x5/0xa [ 2416.360039] ? create_object.isra.0+0x3a/0xa20 [ 2416.361159] should_failslab+0x5/0x20 [ 2416.362082] kmem_cache_alloc+0x5b/0x310 [ 2416.362914] create_object.isra.0+0x3a/0xa20 [ 2416.363809] ? kasan_unpoison_shadow+0x33/0x50 [ 2416.364834] kmalloc_order+0xfe/0x160 [ 2416.365732] kmalloc_order_trace+0x14/0xa0 [ 2416.366710] io_uring_setup+0x33c/0x2980 [ 2416.367638] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2416.368728] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2416.370080] ? wait_for_completion_io+0x270/0x270 [ 2416.371259] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2416.372543] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2416.373811] do_syscall_64+0x33/0x40 [ 2416.374686] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2416.375900] RIP: 0033:0x7f55940d4b19 [ 2416.376798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2416.381481] RSP: 002b:00007f559164a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2416.383326] RAX: ffffffffffffffda RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2416.385085] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2416.386833] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2416.388594] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2416.390338] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:15 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 1) 23:57:15 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 6) 23:57:15 executing program 4: fork() (fail_nth: 6) 23:57:15 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:15 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x0, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:15 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:15 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:15 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 1) [ 2432.630892] FAULT_INJECTION: forcing a failure. [ 2432.630892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2432.633848] CPU: 1 PID: 19007 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2432.635455] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2432.637251] Call Trace: [ 2432.637830] dump_stack+0x107/0x167 [ 2432.638619] should_fail.cold+0x5/0xa [ 2432.639452] _copy_from_user+0x2e/0x1b0 [ 2432.639551] FAULT_INJECTION: forcing a failure. [ 2432.639551] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2432.640454] io_uring_setup+0x9b/0x2980 [ 2432.640483] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2432.640510] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2432.646535] ? wait_for_completion_io+0x270/0x270 [ 2432.647630] ? rcu_read_lock_any_held+0x75/0xa0 [ 2432.648687] ? vfs_write+0x354/0xb10 [ 2432.649624] ? fput_many+0x2f/0x1a0 [ 2432.650461] ? ksys_write+0x1a9/0x260 [ 2432.651422] ? __ia32_sys_read+0xb0/0xb0 [ 2432.652395] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2432.653640] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2432.654752] do_syscall_64+0x33/0x40 [ 2432.655575] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2432.656672] RIP: 0033:0x7fe472bb9b19 [ 2432.657459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2432.661113] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2432.662794] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2432.664377] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2432.665953] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2432.667614] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2432.669163] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2432.670706] CPU: 0 PID: 19008 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2432.672287] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2432.674076] Call Trace: [ 2432.674646] dump_stack+0x107/0x167 [ 2432.675446] should_fail.cold+0x5/0xa [ 2432.676300] _copy_from_user+0x2e/0x1b0 [ 2432.677187] io_uring_setup+0x9b/0x2980 [ 2432.678089] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2432.679152] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2432.680279] ? wait_for_completion_io+0x270/0x270 [ 2432.681366] ? rcu_read_lock_any_held+0x75/0xa0 [ 2432.682407] ? vfs_write+0x354/0xb10 [ 2432.683222] ? fput_many+0x2f/0x1a0 [ 2432.684045] ? ksys_write+0x1a9/0x260 [ 2432.684887] ? __ia32_sys_read+0xb0/0xb0 [ 2432.685839] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2432.686999] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2432.688147] do_syscall_64+0x33/0x40 [ 2432.688971] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2432.690129] RIP: 0033:0x7f7154c4ab19 [ 2432.690949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2432.695053] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2432.696745] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2432.698357] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2432.699971] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2432.701585] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2432.703167] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2432.714370] FAULT_INJECTION: forcing a failure. [ 2432.714370] name failslab, interval 1, probability 0, space 0, times 0 [ 2432.716858] CPU: 0 PID: 19003 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2432.718308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2432.720011] Call Trace: [ 2432.720554] dump_stack+0x107/0x167 [ 2432.721367] should_fail.cold+0x5/0xa [ 2432.722164] ? security_prepare_creds+0x112/0x190 [ 2432.723217] should_failslab+0x5/0x20 [ 2432.724151] __kmalloc+0x72/0x390 [ 2432.724944] security_prepare_creds+0x112/0x190 [ 2432.726019] prepare_creds+0x452/0x5e0 [ 2432.726821] copy_creds+0x72/0x580 [ 2432.727593] copy_process+0xfdc/0x7800 [ 2432.728415] ? __lock_acquire+0xbb1/0x5b00 [ 2432.729303] ? lock_downgrade+0x6d0/0x6d0 [ 2432.730190] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2432.731427] ? __cleanup_sighand+0xb0/0xb0 [ 2432.732295] ? lock_acquire+0x197/0x470 [ 2432.733133] ? find_held_lock+0x2c/0x110 [ 2432.733988] kernel_clone+0xe7/0x980 [ 2432.734775] ? lock_downgrade+0x6d0/0x6d0 [ 2432.735651] ? find_held_lock+0x2c/0x110 [ 2432.736524] ? create_io_thread+0xf0/0xf0 [ 2432.737492] ? ksys_write+0x12d/0x260 [ 2432.738346] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2432.739399] __do_sys_fork+0x8a/0xc0 [ 2432.740185] ? kernel_thread+0xf0/0xf0 [ 2432.741044] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2432.742189] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2432.743266] ? trace_hardirqs_on+0x5b/0x180 [ 2432.744205] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2432.745317] do_syscall_64+0x33/0x40 [ 2432.746125] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2432.747205] RIP: 0033:0x7f04c97d0b19 [ 2432.747973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2432.751984] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2432.753644] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2432.755143] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2432.756597] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2432.758154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2432.759742] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2432.763275] FAULT_INJECTION: forcing a failure. [ 2432.763275] name failslab, interval 1, probability 0, space 0, times 0 [ 2432.766011] CPU: 0 PID: 19014 Comm: syz-executor.5 Not tainted 5.10.234 #1 [ 2432.767732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2432.769632] Call Trace: [ 2432.770210] dump_stack+0x107/0x167 [ 2432.770970] should_fail.cold+0x5/0xa [ 2432.771844] ? io_uring_setup+0x40b/0x2980 [ 2432.772734] should_failslab+0x5/0x20 [ 2432.773539] kmem_cache_alloc_trace+0x55/0x320 [ 2432.774554] io_uring_setup+0x40b/0x2980 [ 2432.775436] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2432.776529] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2432.777603] ? wait_for_completion_io+0x270/0x270 [ 2432.778635] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2432.779730] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2432.780812] do_syscall_64+0x33/0x40 [ 2432.781598] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2432.782665] RIP: 0033:0x7f55940d4b19 [ 2432.783444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2432.787301] RSP: 002b:00007f559164a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2432.788892] RAX: ffffffffffffffda RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2432.790391] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2432.791875] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2432.793368] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2432.794844] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:15 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 2) 23:57:15 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2432.867703] FAULT_INJECTION: forcing a failure. [ 2432.867703] name failslab, interval 1, probability 0, space 0, times 0 [ 2432.870136] CPU: 1 PID: 19022 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2432.871571] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2432.873309] Call Trace: [ 2432.873870] dump_stack+0x107/0x167 [ 2432.874639] should_fail.cold+0x5/0xa [ 2432.875449] ? io_uring_setup+0x258/0x2980 [ 2432.876332] should_failslab+0x5/0x20 [ 2432.877134] kmem_cache_alloc_trace+0x55/0x320 [ 2432.878116] io_uring_setup+0x258/0x2980 [ 2432.878974] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2432.879984] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2432.881052] ? wait_for_completion_io+0x270/0x270 [ 2432.882115] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2432.883224] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2432.884306] do_syscall_64+0x33/0x40 [ 2432.885098] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2432.886180] RIP: 0033:0x7fe472bb9b19 [ 2432.886973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2432.890910] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2432.892526] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2432.894034] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2432.895514] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2432.897004] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2432.898498] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:15 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 7) 23:57:15 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 2) [ 2432.998022] FAULT_INJECTION: forcing a failure. [ 2432.998022] name failslab, interval 1, probability 0, space 0, times 0 [ 2432.999591] CPU: 0 PID: 19025 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2433.000502] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2433.001577] Call Trace: [ 2433.001929] dump_stack+0x107/0x167 [ 2433.002407] should_fail.cold+0x5/0xa [ 2433.002907] ? io_uring_setup+0x258/0x2980 [ 2433.003466] should_failslab+0x5/0x20 [ 2433.003968] kmem_cache_alloc_trace+0x55/0x320 [ 2433.004578] io_uring_setup+0x258/0x2980 [ 2433.005113] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2433.005749] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2433.006398] ? wait_for_completion_io+0x270/0x270 [ 2433.007054] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2433.007734] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2433.008406] do_syscall_64+0x33/0x40 [ 2433.008896] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2433.009591] RIP: 0033:0x7f7154c4ab19 [ 2433.010076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2433.010399] FAULT_INJECTION: forcing a failure. [ 2433.010399] name failslab, interval 1, probability 0, space 0, times 0 [ 2433.012416] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2433.012439] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2433.012462] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2433.017553] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2433.018473] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2433.019392] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2433.020345] CPU: 1 PID: 19027 Comm: syz-executor.5 Not tainted 5.10.234 #1 [ 2433.021814] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2433.023545] Call Trace: [ 2433.024096] dump_stack+0x107/0x167 [ 2433.024861] should_fail.cold+0x5/0xa [ 2433.025660] ? create_object.isra.0+0x3a/0xa20 [ 2433.026620] should_failslab+0x5/0x20 [ 2433.027401] kmem_cache_alloc+0x5b/0x310 [ 2433.028242] create_object.isra.0+0x3a/0xa20 [ 2433.029306] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2433.030373] kmem_cache_alloc_trace+0x151/0x320 [ 2433.031344] io_uring_setup+0x40b/0x2980 [ 2433.032307] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2433.033405] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2433.034474] ? wait_for_completion_io+0x270/0x270 [ 2433.035757] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2433.036929] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2433.038052] do_syscall_64+0x33/0x40 [ 2433.038890] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2433.040050] RIP: 0033:0x7f55940d4b19 [ 2433.040947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2433.045137] RSP: 002b:00007f559164a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2433.046814] RAX: ffffffffffffffda RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2433.048278] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2433.049773] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2433.051264] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2433.052741] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2450.403589] FAULT_INJECTION: forcing a failure. [ 2450.403589] name failslab, interval 1, probability 0, space 0, times 0 [ 2450.406347] CPU: 1 PID: 19043 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2450.407949] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2450.409885] Call Trace: [ 2450.410500] dump_stack+0x107/0x167 [ 2450.411327] should_fail.cold+0x5/0xa [ 2450.412215] ? create_object.isra.0+0x3a/0xa20 [ 2450.413258] should_failslab+0x5/0x20 [ 2450.414034] FAULT_INJECTION: forcing a failure. [ 2450.414034] name failslab, interval 1, probability 0, space 0, times 0 [ 2450.414144] kmem_cache_alloc+0x5b/0x310 [ 2450.414171] create_object.isra.0+0x3a/0xa20 [ 2450.418506] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2450.419680] __kmalloc+0x16e/0x390 [ 2450.420496] security_prepare_creds+0x112/0x190 [ 2450.421598] prepare_creds+0x452/0x5e0 [ 2450.422487] copy_creds+0x72/0x580 [ 2450.423314] copy_process+0xfdc/0x7800 [ 2450.424204] ? __lock_acquire+0xbb1/0x5b00 [ 2450.425195] ? lock_downgrade+0x6d0/0x6d0 [ 2450.426154] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2450.427371] ? __cleanup_sighand+0xb0/0xb0 [ 2450.428355] ? lock_acquire+0x197/0x470 [ 2450.429268] ? find_held_lock+0x2c/0x110 [ 2450.430223] kernel_clone+0xe7/0x980 [ 2450.431065] ? lock_downgrade+0x6d0/0x6d0 [ 2450.432018] ? find_held_lock+0x2c/0x110 [ 2450.432943] ? create_io_thread+0xf0/0xf0 [ 2450.433910] ? ksys_write+0x12d/0x260 [ 2450.434782] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2450.435895] __do_sys_fork+0x8a/0xc0 [ 2450.436739] ? kernel_thread+0xf0/0xf0 [ 2450.437664] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2450.438857] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.440044] ? trace_hardirqs_on+0x5b/0x180 [ 2450.441025] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.442218] do_syscall_64+0x33/0x40 [ 2450.443070] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2450.444251] RIP: 0033:0x7f04c97d0b19 [ 2450.445095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2450.449374] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2450.451130] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2450.452770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2450.454433] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2450.456073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2450.457737] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2450.459402] CPU: 0 PID: 19044 Comm: syz-executor.5 Not tainted 5.10.234 #1 [ 2450.460908] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2450.462699] Call Trace: [ 2450.463265] dump_stack+0x107/0x167 [ 2450.464049] should_fail.cold+0x5/0xa [ 2450.464859] ? create_object.isra.0+0x3a/0xa20 [ 2450.465847] should_failslab+0x5/0x20 [ 2450.466658] kmem_cache_alloc+0x5b/0x310 [ 2450.467531] create_object.isra.0+0x3a/0xa20 [ 2450.468479] kmemleak_alloc_percpu+0xa0/0x100 [ 2450.469661] pcpu_alloc+0x4e2/0x1240 [ 2450.470551] ? io_tctx_exit_cb+0xf0/0xf0 [ 2450.471414] percpu_ref_init+0x31/0x3d0 [ 2450.472260] io_uring_setup+0x47a/0x2980 [ 2450.473132] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2450.474182] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2450.475083] FAULT_INJECTION: forcing a failure. [ 2450.475083] name failslab, interval 1, probability 0, space 0, times 0 [ 2450.475258] ? wait_for_completion_io+0x270/0x270 [ 2450.475299] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2450.479879] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.480968] do_syscall_64+0x33/0x40 [ 2450.481768] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2450.482850] RIP: 0033:0x7f55940d4b19 [ 2450.483647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2450.487534] RSP: 002b:00007f559164a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2450.489132] RAX: ffffffffffffffda RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2450.490652] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2450.492157] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2450.493665] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2450.495176] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:32 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 3) 23:57:32 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 8) 23:57:32 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:32 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x0, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:32 executing program 4: fork() (fail_nth: 7) 23:57:32 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:32 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x0, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:32 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 3) [ 2450.496698] CPU: 1 PID: 19042 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2450.498668] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2450.500630] Call Trace: [ 2450.501241] dump_stack+0x107/0x167 [ 2450.502083] should_fail.cold+0x5/0xa [ 2450.502954] ? create_object.isra.0+0x3a/0xa20 [ 2450.504003] should_failslab+0x5/0x20 [ 2450.504878] kmem_cache_alloc+0x5b/0x310 [ 2450.505823] create_object.isra.0+0x3a/0xa20 [ 2450.506831] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2450.508001] kmem_cache_alloc_trace+0x151/0x320 [ 2450.509081] io_uring_setup+0x258/0x2980 [ 2450.510036] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2450.511275] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2450.512596] ? wait_for_completion_io+0x270/0x270 [ 2450.513923] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2450.515287] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.516747] do_syscall_64+0x33/0x40 [ 2450.517722] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2450.519056] RIP: 0033:0x7fe472bb9b19 [ 2450.520030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2450.524743] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2450.526641] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2450.528341] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2450.530024] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2450.531679] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2450.533336] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2450.547821] FAULT_INJECTION: forcing a failure. [ 2450.547821] name failslab, interval 1, probability 0, space 0, times 0 [ 2450.550462] CPU: 1 PID: 19138 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2450.552005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2450.553870] Call Trace: [ 2450.554462] dump_stack+0x107/0x167 [ 2450.555280] should_fail.cold+0x5/0xa [ 2450.556129] ? create_object.isra.0+0x3a/0xa20 [ 2450.557154] should_failslab+0x5/0x20 [ 2450.558016] kmem_cache_alloc+0x5b/0x310 [ 2450.558925] create_object.isra.0+0x3a/0xa20 [ 2450.559909] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2450.561049] kmem_cache_alloc_trace+0x151/0x320 [ 2450.562106] io_uring_setup+0x258/0x2980 [ 2450.563017] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2450.564102] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2450.565297] ? wait_for_completion_io+0x270/0x270 [ 2450.566494] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2450.567860] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.569105] do_syscall_64+0x33/0x40 [ 2450.570025] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2450.571277] RIP: 0033:0x7f7154c4ab19 [ 2450.572110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2450.576280] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2450.577996] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2450.579589] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2450.581181] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2450.582811] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2450.584550] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:33 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x0, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:33 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:33 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:33 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 4) 23:57:33 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x0, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:33 executing program 4: fork() (fail_nth: 8) [ 2450.830785] FAULT_INJECTION: forcing a failure. [ 2450.830785] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2450.833395] CPU: 1 PID: 19360 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2450.834845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2450.836843] Call Trace: [ 2450.837555] dump_stack+0x107/0x167 [ 2450.838488] should_fail.cold+0x5/0xa [ 2450.839433] __alloc_pages_nodemask+0x182/0x600 [ 2450.840592] ? lock_release+0x680/0x680 [ 2450.841592] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2450.843009] ? lock_downgrade+0x6d0/0x6d0 [ 2450.844031] alloc_pages_current+0x187/0x280 [ 2450.844998] kmalloc_order+0x35/0x160 [ 2450.845816] kmalloc_order_trace+0x14/0xa0 [ 2450.846721] io_uring_setup+0x33c/0x2980 [ 2450.847596] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2450.848621] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2450.849703] ? wait_for_completion_io+0x270/0x270 [ 2450.850736] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2450.851829] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.852074] FAULT_INJECTION: forcing a failure. [ 2450.852074] name failslab, interval 1, probability 0, space 0, times 0 [ 2450.852903] do_syscall_64+0x33/0x40 [ 2450.852921] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2450.852933] RIP: 0033:0x7f7154c4ab19 [ 2450.852956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2450.861748] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2450.863337] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2450.864831] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2450.866327] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2450.867812] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2450.869301] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2450.870824] CPU: 0 PID: 19365 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2450.872276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2450.874032] Call Trace: [ 2450.874583] dump_stack+0x107/0x167 [ 2450.875347] should_fail.cold+0x5/0xa [ 2450.876144] ? __delayacct_tsk_init+0x1b/0x80 [ 2450.877085] should_failslab+0x5/0x20 [ 2450.877898] kmem_cache_alloc+0x5b/0x310 [ 2450.878751] ? prepare_creds+0x466/0x5e0 [ 2450.879609] __delayacct_tsk_init+0x1b/0x80 [ 2450.880514] copy_process+0x3319/0x7800 [ 2450.881350] ? __lock_acquire+0xbb1/0x5b00 [ 2450.882250] ? lock_downgrade+0x6d0/0x6d0 [ 2450.883113] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2450.884201] ? __cleanup_sighand+0xb0/0xb0 [ 2450.885076] ? lock_acquire+0x197/0x470 [ 2450.885916] ? find_held_lock+0x2c/0x110 [ 2450.886760] kernel_clone+0xe7/0x980 [ 2450.887526] ? lock_downgrade+0x6d0/0x6d0 [ 2450.888382] ? find_held_lock+0x2c/0x110 [ 2450.889232] ? create_io_thread+0xf0/0xf0 [ 2450.890097] ? ksys_write+0x12d/0x260 23:57:33 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 4) [ 2450.890902] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2450.892101] __do_sys_fork+0x8a/0xc0 [ 2450.892872] ? kernel_thread+0xf0/0xf0 [ 2450.893707] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2450.894788] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.895853] ? trace_hardirqs_on+0x5b/0x180 [ 2450.896753] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.897839] do_syscall_64+0x33/0x40 [ 2450.898607] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2450.899671] RIP: 0033:0x7f04c97d0b19 [ 2450.900434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2450.904247] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2450.905980] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2450.907455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2450.908926] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2450.910415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2450.911894] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:57:33 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 9) [ 2450.958594] FAULT_INJECTION: forcing a failure. [ 2450.958594] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2450.961236] CPU: 1 PID: 19415 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2450.962714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2450.964488] Call Trace: [ 2450.965047] dump_stack+0x107/0x167 [ 2450.965827] should_fail.cold+0x5/0xa [ 2450.966641] __alloc_pages_nodemask+0x182/0x600 [ 2450.967628] ? lock_release+0x680/0x680 [ 2450.968464] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2450.969744] ? lock_downgrade+0x6d0/0x6d0 [ 2450.970627] alloc_pages_current+0x187/0x280 [ 2450.971553] kmalloc_order+0x35/0x160 [ 2450.972362] kmalloc_order_trace+0x14/0xa0 [ 2450.973256] io_uring_setup+0x33c/0x2980 [ 2450.974125] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2450.975143] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2450.976208] ? wait_for_completion_io+0x270/0x270 [ 2450.977234] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2450.978342] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2450.979429] do_syscall_64+0x33/0x40 [ 2450.980207] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2450.981285] RIP: 0033:0x7fe472bb9b19 [ 2450.982066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2450.985936] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2450.987535] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2450.989036] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2450.990945] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2450.992798] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2450.994614] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:33 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2451.040325] FAULT_INJECTION: forcing a failure. [ 2451.040325] name failslab, interval 1, probability 0, space 0, times 0 [ 2451.042735] CPU: 0 PID: 19471 Comm: syz-executor.5 Not tainted 5.10.234 #1 [ 2451.044121] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2451.045760] Call Trace: [ 2451.046278] dump_stack+0x107/0x167 [ 2451.046990] should_fail.cold+0x5/0xa [ 2451.047738] ? create_object.isra.0+0x3a/0xa20 [ 2451.048630] should_failslab+0x5/0x20 [ 2451.049386] kmem_cache_alloc+0x5b/0x310 [ 2451.050183] create_object.isra.0+0x3a/0xa20 [ 2451.051048] kmemleak_alloc_percpu+0xa0/0x100 [ 2451.051923] pcpu_alloc+0x4e2/0x1240 [ 2451.052659] ? io_tctx_exit_cb+0xf0/0xf0 [ 2451.053477] percpu_ref_init+0x31/0x3d0 [ 2451.054262] io_uring_setup+0x47a/0x2980 [ 2451.055065] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2451.056020] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2451.057013] ? wait_for_completion_io+0x270/0x270 [ 2451.057983] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2451.059015] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2451.060023] do_syscall_64+0x33/0x40 [ 2451.060752] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2451.061764] RIP: 0033:0x7f55940d4b19 [ 2451.062498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2451.066108] RSP: 002b:00007f559164a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2451.067580] RAX: ffffffffffffffda RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2451.068955] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2451.070342] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2451.071726] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2451.073103] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:33 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x0, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:33 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:33 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 5) [ 2451.160626] FAULT_INJECTION: forcing a failure. [ 2451.160626] name failslab, interval 1, probability 0, space 0, times 0 [ 2451.163112] CPU: 1 PID: 19481 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2451.164606] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2451.166482] Call Trace: [ 2451.167067] dump_stack+0x107/0x167 [ 2451.167845] should_fail.cold+0x5/0xa [ 2451.168661] ? create_object.isra.0+0x3a/0xa20 [ 2451.169658] should_failslab+0x5/0x20 [ 2451.170473] kmem_cache_alloc+0x5b/0x310 [ 2451.171347] create_object.isra.0+0x3a/0xa20 [ 2451.172290] ? kasan_unpoison_shadow+0x33/0x50 [ 2451.173345] kmalloc_order+0xfe/0x160 [ 2451.174308] kmalloc_order_trace+0x14/0xa0 [ 2451.175389] io_uring_setup+0x33c/0x2980 [ 2451.176482] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2451.177779] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2451.179125] ? wait_for_completion_io+0x270/0x270 [ 2451.180446] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2451.181843] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2451.183224] do_syscall_64+0x33/0x40 [ 2451.184208] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2451.185506] RIP: 0033:0x7f7154c4ab19 [ 2451.186430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2451.191028] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2451.192902] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2451.194645] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2451.196196] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2451.197750] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2451.199270] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:51 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 6) 23:57:51 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:51 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x0, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:51 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x0, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2468.724225] FAULT_INJECTION: forcing a failure. [ 2468.724225] name failslab, interval 1, probability 0, space 0, times 0 [ 2468.726728] CPU: 0 PID: 19498 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2468.728337] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2468.730120] Call Trace: [ 2468.730681] dump_stack+0x107/0x167 [ 2468.731456] should_fail.cold+0x5/0xa [ 2468.732265] ? io_uring_setup+0x40b/0x2980 23:57:51 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 5) 23:57:51 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 10) 23:57:51 executing program 4: fork() (fail_nth: 9) [ 2468.733163] should_failslab+0x5/0x20 [ 2468.734076] kmem_cache_alloc_trace+0x55/0x320 [ 2468.735059] io_uring_setup+0x40b/0x2980 [ 2468.735920] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2468.736948] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2468.738030] ? wait_for_completion_io+0x270/0x270 [ 2468.739087] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2468.740192] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2468.741284] do_syscall_64+0x33/0x40 [ 2468.742104] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2468.743199] RIP: 0033:0x7f7154c4ab19 [ 2468.743985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2468.747926] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2468.749542] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2468.751081] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2468.752606] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2468.754140] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2468.755657] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2468.768626] FAULT_INJECTION: forcing a failure. [ 2468.768626] name failslab, interval 1, probability 0, space 0, times 0 [ 2468.771205] CPU: 0 PID: 19501 Comm: syz-executor.5 Not tainted 5.10.234 #1 [ 2468.772750] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2468.774509] Call Trace: [ 2468.775063] dump_stack+0x107/0x167 [ 2468.775832] should_fail.cold+0x5/0xa [ 2468.776644] ? percpu_ref_init+0xd8/0x3d0 [ 2468.777525] should_failslab+0x5/0x20 [ 2468.778340] kmem_cache_alloc_trace+0x55/0x320 [ 2468.779326] ? io_tctx_exit_cb+0xf0/0xf0 [ 2468.780184] percpu_ref_init+0xd8/0x3d0 [ 2468.781027] io_uring_setup+0x47a/0x2980 [ 2468.781911] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2468.782937] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2468.784010] ? wait_for_completion_io+0x270/0x270 [ 2468.785068] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2468.786183] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2468.787298] do_syscall_64+0x33/0x40 [ 2468.788099] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2468.789206] RIP: 0033:0x7f55940d4b19 [ 2468.790007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2468.794002] RSP: 002b:00007f559164a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2468.795590] RAX: ffffffffffffffda RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2468.797085] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2468.798590] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2468.800081] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2468.801632] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:51 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:51 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 7) [ 2468.889479] FAULT_INJECTION: forcing a failure. [ 2468.889479] name failslab, interval 1, probability 0, space 0, times 0 [ 2468.892014] CPU: 0 PID: 19504 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2468.893481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2468.895247] Call Trace: [ 2468.895805] dump_stack+0x107/0x167 [ 2468.896580] should_fail.cold+0x5/0xa 23:57:51 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 11) [ 2468.897393] ? create_object.isra.0+0x3a/0xa20 [ 2468.898451] should_failslab+0x5/0x20 [ 2468.899247] kmem_cache_alloc+0x5b/0x310 [ 2468.900103] create_object.isra.0+0x3a/0xa20 [ 2468.901020] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2468.902111] kmem_cache_alloc+0x159/0x310 [ 2468.902989] ? prepare_creds+0x466/0x5e0 [ 2468.903854] __delayacct_tsk_init+0x1b/0x80 [ 2468.904775] copy_process+0x3319/0x7800 [ 2468.905634] ? __lock_acquire+0xbb1/0x5b00 [ 2468.906544] ? lock_downgrade+0x6d0/0x6d0 [ 2468.907420] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2468.908521] ? __cleanup_sighand+0xb0/0xb0 [ 2468.909407] ? lock_acquire+0x197/0x470 [ 2468.910253] ? find_held_lock+0x2c/0x110 [ 2468.911104] kernel_clone+0xe7/0x980 [ 2468.911878] ? lock_downgrade+0x6d0/0x6d0 [ 2468.912740] ? find_held_lock+0x2c/0x110 [ 2468.913596] ? create_io_thread+0xf0/0xf0 [ 2468.914470] ? ksys_write+0x12d/0x260 [ 2468.915274] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2468.916284] __do_sys_fork+0x8a/0xc0 [ 2468.917060] ? kernel_thread+0xf0/0xf0 [ 2468.917900] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2468.919001] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2468.920179] ? trace_hardirqs_on+0x5b/0x180 [ 2468.921080] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2468.922195] do_syscall_64+0x33/0x40 [ 2468.922978] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2468.924081] RIP: 0033:0x7f04c97d0b19 [ 2468.924987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2468.929279] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2468.931021] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2468.932589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2468.934151] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2468.935704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2468.937250] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:57:51 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2468.975054] FAULT_INJECTION: forcing a failure. [ 2468.975054] name failslab, interval 1, probability 0, space 0, times 0 [ 2468.975865] FAULT_INJECTION: forcing a failure. [ 2468.975865] name failslab, interval 1, probability 0, space 0, times 0 [ 2468.978023] CPU: 1 PID: 19509 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2468.982119] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2468.984283] Call Trace: [ 2468.984982] dump_stack+0x107/0x167 [ 2468.985943] should_fail.cold+0x5/0xa [ 2468.986943] ? create_object.isra.0+0x3a/0xa20 [ 2468.988142] should_failslab+0x5/0x20 [ 2468.989160] kmem_cache_alloc+0x5b/0x310 [ 2468.990248] create_object.isra.0+0x3a/0xa20 [ 2468.991385] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2468.992715] kmem_cache_alloc_trace+0x151/0x320 [ 2468.993947] io_uring_setup+0x40b/0x2980 [ 2468.995020] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2468.996276] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2468.997599] ? wait_for_completion_io+0x270/0x270 [ 2468.998883] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2469.000252] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2469.001608] do_syscall_64+0x33/0x40 [ 2469.002575] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2469.003901] RIP: 0033:0x7f7154c4ab19 [ 2469.004870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2469.009695] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2469.011685] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2469.013544] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2469.015421] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2469.017268] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2469.019131] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2469.021021] CPU: 0 PID: 19511 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2469.022521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2469.024291] Call Trace: [ 2469.024859] dump_stack+0x107/0x167 [ 2469.025649] should_fail.cold+0x5/0xa [ 2469.026461] ? create_object.isra.0+0x3a/0xa20 [ 2469.027438] should_failslab+0x5/0x20 [ 2469.028251] kmem_cache_alloc+0x5b/0x310 [ 2469.029118] create_object.isra.0+0x3a/0xa20 [ 2469.030065] ? kasan_unpoison_shadow+0x33/0x50 [ 2469.031038] kmalloc_order+0xfe/0x160 [ 2469.031854] kmalloc_order_trace+0x14/0xa0 [ 2469.032757] io_uring_setup+0x33c/0x2980 [ 2469.033639] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2469.034670] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2469.035754] ? wait_for_completion_io+0x270/0x270 [ 2469.036805] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2469.037928] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2469.039217] do_syscall_64+0x33/0x40 [ 2469.040012] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2469.041102] RIP: 0033:0x7fe472bb9b19 [ 2469.041900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2469.045805] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2469.047414] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2469.048926] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2469.050444] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2469.051958] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2469.053467] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2469.059641] FAULT_INJECTION: forcing a failure. [ 2469.059641] name failslab, interval 1, probability 0, space 0, times 0 [ 2469.062048] CPU: 0 PID: 19510 Comm: syz-executor.5 Not tainted 5.10.234 #1 [ 2469.063618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2469.065412] Call Trace: [ 2469.065979] dump_stack+0x107/0x167 [ 2469.066751] should_fail.cold+0x5/0xa [ 2469.067560] ? create_object.isra.0+0x3a/0xa20 [ 2469.068524] should_failslab+0x5/0x20 [ 2469.069324] kmem_cache_alloc+0x5b/0x310 [ 2469.070195] create_object.isra.0+0x3a/0xa20 [ 2469.071119] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2469.072192] kmem_cache_alloc_trace+0x151/0x320 [ 2469.073171] ? io_tctx_exit_cb+0xf0/0xf0 [ 2469.074040] percpu_ref_init+0xd8/0x3d0 [ 2469.074880] io_uring_setup+0x47a/0x2980 [ 2469.075737] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2469.076757] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2469.077842] ? wait_for_completion_io+0x270/0x270 [ 2469.078877] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2469.079980] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2469.081067] do_syscall_64+0x33/0x40 [ 2469.081859] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2469.082940] RIP: 0033:0x7f55940d4b19 [ 2469.083721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2469.087599] RSP: 002b:00007f559164a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2469.089212] RAX: ffffffffffffffda RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2469.090730] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2469.092236] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2469.093752] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2469.095256] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:57:51 executing program 4: fork() (fail_nth: 10) 23:57:51 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x0, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:57:51 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x0, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2469.318047] FAULT_INJECTION: forcing a failure. [ 2469.318047] name failslab, interval 1, probability 0, space 0, times 0 [ 2469.320478] CPU: 1 PID: 19718 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2469.321932] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2469.323648] Call Trace: [ 2469.324203] dump_stack+0x107/0x167 [ 2469.324962] should_fail.cold+0x5/0xa [ 2469.325770] ? dup_fd+0x89/0xf40 [ 2469.326483] should_failslab+0x5/0x20 [ 2469.327292] kmem_cache_alloc+0x5b/0x310 [ 2469.328145] dup_fd+0x89/0xf40 [ 2469.328811] ? audit_filter_inodes+0x40/0x40 [ 2469.329755] ? security_task_alloc+0xe6/0x260 [ 2469.330686] copy_process+0x197e/0x7800 [ 2469.331514] ? __lock_acquire+0xbb1/0x5b00 [ 2469.332411] ? __cleanup_sighand+0xb0/0xb0 [ 2469.333292] ? lock_acquire+0x197/0x470 [ 2469.334130] ? find_held_lock+0x2c/0x110 [ 2469.334975] kernel_clone+0xe7/0x980 [ 2469.335744] ? lock_downgrade+0x6d0/0x6d0 [ 2469.336605] ? find_held_lock+0x2c/0x110 [ 2469.337443] ? create_io_thread+0xf0/0xf0 [ 2469.338312] ? ksys_write+0x12d/0x260 [ 2469.339110] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2469.340111] __do_sys_fork+0x8a/0xc0 [ 2469.340877] ? kernel_thread+0xf0/0xf0 [ 2469.341709] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2469.342794] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2469.343862] ? trace_hardirqs_on+0x5b/0x180 [ 2469.344754] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2469.345826] do_syscall_64+0x33/0x40 [ 2469.346595] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2469.347653] RIP: 0033:0x7f04c97d0b19 [ 2469.348419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2469.352237] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2469.353831] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2469.355310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2469.356787] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2469.358267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2469.359742] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:58:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 12) 23:58:08 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 8) [ 2485.691015] FAULT_INJECTION: forcing a failure. [ 2485.691015] name failslab, interval 1, probability 0, space 0, times 0 [ 2485.693400] CPU: 0 PID: 19734 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2485.695033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.696788] Call Trace: [ 2485.697352] dump_stack+0x107/0x167 [ 2485.698126] should_fail.cold+0x5/0xa [ 2485.698953] ? create_object.isra.0+0x3a/0xa20 [ 2485.699920] should_failslab+0x5/0x20 [ 2485.700728] kmem_cache_alloc+0x5b/0x310 [ 2485.701596] create_object.isra.0+0x3a/0xa20 [ 2485.702520] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2485.703780] kmem_cache_alloc+0x159/0x310 [ 2485.704661] dup_fd+0x89/0xf40 [ 2485.705346] ? audit_filter_inodes+0x40/0x40 [ 2485.706267] ? security_task_alloc+0xe6/0x260 [ 2485.707218] copy_process+0x197e/0x7800 [ 2485.707897] FAULT_INJECTION: forcing a failure. [ 2485.707897] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2485.708080] ? __lock_acquire+0xbb1/0x5b00 [ 2485.711396] ? __cleanup_sighand+0xb0/0xb0 [ 2485.712295] ? lock_acquire+0x197/0x470 [ 2485.713118] ? find_held_lock+0x2c/0x110 [ 2485.713997] kernel_clone+0xe7/0x980 [ 2485.714789] ? lock_downgrade+0x6d0/0x6d0 [ 2485.715666] ? find_held_lock+0x2c/0x110 [ 2485.716545] ? create_io_thread+0xf0/0xf0 [ 2485.717423] ? ksys_write+0x12d/0x260 [ 2485.718236] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2485.719256] __do_sys_fork+0x8a/0xc0 [ 2485.720041] ? kernel_thread+0xf0/0xf0 [ 2485.721005] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2485.722403] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.723576] ? trace_hardirqs_on+0x5b/0x180 [ 2485.724556] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.725706] do_syscall_64+0x33/0x40 [ 2485.726508] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2485.727594] RIP: 0033:0x7f04c97d0b19 [ 2485.728384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2485.732272] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2485.733900] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2485.735421] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2485.736930] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2485.738482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2485.739994] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2485.741562] CPU: 1 PID: 19738 Comm: syz-executor.5 Not tainted 5.10.234 #1 23:58:08 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x0, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:08 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x0, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:08 executing program 4: fork() (fail_nth: 11) 23:58:08 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 6) [ 2485.743203] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.745210] Call Trace: [ 2485.745784] dump_stack+0x107/0x167 [ 2485.746549] should_fail.cold+0x5/0xa [ 2485.747343] __alloc_pages_nodemask+0x182/0x600 [ 2485.748305] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2485.749554] ? cap_capable+0x1cd/0x230 [ 2485.750395] alloc_pages_current+0x187/0x280 [ 2485.751305] __get_free_pages+0xc/0xa0 [ 2485.752104] io_uring_setup+0xe27/0x2980 [ 2485.752949] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2485.753009] FAULT_INJECTION: forcing a failure. [ 2485.753009] name failslab, interval 1, probability 0, space 0, times 0 [ 2485.754012] ? wait_for_completion_io+0x270/0x270 [ 2485.754053] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2485.754079] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.760245] do_syscall_64+0x33/0x40 [ 2485.761050] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2485.762195] RIP: 0033:0x7f55940d4b19 [ 2485.763009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2485.767058] RSP: 002b:00007f559164a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2485.768702] RAX: ffffffffffffffda RBX: 00007f55941e7f60 RCX: 00007f55940d4b19 [ 2485.770384] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2485.771940] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2485.773523] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2485.775106] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2485.776730] CPU: 0 PID: 19740 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2485.778683] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.780675] Call Trace: [ 2485.781357] dump_stack+0x107/0x167 23:58:08 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2485.782303] should_fail.cold+0x5/0xa [ 2485.783553] ? create_object.isra.0+0x3a/0xa20 [ 2485.784722] should_failslab+0x5/0x20 [ 2485.785692] kmem_cache_alloc+0x5b/0x310 [ 2485.786811] create_object.isra.0+0x3a/0xa20 [ 2485.787954] kmemleak_alloc_percpu+0xa0/0x100 [ 2485.789143] pcpu_alloc+0x4e2/0x1240 [ 2485.790155] ? io_tctx_exit_cb+0xf0/0xf0 [ 2485.791225] percpu_ref_init+0x31/0x3d0 [ 2485.792272] io_uring_setup+0x47a/0x2980 [ 2485.793328] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2485.794619] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2485.795972] ? wait_for_completion_io+0x270/0x270 [ 2485.797276] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2485.798682] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.800040] do_syscall_64+0x33/0x40 [ 2485.801034] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2485.802423] RIP: 0033:0x7f7154c4ab19 [ 2485.803444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2485.808274] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2485.810298] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2485.812165] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2485.814068] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2485.815934] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2485.817908] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:58:08 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2485.902297] FAULT_INJECTION: forcing a failure. [ 2485.902297] name failslab, interval 1, probability 0, space 0, times 0 [ 2485.905494] CPU: 0 PID: 19811 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2485.907485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.909692] Call Trace: [ 2485.910474] dump_stack+0x107/0x167 [ 2485.911450] should_fail.cold+0x5/0xa [ 2485.912474] ? io_uring_setup+0x40b/0x2980 [ 2485.913607] should_failslab+0x5/0x20 [ 2485.914641] kmem_cache_alloc_trace+0x55/0x320 [ 2485.915878] io_uring_setup+0x40b/0x2980 [ 2485.916974] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2485.918285] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2485.919645] ? wait_for_completion_io+0x270/0x270 [ 2485.920975] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2485.922393] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.923781] do_syscall_64+0x33/0x40 [ 2485.924785] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2485.926077] RIP: 0033:0x7fe472bb9b19 [ 2485.926864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2485.930708] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2485.932316] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2485.933832] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2485.935338] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2485.936841] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2485.938353] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:58:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 13) [ 2486.073208] FAULT_INJECTION: forcing a failure. [ 2486.073208] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2486.076198] CPU: 1 PID: 19849 Comm: syz-executor.5 Not tainted 5.10.234 #1 [ 2486.077697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2486.079489] Call Trace: [ 2486.080059] dump_stack+0x107/0x167 [ 2486.080851] should_fail.cold+0x5/0xa [ 2486.081676] _copy_to_user+0x2e/0x180 [ 2486.082525] simple_read_from_buffer+0xcc/0x160 [ 2486.083518] proc_fail_nth_read+0x198/0x230 [ 2486.084444] ? proc_sessionid_read+0x230/0x230 [ 2486.085399] ? security_file_permission+0xb1/0xe0 [ 2486.086719] ? proc_sessionid_read+0x230/0x230 [ 2486.087849] vfs_read+0x228/0x620 [ 2486.088593] ksys_read+0x12d/0x260 [ 2486.089361] ? vfs_write+0xb10/0xb10 [ 2486.090175] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2486.091299] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2486.092386] do_syscall_64+0x33/0x40 [ 2486.093186] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2486.094263] RIP: 0033:0x7f559408769c [ 2486.095058] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2486.098928] RSP: 002b:00007f559164a170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2486.100805] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f559408769c [ 2486.102689] RDX: 000000000000000f RSI: 00007f559164a1e0 RDI: 0000000000000003 [ 2486.104637] RBP: 00007f559164a1d0 R08: 0000000000000000 R09: 0000000010000000 [ 2486.106202] R10: 0000000000008011 R11: 0000000000000246 R12: 0000000000000002 [ 2486.107693] R13: 00007ffdfa399abf R14: 00007f559164a300 R15: 0000000000022000 23:58:08 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 7) 23:58:08 executing program 4: fork() (fail_nth: 12) 23:58:08 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 9) 23:58:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2486.245192] FAULT_INJECTION: forcing a failure. [ 2486.245192] name failslab, interval 1, probability 0, space 0, times 0 [ 2486.247520] CPU: 0 PID: 19854 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2486.248948] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2486.250806] Call Trace: [ 2486.251344] dump_stack+0x107/0x167 [ 2486.252086] should_fail.cold+0x5/0xa [ 2486.252871] ? create_object.isra.0+0x3a/0xa20 [ 2486.253825] should_failslab+0x5/0x20 [ 2486.254631] kmem_cache_alloc+0x5b/0x310 [ 2486.255514] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2486.256737] ? trace_hardirqs_on+0x5b/0x180 [ 2486.257721] create_object.isra.0+0x3a/0xa20 [ 2486.258783] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2486.260005] kmem_cache_alloc_trace+0x151/0x320 [ 2486.261133] ? io_uring_setup+0x39a/0x2980 [ 2486.262192] io_uring_setup+0x40b/0x2980 [ 2486.263170] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2486.264366] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2486.265559] ? wait_for_completion_io+0x270/0x270 [ 2486.266716] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2486.267917] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2486.269131] do_syscall_64+0x33/0x40 [ 2486.269987] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2486.271081] RIP: 0033:0x7fe472bb9b19 [ 2486.271833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2486.276076] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2486.278030] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2486.279835] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2486.281615] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2486.283405] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2486.285146] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:58:08 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x0, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2486.346208] FAULT_INJECTION: forcing a failure. [ 2486.346208] name failslab, interval 1, probability 0, space 0, times 0 [ 2486.349243] CPU: 0 PID: 19857 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2486.351072] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2486.353055] Call Trace: [ 2486.353703] dump_stack+0x107/0x167 [ 2486.354600] should_fail.cold+0x5/0xa [ 2486.355526] ? create_object.isra.0+0x3a/0xa20 [ 2486.356638] should_failslab+0x5/0x20 [ 2486.357563] kmem_cache_alloc+0x5b/0x310 [ 2486.358563] create_object.isra.0+0x3a/0xa20 [ 2486.359640] kmemleak_alloc_percpu+0xa0/0x100 [ 2486.360709] pcpu_alloc+0x4e2/0x1240 [ 2486.361604] ? io_tctx_exit_cb+0xf0/0xf0 [ 2486.362590] percpu_ref_init+0x31/0x3d0 [ 2486.363545] io_uring_setup+0x47a/0x2980 [ 2486.364516] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2486.365680] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2486.366903] ? wait_for_completion_io+0x270/0x270 [ 2486.368081] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2486.369329] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2486.370558] do_syscall_64+0x33/0x40 [ 2486.371436] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2486.372680] RIP: 0033:0x7f7154c4ab19 [ 2486.373565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2486.378425] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2486.380171] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2486.381735] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2486.383381] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2486.384992] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2486.386573] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:58:08 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2486.395691] FAULT_INJECTION: forcing a failure. [ 2486.395691] name failslab, interval 1, probability 0, space 0, times 0 [ 2486.398233] CPU: 0 PID: 19862 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2486.399725] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2486.401427] Call Trace: [ 2486.401926] dump_stack+0x107/0x167 [ 2486.402648] should_fail.cold+0x5/0xa [ 2486.403356] ? alloc_fdtable+0x84/0x280 [ 2486.404090] should_failslab+0x5/0x20 [ 2486.404811] kmem_cache_alloc_trace+0x55/0x320 [ 2486.405657] ? rwlock_bug.part.0+0x90/0x90 [ 2486.406462] alloc_fdtable+0x84/0x280 [ 2486.407282] dup_fd+0x92e/0xf40 [ 2486.408153] copy_process+0x197e/0x7800 [ 2486.409037] ? __lock_acquire+0xbb1/0x5b00 [ 2486.410011] ? __cleanup_sighand+0xb0/0xb0 [ 2486.410935] ? lock_acquire+0x197/0x470 [ 2486.411681] ? find_held_lock+0x2c/0x110 [ 2486.412440] kernel_clone+0xe7/0x980 [ 2486.413130] ? lock_downgrade+0x6d0/0x6d0 [ 2486.413902] ? find_held_lock+0x2c/0x110 [ 2486.414655] ? create_io_thread+0xf0/0xf0 [ 2486.415446] ? ksys_write+0x12d/0x260 [ 2486.416158] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2486.417060] __do_sys_fork+0x8a/0xc0 [ 2486.417794] ? kernel_thread+0xf0/0xf0 [ 2486.418533] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2486.419511] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2486.420485] ? trace_hardirqs_on+0x5b/0x180 [ 2486.421285] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2486.422251] do_syscall_64+0x33/0x40 [ 2486.422928] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2486.423871] RIP: 0033:0x7f04c97d0b19 [ 2486.424562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2486.427981] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2486.429370] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2486.430698] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2486.432015] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2486.433343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2486.434674] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:58:08 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:08 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:08 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 8) 23:58:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:58:09 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2486.608268] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2486.631704] FAULT_INJECTION: forcing a failure. [ 2486.631704] name failslab, interval 1, probability 0, space 0, times 0 [ 2486.633697] CPU: 1 PID: 19873 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2486.634887] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2486.636280] Call Trace: [ 2486.636722] dump_stack+0x107/0x167 [ 2486.637332] should_fail.cold+0x5/0xa [ 2486.637967] ? create_object.isra.0+0x3a/0xa20 [ 2486.638719] should_failslab+0x5/0x20 [ 2486.639354] kmem_cache_alloc+0x5b/0x310 [ 2486.640059] create_object.isra.0+0x3a/0xa20 [ 2486.640979] kmemleak_alloc_percpu+0xa0/0x100 [ 2486.641741] pcpu_alloc+0x4e2/0x1240 [ 2486.642400] ? io_tctx_exit_cb+0xf0/0xf0 [ 2486.643088] percpu_ref_init+0x31/0x3d0 [ 2486.643741] io_uring_setup+0x47a/0x2980 [ 2486.644400] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2486.645186] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2486.646029] ? wait_for_completion_io+0x270/0x270 [ 2486.646828] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2486.647698] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2486.648579] do_syscall_64+0x33/0x40 [ 2486.649266] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2486.650235] RIP: 0033:0x7fe472bb9b19 [ 2486.650946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2486.654062] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2486.655449] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2486.656588] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2486.657740] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2486.658902] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2486.660048] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2486.671410] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 23:58:24 executing program 4: fork() (fail_nth: 13) 23:58:24 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:24 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2501.692377] FAULT_INJECTION: forcing a failure. [ 2501.692377] name failslab, interval 1, probability 0, space 0, times 0 [ 2501.695570] CPU: 0 PID: 19889 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2501.697695] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 23:58:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:58:24 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x0, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 10) [ 2501.700180] Call Trace: [ 2501.701810] dump_stack+0x107/0x167 [ 2501.704192] should_fail.cold+0x5/0xa [ 2501.706432] ? create_object.isra.0+0x3a/0xa20 [ 2501.707598] should_failslab+0x5/0x20 [ 2501.708560] kmem_cache_alloc+0x5b/0x310 [ 2501.710456] create_object.isra.0+0x3a/0xa20 [ 2501.712802] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2501.714126] kmem_cache_alloc_trace+0x151/0x320 [ 2501.715234] ? rwlock_bug.part.0+0x90/0x90 [ 2501.716333] alloc_fdtable+0x84/0x280 [ 2501.717316] dup_fd+0x92e/0xf40 [ 2501.718209] copy_process+0x197e/0x7800 [ 2501.719235] ? __lock_acquire+0xbb1/0x5b00 [ 2501.720357] ? __cleanup_sighand+0xb0/0xb0 [ 2501.721430] ? lock_acquire+0x197/0x470 [ 2501.722424] ? find_held_lock+0x2c/0x110 [ 2501.723430] kernel_clone+0xe7/0x980 [ 2501.724317] ? lock_downgrade+0x6d0/0x6d0 [ 2501.725367] ? find_held_lock+0x2c/0x110 [ 2501.726413] ? create_io_thread+0xf0/0xf0 [ 2501.727467] ? ksys_write+0x12d/0x260 [ 2501.728478] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2501.729715] __do_sys_fork+0x8a/0xc0 [ 2501.730679] ? kernel_thread+0xf0/0xf0 [ 2501.731693] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2501.733023] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2501.734335] ? trace_hardirqs_on+0x5b/0x180 [ 2501.735433] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2501.736763] do_syscall_64+0x33/0x40 [ 2501.737710] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2501.739027] RIP: 0033:0x7f04c97d0b19 [ 2501.739970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2501.744639] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2501.746581] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2501.748420] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2501.750271] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2501.752119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2501.753974] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:58:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 9) [ 2501.773617] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. 23:58:24 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2501.845789] FAULT_INJECTION: forcing a failure. [ 2501.845789] name failslab, interval 1, probability 0, space 0, times 0 [ 2501.848166] CPU: 0 PID: 19900 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2501.849590] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2501.851430] Call Trace: [ 2501.852071] dump_stack+0x107/0x167 [ 2501.852820] should_fail.cold+0x5/0xa [ 2501.853604] ? percpu_ref_init+0xd8/0x3d0 [ 2501.854477] should_failslab+0x5/0x20 [ 2501.855258] kmem_cache_alloc_trace+0x55/0x320 [ 2501.856197] ? io_tctx_exit_cb+0xf0/0xf0 [ 2501.857051] percpu_ref_init+0xd8/0x3d0 [ 2501.857883] io_uring_setup+0x47a/0x2980 [ 2501.858747] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2501.859749] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2501.860937] ? wait_for_completion_io+0x270/0x270 [ 2501.861977] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2501.863071] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2501.864153] do_syscall_64+0x33/0x40 [ 2501.864944] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2501.866044] RIP: 0033:0x7f7154c4ab19 [ 2501.866835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2501.870662] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2501.872260] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2501.873758] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2501.875246] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2501.876731] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2501.878231] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2501.882567] FAULT_INJECTION: forcing a failure. [ 2501.882567] name failslab, interval 1, probability 0, space 0, times 0 [ 2501.885130] CPU: 0 PID: 19897 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2501.886931] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2501.889077] Call Trace: [ 2501.889758] dump_stack+0x107/0x167 [ 2501.890706] should_fail.cold+0x5/0xa [ 2501.891708] ? create_object.isra.0+0x3a/0xa20 [ 2501.892886] should_failslab+0x5/0x20 [ 2501.893859] kmem_cache_alloc+0x5b/0x310 [ 2501.894722] create_object.isra.0+0x3a/0xa20 [ 2501.895876] kmemleak_alloc_percpu+0xa0/0x100 [ 2501.896796] pcpu_alloc+0x4e2/0x1240 [ 2501.897763] ? io_tctx_exit_cb+0xf0/0xf0 [ 2501.898624] percpu_ref_init+0x31/0x3d0 [ 2501.899655] io_uring_setup+0x47a/0x2980 [ 2501.900497] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2501.901741] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2501.902789] ? wait_for_completion_io+0x270/0x270 [ 2501.904056] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2501.905136] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2501.906478] do_syscall_64+0x33/0x40 [ 2501.907248] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2501.908610] RIP: 0033:0x7fe472bb9b19 [ 2501.909498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2501.914265] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2501.915830] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2501.917284] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2501.918915] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2501.920412] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2501.922043] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2501.927853] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 23:58:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:58:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 11) [ 2502.178042] FAULT_INJECTION: forcing a failure. [ 2502.178042] name failslab, interval 1, probability 0, space 0, times 0 [ 2502.180976] CPU: 1 PID: 19910 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2502.182732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2502.184914] Call Trace: [ 2502.185647] dump_stack+0x107/0x167 [ 2502.186805] should_fail.cold+0x5/0xa [ 2502.187857] ? create_object.isra.0+0x3a/0xa20 [ 2502.189271] should_failslab+0x5/0x20 [ 2502.190393] kmem_cache_alloc+0x5b/0x310 [ 2502.191453] create_object.isra.0+0x3a/0xa20 [ 2502.192601] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2502.193995] kmem_cache_alloc_trace+0x151/0x320 [ 2502.195211] ? io_tctx_exit_cb+0xf0/0xf0 [ 2502.196266] percpu_ref_init+0xd8/0x3d0 [ 2502.197303] io_uring_setup+0x47a/0x2980 [ 2502.198387] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2502.199628] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2502.200712] ? wait_for_completion_io+0x270/0x270 [ 2502.201774] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2502.202910] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2502.204016] do_syscall_64+0x33/0x40 [ 2502.204809] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2502.205907] RIP: 0033:0x7f7154c4ab19 [ 2502.206718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2502.211152] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2502.212884] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2502.214489] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2502.216211] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2502.217930] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2502.219887] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:58:43 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:58:43 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 10) 23:58:43 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2521.353312] FAULT_INJECTION: forcing a failure. [ 2521.353312] name failslab, interval 1, probability 0, space 0, times 0 [ 2521.356452] CPU: 1 PID: 19919 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2521.358192] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2521.360442] Call Trace: [ 2521.361124] dump_stack+0x107/0x167 [ 2521.362020] should_fail.cold+0x5/0xa [ 2521.363086] ? percpu_ref_init+0xd8/0x3d0 [ 2521.364103] should_failslab+0x5/0x20 [ 2521.365096] kmem_cache_alloc_trace+0x55/0x320 [ 2521.366289] ? io_tctx_exit_cb+0xf0/0xf0 [ 2521.367314] percpu_ref_init+0xd8/0x3d0 [ 2521.368372] io_uring_setup+0x47a/0x2980 [ 2521.369412] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2521.370707] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2521.372043] ? wait_for_completion_io+0x270/0x270 [ 2521.373325] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2521.374706] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2521.376080] do_syscall_64+0x33/0x40 [ 2521.376911] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2521.378052] RIP: 0033:0x7fe472bb9b19 [ 2521.379142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2521.384034] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2521.386086] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2521.387983] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2521.389833] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2521.391784] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2521.393639] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:58:43 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x0, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:43 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:43 executing program 4: fork() (fail_nth: 14) 23:58:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 12) 23:58:43 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2521.499261] FAULT_INJECTION: forcing a failure. [ 2521.499261] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2521.501773] CPU: 1 PID: 19926 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2521.503240] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2521.504984] Call Trace: [ 2521.505528] dump_stack+0x107/0x167 [ 2521.506303] should_fail.cold+0x5/0xa [ 2521.507102] __alloc_pages_nodemask+0x182/0x600 [ 2521.508077] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2521.509335] ? cap_capable+0x1cd/0x230 [ 2521.510162] alloc_pages_current+0x187/0x280 [ 2521.511100] __get_free_pages+0xc/0xa0 [ 2521.511917] io_uring_setup+0xe27/0x2980 [ 2521.512768] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2521.513969] ? wait_for_completion_io+0x270/0x270 [ 2521.514996] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2521.516266] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2521.517588] do_syscall_64+0x33/0x40 [ 2521.518527] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2521.519604] RIP: 0033:0x7f7154c4ab19 [ 2521.520565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2521.524752] RSP: 002b:00007f71521c0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2521.526706] RAX: ffffffffffffffda RBX: 00007f7154d5df60 RCX: 00007f7154c4ab19 [ 2521.528482] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2521.530130] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2521.531940] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2521.533706] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 [ 2521.568960] FAULT_INJECTION: forcing a failure. [ 2521.568960] name failslab, interval 1, probability 0, space 0, times 0 [ 2521.571434] CPU: 1 PID: 19958 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2521.572881] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2521.574918] Call Trace: [ 2521.575462] dump_stack+0x107/0x167 [ 2521.576218] should_fail.cold+0x5/0xa [ 2521.577010] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2521.578096] should_failslab+0x5/0x20 [ 2521.579080] __kmalloc_node+0x76/0x420 [ 2521.579993] ? lock_downgrade+0x6d0/0x6d0 [ 2521.580853] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2521.581914] memcg_slab_post_alloc_hook+0x1f0/0x430 23:58:44 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 11) [ 2521.582964] ? trace_hardirqs_on+0x5b/0x180 [ 2521.584042] kmem_cache_alloc_trace+0x169/0x320 [ 2521.585022] ? rwlock_bug.part.0+0x90/0x90 [ 2521.585924] alloc_fdtable+0x84/0x280 [ 2521.586743] dup_fd+0x92e/0xf40 [ 2521.587451] copy_process+0x197e/0x7800 [ 2521.588290] ? __lock_acquire+0xbb1/0x5b00 [ 2521.589209] ? __cleanup_sighand+0xb0/0xb0 [ 2521.590108] ? lock_acquire+0x197/0x470 [ 2521.590959] ? find_held_lock+0x2c/0x110 [ 2521.591819] kernel_clone+0xe7/0x980 [ 2521.592607] ? lock_downgrade+0x6d0/0x6d0 [ 2521.593484] ? find_held_lock+0x2c/0x110 [ 2521.594346] ? create_io_thread+0xf0/0xf0 [ 2521.595227] ? ksys_write+0x12d/0x260 [ 2521.596041] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2521.597068] __do_sys_fork+0x8a/0xc0 [ 2521.597861] ? kernel_thread+0xf0/0xf0 [ 2521.598707] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2521.599877] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2521.600952] ? trace_hardirqs_on+0x5b/0x180 [ 2521.601453] FAULT_INJECTION: forcing a failure. [ 2521.601453] name failslab, interval 1, probability 0, space 0, times 0 [ 2521.601867] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2521.605255] do_syscall_64+0x33/0x40 [ 2521.606030] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2521.607105] RIP: 0033:0x7f04c97d0b19 [ 2521.607879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2521.611730] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2521.613325] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2521.614823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2521.616315] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2521.617803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2521.619317] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2521.620839] CPU: 0 PID: 19960 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2521.622328] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2521.624072] Call Trace: [ 2521.624632] dump_stack+0x107/0x167 [ 2521.625402] should_fail.cold+0x5/0xa [ 2521.626251] ? create_object.isra.0+0x3a/0xa20 [ 2521.627216] should_failslab+0x5/0x20 [ 2521.628019] kmem_cache_alloc+0x5b/0x310 [ 2521.628885] create_object.isra.0+0x3a/0xa20 [ 2521.629812] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2521.630904] kmem_cache_alloc_trace+0x151/0x320 [ 2521.631886] ? io_tctx_exit_cb+0xf0/0xf0 [ 2521.632745] percpu_ref_init+0xd8/0x3d0 [ 2521.633596] io_uring_setup+0x47a/0x2980 [ 2521.634471] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2521.635496] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2521.636573] ? wait_for_completion_io+0x270/0x270 [ 2521.637615] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2521.638730] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2521.639822] do_syscall_64+0x33/0x40 [ 2521.640607] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2521.641689] RIP: 0033:0x7fe472bb9b19 [ 2521.642480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2521.646373] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2521.647979] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2521.649480] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2521.650991] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2521.652489] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2521.653996] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:58:44 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 13) 23:58:44 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2521.765555] FAULT_INJECTION: forcing a failure. [ 2521.765555] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2521.768121] CPU: 0 PID: 20112 Comm: syz-executor.2 Not tainted 5.10.234 #1 [ 2521.769585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2521.771345] Call Trace: [ 2521.771904] dump_stack+0x107/0x167 [ 2521.772670] should_fail.cold+0x5/0xa [ 2521.773488] _copy_to_user+0x2e/0x180 [ 2521.774303] simple_read_from_buffer+0xcc/0x160 [ 2521.775284] proc_fail_nth_read+0x198/0x230 [ 2521.776195] ? proc_sessionid_read+0x230/0x230 [ 2521.777160] ? security_file_permission+0xb1/0xe0 [ 2521.778190] ? proc_sessionid_read+0x230/0x230 [ 2521.779155] vfs_read+0x228/0x620 [ 2521.779898] ksys_read+0x12d/0x260 [ 2521.780642] ? vfs_write+0xb10/0xb10 [ 2521.781433] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2521.782544] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2521.783628] do_syscall_64+0x33/0x40 [ 2521.784411] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2521.785493] RIP: 0033:0x7f7154bfd69c [ 2521.786289] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2521.790184] RSP: 002b:00007f71521c0170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2521.791792] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f7154bfd69c [ 2521.793303] RDX: 000000000000000f RSI: 00007f71521c01e0 RDI: 0000000000000003 [ 2521.794814] RBP: 00007f71521c01d0 R08: 0000000000000000 R09: 0000000010000000 [ 2521.796317] R10: 0000000000008011 R11: 0000000000000246 R12: 0000000000000002 [ 2521.797822] R13: 00007ffea77efa9f R14: 00007f71521c0300 R15: 0000000000022000 23:58:44 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 12) 23:58:44 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x10}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:58:44 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2521.964761] FAULT_INJECTION: forcing a failure. [ 2521.964761] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2521.967485] CPU: 0 PID: 20341 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2521.969056] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2521.970833] Call Trace: [ 2521.971394] dump_stack+0x107/0x167 [ 2521.972164] should_fail.cold+0x5/0xa [ 2521.972976] __alloc_pages_nodemask+0x182/0x600 [ 2521.973972] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2521.975261] ? cap_capable+0x1cd/0x230 [ 2521.976095] alloc_pages_current+0x187/0x280 [ 2521.977026] __get_free_pages+0xc/0xa0 [ 2521.977847] io_uring_setup+0xe27/0x2980 [ 2521.978728] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2521.979806] ? wait_for_completion_io+0x270/0x270 [ 2521.980844] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2521.981948] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2521.983048] do_syscall_64+0x33/0x40 [ 2521.983840] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2521.984924] RIP: 0033:0x7fe472bb9b19 [ 2521.985708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2521.989617] RSP: 002b:00007fe47012f108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2521.991244] RAX: ffffffffffffffda RBX: 00007fe472cccf60 RCX: 00007fe472bb9b19 [ 2521.992759] RDX: 0000000020ff9000 RSI: 0000000020000100 RDI: 00000000000068d4 [ 2521.994284] RBP: 0000000020000100 R08: 0000000020000040 R09: 0000000020000040 [ 2521.995790] R10: 0000000020000080 R11: 0000000000000202 R12: 0000000020000040 [ 2521.997294] R13: 0000000020ff9000 R14: 0000000020000080 R15: 0000000020ffc000 23:58:44 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:44 executing program 4: fork() (fail_nth: 15) 23:58:44 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:44 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c055", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:44 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x18}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:58:44 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:58:44 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) (fail_nth: 13) [ 2522.160168] FAULT_INJECTION: forcing a failure. [ 2522.160168] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2522.162085] CPU: 1 PID: 20351 Comm: syz-executor.0 Not tainted 5.10.234 #1 [ 2522.163195] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2522.164497] Call Trace: [ 2522.164910] dump_stack+0x107/0x167 [ 2522.165480] should_fail.cold+0x5/0xa [ 2522.166076] _copy_to_user+0x2e/0x180 [ 2522.166686] simple_read_from_buffer+0xcc/0x160 [ 2522.167415] proc_fail_nth_read+0x198/0x230 [ 2522.168084] ? proc_sessionid_read+0x230/0x230 [ 2522.168793] ? security_file_permission+0xb1/0xe0 [ 2522.169544] ? proc_sessionid_read+0x230/0x230 [ 2522.170256] vfs_read+0x228/0x620 [ 2522.170809] ksys_read+0x12d/0x260 [ 2522.171363] ? vfs_write+0xb10/0xb10 [ 2522.171951] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2522.172776] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2522.173584] do_syscall_64+0x33/0x40 [ 2522.174182] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2522.174976] RIP: 0033:0x7fe472b6c69c [ 2522.175551] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2522.178435] RSP: 002b:00007fe47012f170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2522.179621] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fe472b6c69c [ 2522.180726] RDX: 000000000000000f RSI: 00007fe47012f1e0 RDI: 0000000000000003 [ 2522.181832] RBP: 00007fe47012f1d0 R08: 0000000000000000 R09: 0000000010000000 [ 2522.182955] R10: 0000000000008011 R11: 0000000000000246 R12: 0000000000000002 [ 2522.184074] R13: 00007ffdb79d7f7f R14: 00007fe47012f300 R15: 0000000000022000 [ 2522.191635] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2522.229516] FAULT_INJECTION: forcing a failure. [ 2522.229516] name failslab, interval 1, probability 0, space 0, times 0 [ 2522.232001] CPU: 0 PID: 20360 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2522.233605] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2522.235385] Call Trace: [ 2522.235944] dump_stack+0x107/0x167 [ 2522.236713] should_fail.cold+0x5/0xa [ 2522.237507] ? create_object.isra.0+0x3a/0xa20 [ 2522.238470] should_failslab+0x5/0x20 [ 2522.239277] kmem_cache_alloc+0x5b/0x310 [ 2522.240142] create_object.isra.0+0x3a/0xa20 [ 2522.241066] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2522.242137] __kmalloc_node+0x1ae/0x420 [ 2522.242997] kvmalloc_node+0x119/0x170 [ 2522.243822] alloc_fdtable+0xd3/0x280 [ 2522.244632] dup_fd+0x92e/0xf40 [ 2522.245347] copy_process+0x197e/0x7800 [ 2522.246201] ? __lock_acquire+0xbb1/0x5b00 [ 2522.247128] ? __cleanup_sighand+0xb0/0xb0 [ 2522.248035] ? lock_acquire+0x197/0x470 [ 2522.248881] ? find_held_lock+0x2c/0x110 [ 2522.249738] kernel_clone+0xe7/0x980 [ 2522.250537] ? lock_downgrade+0x6d0/0x6d0 [ 2522.251409] ? find_held_lock+0x2c/0x110 [ 2522.252268] ? create_io_thread+0xf0/0xf0 [ 2522.253144] ? ksys_write+0x12d/0x260 [ 2522.253963] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2522.254998] __do_sys_fork+0x8a/0xc0 [ 2522.255793] ? kernel_thread+0xf0/0xf0 [ 2522.256629] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2522.257733] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2522.258824] ? trace_hardirqs_on+0x5b/0x180 [ 2522.259741] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2522.260829] do_syscall_64+0x33/0x40 [ 2522.261609] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2522.262697] RIP: 0033:0x7f04c97d0b19 [ 2522.263477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2522.267369] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2522.268959] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2522.270448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2522.271916] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2522.273396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2522.274890] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:58:44 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:58:44 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:58:44 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c055", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2522.521263] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 23:59:00 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2538.211708] FAULT_INJECTION: forcing a failure. [ 2538.211708] name failslab, interval 1, probability 0, space 0, times 0 23:59:00 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c055", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:00 executing program 4: fork() (fail_nth: 16) 23:59:00 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:00 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:00 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2538.213378] CPU: 1 PID: 20381 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2538.214617] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2538.215811] Call Trace: [ 2538.216208] dump_stack+0x107/0x167 [ 2538.216741] should_fail.cold+0x5/0xa [ 2538.217280] ? kvmalloc_node+0x119/0x170 [ 2538.217863] should_failslab+0x5/0x20 [ 2538.218419] __kmalloc_node+0x76/0x420 [ 2538.218889] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2538.219473] kvmalloc_node+0x119/0x170 [ 2538.219921] alloc_fdtable+0x13f/0x280 [ 2538.220372] dup_fd+0x92e/0xf40 [ 2538.220757] copy_process+0x197e/0x7800 [ 2538.221215] ? __lock_acquire+0xbb1/0x5b00 [ 2538.221712] ? __cleanup_sighand+0xb0/0xb0 [ 2538.222199] ? lock_acquire+0x197/0x470 [ 2538.222672] ? find_held_lock+0x2c/0x110 [ 2538.223138] kernel_clone+0xe7/0x980 [ 2538.223563] ? lock_downgrade+0x6d0/0x6d0 [ 2538.224035] ? find_held_lock+0x2c/0x110 [ 2538.224501] ? create_io_thread+0xf0/0xf0 [ 2538.224984] ? ksys_write+0x12d/0x260 [ 2538.225426] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2538.225979] __do_sys_fork+0x8a/0xc0 [ 2538.226414] ? kernel_thread+0xf0/0xf0 [ 2538.226898] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2538.227498] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2538.228081] ? trace_hardirqs_on+0x5b/0x180 [ 2538.228582] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2538.229172] do_syscall_64+0x33/0x40 [ 2538.229596] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2538.230180] RIP: 0033:0x7f04c97d0b19 [ 2538.230609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2538.232714] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2538.233585] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2538.234410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2538.235741] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2538.237541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2538.239371] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2538.243395] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 23:59:00 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:00 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:20 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:20 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:20 executing program 4: fork() (fail_nth: 17) 23:59:20 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x33}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:20 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:20 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c0550000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:20 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:20 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2557.838187] FAULT_INJECTION: forcing a failure. [ 2557.838187] name failslab, interval 1, probability 0, space 0, times 0 [ 2557.840990] CPU: 0 PID: 20413 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2557.842619] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2557.844416] Call Trace: [ 2557.844971] dump_stack+0x107/0x167 [ 2557.845744] should_fail.cold+0x5/0xa [ 2557.846559] ? create_object.isra.0+0x3a/0xa20 [ 2557.847552] should_failslab+0x5/0x20 [ 2557.848370] kmem_cache_alloc+0x5b/0x310 [ 2557.849239] create_object.isra.0+0x3a/0xa20 [ 2557.850172] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2557.851268] __kmalloc_node+0x1ae/0x420 [ 2557.852115] kvmalloc_node+0x119/0x170 [ 2557.852950] alloc_fdtable+0xd3/0x280 [ 2557.853752] dup_fd+0x92e/0xf40 [ 2557.854482] copy_process+0x197e/0x7800 [ 2557.855352] ? __lock_acquire+0xbb1/0x5b00 [ 2557.856284] ? __cleanup_sighand+0xb0/0xb0 [ 2557.857194] ? lock_acquire+0x197/0x470 [ 2557.858063] ? find_held_lock+0x2c/0x110 [ 2557.858954] kernel_clone+0xe7/0x980 [ 2557.859761] ? lock_downgrade+0x6d0/0x6d0 [ 2557.860652] ? find_held_lock+0x2c/0x110 [ 2557.861527] ? create_io_thread+0xf0/0xf0 [ 2557.862429] ? ksys_write+0x12d/0x260 [ 2557.863269] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2557.864309] __do_sys_fork+0x8a/0xc0 [ 2557.865113] ? kernel_thread+0xf0/0xf0 [ 2557.865954] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2557.867090] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2557.868206] ? trace_hardirqs_on+0x5b/0x180 [ 2557.869130] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2557.870251] do_syscall_64+0x33/0x40 [ 2557.871052] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2557.872161] RIP: 0033:0x7f04c97d0b19 [ 2557.872942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2557.876943] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2557.878613] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2557.880167] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2557.881720] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2557.883277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2557.884821] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:59:20 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2557.920330] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 23:59:20 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:20 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:20 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:20 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:20 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x34}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:20 executing program 4: fork() (fail_nth: 18) 23:59:20 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2558.255113] FAULT_INJECTION: forcing a failure. [ 2558.255113] name failslab, interval 1, probability 0, space 0, times 0 [ 2558.257448] CPU: 1 PID: 20535 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2558.258901] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2558.260597] Call Trace: [ 2558.261145] dump_stack+0x107/0x167 [ 2558.261924] should_fail.cold+0x5/0xa [ 2558.262796] ? copy_fs_struct+0x45/0x340 [ 2558.263827] should_failslab+0x5/0x20 [ 2558.264758] kmem_cache_alloc+0x5b/0x310 [ 2558.265757] copy_fs_struct+0x45/0x340 [ 2558.266722] copy_process+0x3435/0x7800 [ 2558.267690] ? __lock_acquire+0xbb1/0x5b00 [ 2558.268796] ? __cleanup_sighand+0xb0/0xb0 [ 2558.269863] ? lock_acquire+0x197/0x470 [ 2558.270889] ? find_held_lock+0x2c/0x110 [ 2558.271759] kernel_clone+0xe7/0x980 [ 2558.272527] ? lock_downgrade+0x6d0/0x6d0 [ 2558.273389] ? find_held_lock+0x2c/0x110 [ 2558.274229] ? create_io_thread+0xf0/0xf0 [ 2558.275103] ? ksys_write+0x12d/0x260 [ 2558.275900] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2558.276966] __do_sys_fork+0x8a/0xc0 [ 2558.277719] ? kernel_thread+0xf0/0xf0 [ 2558.278512] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2558.279581] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2558.280621] ? trace_hardirqs_on+0x5b/0x180 [ 2558.281488] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2558.282534] do_syscall_64+0x33/0x40 [ 2558.283307] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2558.284337] RIP: 0033:0x7f04c97d0b19 [ 2558.285086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2558.288825] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2558.290359] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2558.291807] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2558.293245] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2558.294714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2558.296167] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:59:20 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c0550000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:20 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2558.414791] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2582.336653] FAULT_INJECTION: forcing a failure. [ 2582.336653] name failslab, interval 1, probability 0, space 0, times 0 [ 2582.339080] CPU: 1 PID: 20556 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2582.340544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2582.342279] Call Trace: [ 2582.342830] dump_stack+0x107/0x167 [ 2582.343602] should_fail.cold+0x5/0xa [ 2582.344401] ? create_object.isra.0+0x3a/0xa20 [ 2582.345351] should_failslab+0x5/0x20 [ 2582.346147] kmem_cache_alloc+0x5b/0x310 [ 2582.347020] create_object.isra.0+0x3a/0xa20 [ 2582.347942] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2582.349012] kmem_cache_alloc+0x159/0x310 [ 2582.349883] copy_fs_struct+0x45/0x340 [ 2582.350705] copy_process+0x3435/0x7800 [ 2582.351542] ? __lock_acquire+0xbb1/0x5b00 [ 2582.352450] ? __cleanup_sighand+0xb0/0xb0 [ 2582.353346] ? lock_acquire+0x197/0x470 [ 2582.354178] ? find_held_lock+0x2c/0x110 [ 2582.355039] kernel_clone+0xe7/0x980 [ 2582.355812] ? lock_downgrade+0x6d0/0x6d0 [ 2582.356689] ? find_held_lock+0x2c/0x110 [ 2582.357534] ? create_io_thread+0xf0/0xf0 [ 2582.358622] ? ksys_write+0x12d/0x260 [ 2582.359643] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2582.360682] __do_sys_fork+0x8a/0xc0 [ 2582.361456] ? kernel_thread+0xf0/0xf0 [ 2582.362278] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2582.363384] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2582.364446] ? trace_hardirqs_on+0x5b/0x180 [ 2582.365342] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2582.366412] do_syscall_64+0x33/0x40 [ 2582.367197] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2582.368257] RIP: 0033:0x7f04c97d0b19 23:59:44 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:44 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:44 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c0550000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:44 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:44 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x35}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:44 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:44 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:44 executing program 4: fork() (fail_nth: 19) [ 2582.369049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2582.373034] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2582.374622] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2582.376135] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2582.377613] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2582.379099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2582.380589] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2582.394106] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 23:59:44 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x18}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:44 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:44 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x36}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:45 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:45 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:45 executing program 4: fork() (fail_nth: 20) [ 2582.776352] FAULT_INJECTION: forcing a failure. [ 2582.776352] name failslab, interval 1, probability 0, space 0, times 0 [ 2582.778781] CPU: 0 PID: 20585 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2582.780233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2582.781966] Call Trace: [ 2582.782518] dump_stack+0x107/0x167 [ 2582.783295] should_fail.cold+0x5/0xa [ 2582.784086] ? create_object.isra.0+0x3a/0xa20 [ 2582.785181] should_failslab+0x5/0x20 [ 2582.785979] kmem_cache_alloc+0x5b/0x310 [ 2582.786828] create_object.isra.0+0x3a/0xa20 [ 2582.787757] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2582.788818] __kmalloc_node+0x1ae/0x420 [ 2582.789668] kvmalloc_node+0x119/0x170 [ 2582.790479] alloc_fdtable+0x13f/0x280 [ 2582.791295] dup_fd+0x92e/0xf40 [ 2582.792011] copy_process+0x197e/0x7800 [ 2582.792860] ? __lock_acquire+0xbb1/0x5b00 [ 2582.793770] ? __cleanup_sighand+0xb0/0xb0 [ 2582.794648] ? lock_acquire+0x197/0x470 [ 2582.795495] ? find_held_lock+0x2c/0x110 [ 2582.796353] kernel_clone+0xe7/0x980 [ 2582.797133] ? lock_downgrade+0x6d0/0x6d0 [ 2582.797985] ? find_held_lock+0x2c/0x110 [ 2582.798830] ? create_io_thread+0xf0/0xf0 [ 2582.799690] ? ksys_write+0x12d/0x260 [ 2582.800495] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2582.801503] __do_sys_fork+0x8a/0xc0 [ 2582.802285] ? kernel_thread+0xf0/0xf0 [ 2582.803123] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2582.804228] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2582.805297] ? trace_hardirqs_on+0x5b/0x180 [ 2582.806191] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2582.807272] do_syscall_64+0x33/0x40 [ 2582.808043] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2582.809107] RIP: 0033:0x7f04c97d0b19 [ 2582.809884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2582.813726] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2582.815324] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2582.816811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2582.818317] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2582.819819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2582.821303] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:59:59 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:59 executing program 4: fork() (fail_nth: 21) [ 2597.032802] FAULT_INJECTION: forcing a failure. [ 2597.032802] name failslab, interval 1, probability 0, space 0, times 0 23:59:59 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2597.035818] CPU: 1 PID: 20595 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2597.037736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2597.039844] Call Trace: [ 2597.040513] dump_stack+0x107/0x167 [ 2597.041435] should_fail.cold+0x5/0xa [ 2597.042396] ? create_object.isra.0+0x3a/0xa20 23:59:59 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2597.043671] should_failslab+0x5/0x20 [ 2597.044740] kmem_cache_alloc+0x5b/0x310 [ 2597.045907] create_object.isra.0+0x3a/0xa20 [ 2597.047112] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2597.048554] kmem_cache_alloc+0x159/0x310 [ 2597.049689] copy_process+0x1add/0x7800 [ 2597.050712] ? __lock_acquire+0xbb1/0x5b00 [ 2597.052009] ? __cleanup_sighand+0xb0/0xb0 [ 2597.053348] ? lock_acquire+0x197/0x470 [ 2597.054570] ? find_held_lock+0x2c/0x110 [ 2597.055623] kernel_clone+0xe7/0x980 [ 2597.056631] ? lock_downgrade+0x6d0/0x6d0 23:59:59 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x18}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2597.057675] ? find_held_lock+0x2c/0x110 [ 2597.058805] ? create_io_thread+0xf0/0xf0 [ 2597.059970] ? ksys_write+0x12d/0x260 [ 2597.060920] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2597.062099] __do_sys_fork+0x8a/0xc0 [ 2597.063016] ? kernel_thread+0xf0/0xf0 [ 2597.064015] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 23:59:59 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2597.065312] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2597.066729] ? trace_hardirqs_on+0x5b/0x180 [ 2597.067975] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2597.069501] do_syscall_64+0x33/0x40 [ 2597.070615] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2597.072147] RIP: 0033:0x7f04c97d0b19 23:59:59 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2597.073221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2597.078164] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2597.080076] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 23:59:59 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2597.081869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2597.083791] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2597.085578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2597.087368] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 23:59:59 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x33}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:59 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:59 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:59 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:59 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x34}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:59 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 23:59:59 executing program 4: fork() (fail_nth: 22) 23:59:59 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240), 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:59 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 23:59:59 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2597.579276] FAULT_INJECTION: forcing a failure. [ 2597.579276] name failslab, interval 1, probability 0, space 0, times 0 [ 2597.581111] CPU: 1 PID: 20627 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2597.582394] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2597.583731] Call Trace: [ 2597.584156] dump_stack+0x107/0x167 [ 2597.584728] should_fail.cold+0x5/0xa [ 2597.585329] ? copy_process+0x1c5b/0x7800 [ 2597.585971] should_failslab+0x5/0x20 [ 2597.586578] kmem_cache_alloc+0x5b/0x310 [ 2597.587224] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2597.588052] copy_process+0x1c5b/0x7800 [ 2597.588699] ? __lock_acquire+0xbb1/0x5b00 [ 2597.589499] ? __cleanup_sighand+0xb0/0xb0 [ 2597.590199] ? lock_acquire+0x197/0x470 [ 2597.590857] ? find_held_lock+0x2c/0x110 [ 2597.591546] kernel_clone+0xe7/0x980 [ 2597.592179] ? lock_downgrade+0x6d0/0x6d0 [ 2597.592971] ? find_held_lock+0x2c/0x110 [ 2597.593761] ? create_io_thread+0xf0/0xf0 [ 2597.594567] ? ksys_write+0x12d/0x260 [ 2597.595317] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2597.596399] __do_sys_fork+0x8a/0xc0 [ 2597.597079] ? kernel_thread+0xf0/0xf0 [ 2597.597809] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2597.598742] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2597.599744] ? trace_hardirqs_on+0x5b/0x180 [ 2597.600438] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2597.601274] do_syscall_64+0x33/0x40 [ 2597.601894] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2597.602717] RIP: 0033:0x7f04c97d0b19 [ 2597.603355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2597.606328] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2597.607695] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2597.608845] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2597.610020] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2597.611196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2597.612342] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:00:17 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x35}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:17 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x33}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:17 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:17 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:17 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:17 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240), 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:17 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:17 executing program 4: fork() (fail_nth: 23) 00:00:17 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x34}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2615.391844] FAULT_INJECTION: forcing a failure. [ 2615.391844] name failslab, interval 1, probability 0, space 0, times 0 [ 2615.394311] CPU: 0 PID: 20659 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2615.396054] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2615.398117] Call Trace: [ 2615.398785] dump_stack+0x107/0x167 [ 2615.399719] should_fail.cold+0x5/0xa [ 2615.400688] ? create_object.isra.0+0x3a/0xa20 [ 2615.401829] should_failslab+0x5/0x20 [ 2615.402778] kmem_cache_alloc+0x5b/0x310 [ 2615.403801] create_object.isra.0+0x3a/0xa20 [ 2615.404906] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2615.406169] kmem_cache_alloc+0x159/0x310 [ 2615.407201] ? _raw_spin_unlock+0x1a/0x30 [ 2615.408257] copy_process+0x1add/0x7800 [ 2615.409251] ? __lock_acquire+0xbb1/0x5b00 [ 2615.410338] ? __cleanup_sighand+0xb0/0xb0 [ 2615.411417] ? lock_acquire+0x197/0x470 [ 2615.412421] ? find_held_lock+0x2c/0x110 [ 2615.413449] kernel_clone+0xe7/0x980 [ 2615.414372] ? lock_downgrade+0x6d0/0x6d0 [ 2615.415402] ? find_held_lock+0x2c/0x110 [ 2615.416385] ? create_io_thread+0xf0/0xf0 [ 2615.417286] ? ksys_write+0x12d/0x260 [ 2615.418241] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2615.419235] __do_sys_fork+0x8a/0xc0 [ 2615.420178] ? kernel_thread+0xf0/0xf0 [ 2615.420957] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2615.422246] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2615.423355] ? trace_hardirqs_on+0x5b/0x180 [ 2615.424435] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2615.425464] do_syscall_64+0x33/0x40 [ 2615.426400] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2615.427492] RIP: 0033:0x7f04c97d0b19 [ 2615.428413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2615.432174] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2615.434061] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2615.435842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2615.437617] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2615.439370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2615.441138] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:00:17 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x141}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:17 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x35}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:18 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x36}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:18 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240), 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:18 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1b7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:18 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:18 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:18 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:35 executing program 4: fork() (fail_nth: 24) 00:00:35 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x36}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:35 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:35 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1c0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:35 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:35 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:35 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:35 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2632.778716] FAULT_INJECTION: forcing a failure. [ 2632.778716] name failslab, interval 1, probability 0, space 0, times 0 [ 2632.781824] CPU: 1 PID: 20905 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2632.783640] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2632.785820] Call Trace: [ 2632.786525] dump_stack+0x107/0x167 [ 2632.787569] should_fail.cold+0x5/0xa [ 2632.788657] ? create_object.isra.0+0x3a/0xa20 [ 2632.789878] should_failslab+0x5/0x20 [ 2632.790842] kmem_cache_alloc+0x5b/0x310 [ 2632.791908] create_object.isra.0+0x3a/0xa20 [ 2632.793091] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2632.794466] kmem_cache_alloc+0x159/0x310 [ 2632.795609] copy_fs_struct+0x45/0x340 [ 2632.796669] copy_process+0x3435/0x7800 [ 2632.797744] ? __lock_acquire+0xbb1/0x5b00 [ 2632.798921] ? __cleanup_sighand+0xb0/0xb0 [ 2632.800103] ? lock_acquire+0x197/0x470 [ 2632.801189] ? find_held_lock+0x2c/0x110 [ 2632.802251] kernel_clone+0xe7/0x980 [ 2632.803189] ? lock_downgrade+0x6d0/0x6d0 [ 2632.804248] ? find_held_lock+0x2c/0x110 [ 2632.805261] ? create_io_thread+0xf0/0xf0 [ 2632.806310] ? ksys_write+0x12d/0x260 [ 2632.807361] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2632.808643] __do_sys_fork+0x8a/0xc0 [ 2632.809592] ? kernel_thread+0xf0/0xf0 [ 2632.810582] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2632.811916] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2632.813220] ? trace_hardirqs_on+0x5b/0x180 [ 2632.814313] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2632.815606] do_syscall_64+0x33/0x40 [ 2632.816548] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2632.817870] RIP: 0033:0x7f04c97d0b19 [ 2632.818871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2632.823705] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2632.825684] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2632.827555] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2632.829378] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2632.831265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2632.833116] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:00:35 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x68}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:35 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:35 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1f0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:35 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:35 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:35 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:35 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:35 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:53 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:53 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:53 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:53 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x32a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:53 executing program 4: fork() (fail_nth: 25) 00:00:53 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x141}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:53 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:00:53 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2650.793140] FAULT_INJECTION: forcing a failure. [ 2650.793140] name failslab, interval 1, probability 0, space 0, times 0 [ 2650.796132] CPU: 1 PID: 21047 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2650.797858] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2650.800022] Call Trace: [ 2650.800717] dump_stack+0x107/0x167 [ 2650.801676] should_fail.cold+0x5/0xa [ 2650.802673] ? create_object.isra.0+0x3a/0xa20 [ 2650.803886] should_failslab+0x5/0x20 [ 2650.804876] kmem_cache_alloc+0x5b/0x310 [ 2650.805987] create_object.isra.0+0x3a/0xa20 [ 2650.807160] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2650.808506] kmem_cache_alloc+0x159/0x310 [ 2650.809633] copy_process+0x24f5/0x7800 [ 2650.810693] ? __lock_acquire+0xbb1/0x5b00 [ 2650.811889] ? __cleanup_sighand+0xb0/0xb0 [ 2650.813079] ? lock_acquire+0x197/0x470 [ 2650.814190] ? find_held_lock+0x2c/0x110 [ 2650.815302] kernel_clone+0xe7/0x980 [ 2650.816312] ? lock_downgrade+0x6d0/0x6d0 [ 2650.817396] ? find_held_lock+0x2c/0x110 [ 2650.818643] ? create_io_thread+0xf0/0xf0 [ 2650.819888] ? ksys_write+0x12d/0x260 [ 2650.820903] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2650.822180] __do_sys_fork+0x8a/0xc0 [ 2650.823163] ? kernel_thread+0xf0/0xf0 [ 2650.824323] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2650.825551] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2650.826827] ? trace_hardirqs_on+0x5b/0x180 [ 2650.827783] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2650.828962] do_syscall_64+0x33/0x40 [ 2650.829785] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2650.830908] RIP: 0033:0x7f04c97d0b19 [ 2650.831738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2650.835829] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2650.837603] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2650.839165] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2650.840771] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2650.842440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2650.844072] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:00:53 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x175}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:53 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x68}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:53 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x33b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:00:53 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1b7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:08 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:08 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1c8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:08 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x700}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:08 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:08 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:08 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:08 executing program 4: fork() (fail_nth: 26) [ 2665.927442] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2665.951014] FAULT_INJECTION: forcing a failure. [ 2665.951014] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2665.953606] CPU: 1 PID: 21091 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2665.955190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2665.957063] Call Trace: [ 2665.957671] dump_stack+0x107/0x167 [ 2665.958479] should_fail.cold+0x5/0xa [ 2665.959350] __alloc_pages_nodemask+0x182/0x600 [ 2665.960427] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2665.961621] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2665.963048] alloc_pages_current+0x187/0x280 [ 2665.964173] __get_free_pages+0xc/0xa0 00:01:08 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x141}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2665.965025] pgd_alloc+0x84/0x4e0 [ 2665.965881] ? pgd_page_get_mm+0x40/0x40 [ 2665.966729] ? lockdep_init_map_type+0x2c7/0x780 [ 2665.967735] ? lockdep_init_map_type+0x2c7/0x780 [ 2665.968739] mm_init+0x670/0xab0 [ 2665.969454] copy_process+0x254d/0x7800 [ 2665.970281] ? __lock_acquire+0xbb1/0x5b00 [ 2665.971202] ? __cleanup_sighand+0xb0/0xb0 [ 2665.972105] ? lock_acquire+0x197/0x470 [ 2665.972941] ? find_held_lock+0x2c/0x110 [ 2665.973783] kernel_clone+0xe7/0x980 [ 2665.974573] ? lock_downgrade+0x6d0/0x6d0 [ 2665.975419] ? find_held_lock+0x2c/0x110 [ 2665.976291] ? create_io_thread+0xf0/0xf0 [ 2665.977142] ? ksys_write+0x12d/0x260 [ 2665.977931] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2665.978921] __do_sys_fork+0x8a/0xc0 [ 2665.979680] ? kernel_thread+0xf0/0xf0 00:01:08 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2665.980518] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2665.981751] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2665.982796] ? trace_hardirqs_on+0x5b/0x180 [ 2665.983687] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2665.984782] do_syscall_64+0x33/0x40 [ 2665.985543] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2665.986633] RIP: 0033:0x7f04c97d0b19 [ 2665.987384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2665.991200] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2665.992765] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2665.994243] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2665.995712] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2665.997194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2665.998693] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:01:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:08 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:08 executing program 4: fork() (fail_nth: 27) [ 2666.162372] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 00:01:08 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x27e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:08 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:08 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1a4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf26}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2666.288136] FAULT_INJECTION: forcing a failure. [ 2666.288136] name failslab, interval 1, probability 0, space 0, times 0 [ 2666.290847] CPU: 1 PID: 21299 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2666.292412] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2666.294257] Call Trace: [ 2666.294829] dump_stack+0x107/0x167 [ 2666.295631] should_fail.cold+0x5/0xa [ 2666.296474] ? vm_area_dup+0x78/0x290 [ 2666.297301] should_failslab+0x5/0x20 [ 2666.298117] kmem_cache_alloc+0x5b/0x310 [ 2666.299005] vm_area_dup+0x78/0x290 [ 2666.299812] ? __lock_acquire+0xbb1/0x5b00 [ 2666.300776] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2666.301937] ? lock_acquire+0x197/0x470 [ 2666.302799] ? copy_process+0x25d6/0x7800 [ 2666.303707] ? vm_area_alloc+0x110/0x110 [ 2666.304602] ? find_held_lock+0x2c/0x110 [ 2666.305493] ? get_mm_exe_file+0x139/0x310 [ 2666.306428] ? lock_downgrade+0x6d0/0x6d0 [ 2666.307331] ? down_write_nested+0xe4/0x160 [ 2666.308259] ? rwsem_down_write_slowpath+0xc30/0xc30 [ 2666.309284] ? get_mm_exe_file+0x162/0x310 [ 2666.310202] copy_process+0x291b/0x7800 [ 2666.311080] ? __lock_acquire+0xbb1/0x5b00 [ 2666.312043] ? __cleanup_sighand+0xb0/0xb0 [ 2666.312975] ? lock_acquire+0x197/0x470 [ 2666.313845] ? find_held_lock+0x2c/0x110 [ 2666.314738] kernel_clone+0xe7/0x980 [ 2666.315562] ? lock_downgrade+0x6d0/0x6d0 [ 2666.316460] ? find_held_lock+0x2c/0x110 [ 2666.317349] ? create_io_thread+0xf0/0xf0 [ 2666.318262] ? ksys_write+0x12d/0x260 [ 2666.319098] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2666.320164] __do_sys_fork+0x8a/0xc0 [ 2666.320983] ? kernel_thread+0xf0/0xf0 [ 2666.321852] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2666.322991] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2666.324117] ? trace_hardirqs_on+0x5b/0x180 [ 2666.325070] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2666.326197] do_syscall_64+0x33/0x40 [ 2666.327005] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2666.328135] RIP: 0033:0x7f04c97d0b19 [ 2666.328951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2666.333115] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2666.334775] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2666.336347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2666.337905] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2666.339534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2666.341314] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:01:23 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:23 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:23 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:23 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:23 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1b7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:23 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x15f3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:23 executing program 4: fork() (fail_nth: 28) 00:01:23 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2681.614963] FAULT_INJECTION: forcing a failure. [ 2681.614963] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2681.617821] CPU: 1 PID: 21333 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2681.619387] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2681.621218] Call Trace: [ 2681.621799] dump_stack+0x107/0x167 [ 2681.622638] should_fail.cold+0x5/0xa [ 2681.623510] __alloc_pages_nodemask+0x182/0x600 [ 2681.624645] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2681.625772] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2681.627359] alloc_pages_current+0x187/0x280 [ 2681.628288] __get_free_pages+0xc/0xa0 [ 2681.629298] pgd_alloc+0x84/0x4e0 [ 2681.630016] ? pgd_page_get_mm+0x40/0x40 [ 2681.631076] ? lockdep_init_map_type+0x2c7/0x780 [ 2681.632106] ? lockdep_init_map_type+0x2c7/0x780 [ 2681.633332] mm_init+0x670/0xab0 [ 2681.634055] copy_process+0x254d/0x7800 [ 2681.634890] ? __lock_acquire+0xbb1/0x5b00 [ 2681.635823] ? __cleanup_sighand+0xb0/0xb0 [ 2681.636762] ? lock_acquire+0x197/0x470 [ 2681.637634] ? find_held_lock+0x2c/0x110 [ 2681.638679] kernel_clone+0xe7/0x980 [ 2681.639471] ? lock_downgrade+0x6d0/0x6d0 [ 2681.640536] ? find_held_lock+0x2c/0x110 [ 2681.641413] ? create_io_thread+0xf0/0xf0 [ 2681.642475] ? ksys_write+0x12d/0x260 [ 2681.643312] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2681.644572] __do_sys_fork+0x8a/0xc0 [ 2681.645523] ? kernel_thread+0xf0/0xf0 [ 2681.646367] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2681.647698] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2681.648811] ? trace_hardirqs_on+0x5b/0x180 [ 2681.649905] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2681.651049] do_syscall_64+0x33/0x40 [ 2681.651993] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2681.653133] RIP: 0033:0x7f04c97d0b19 [ 2681.653934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2681.658708] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2681.660395] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2681.662262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2681.663779] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2681.665328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2681.666839] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2681.685100] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 00:01:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x174f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1d8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x900}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:24 executing program 4: fork() (fail_nth: 29) 00:01:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x300}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2681.928918] FAULT_INJECTION: forcing a failure. [ 2681.928918] name failslab, interval 1, probability 0, space 0, times 0 [ 2681.931355] CPU: 1 PID: 21449 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2681.932903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2681.934759] Call Trace: [ 2681.935346] dump_stack+0x107/0x167 [ 2681.936154] should_fail.cold+0x5/0xa [ 2681.937036] ? vm_area_dup+0x78/0x290 [ 2681.937879] should_failslab+0x5/0x20 [ 2681.938851] kmem_cache_alloc+0x5b/0x310 [ 2681.939788] vm_area_dup+0x78/0x290 [ 2681.940594] ? mark_lock+0xf5/0x2df0 [ 2681.941407] ? lock_chain_count+0x20/0x20 [ 2681.942437] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2681.943536] ? lock_acquire+0x197/0x470 [ 2681.944415] ? copy_process+0x25d6/0x7800 [ 2681.945388] ? mark_held_locks+0x9e/0xe0 [ 2681.946251] ? vm_area_alloc+0x110/0x110 [ 2681.947099] ? find_held_lock+0x2c/0x110 [ 2681.947987] ? get_mm_exe_file+0x139/0x310 [ 2681.948903] ? lock_downgrade+0x6d0/0x6d0 [ 2681.949821] ? get_mm_exe_file+0x13e/0x310 [ 2681.950711] ? get_mm_exe_file+0x162/0x310 [ 2681.951650] copy_process+0x291b/0x7800 [ 2681.952491] ? __lock_acquire+0xbb1/0x5b00 [ 2681.953470] ? __cleanup_sighand+0xb0/0xb0 [ 2681.954362] ? lock_acquire+0x197/0x470 [ 2681.955224] ? find_held_lock+0x2c/0x110 [ 2681.956082] kernel_clone+0xe7/0x980 [ 2681.956902] ? lock_downgrade+0x6d0/0x6d0 [ 2681.957797] ? find_held_lock+0x2c/0x110 [ 2681.958640] ? create_io_thread+0xf0/0xf0 [ 2681.959557] ? ksys_write+0x12d/0x260 [ 2681.960437] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2681.961516] __do_sys_fork+0x8a/0xc0 [ 2681.962289] ? kernel_thread+0xf0/0xf0 [ 2681.963159] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2681.964281] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2681.965415] ? trace_hardirqs_on+0x5b/0x180 [ 2681.966397] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2681.967538] do_syscall_64+0x33/0x40 [ 2681.968377] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2681.969482] RIP: 0033:0x7f04c97d0b19 [ 2681.970262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2681.974312] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2681.975952] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2681.977804] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2681.979627] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2681.981582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2681.983404] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:01:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x342}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfa3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x104f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x410}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x216b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:24 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:42 executing program 4: fork() (fail_nth: 30) 00:01:42 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2700.391860] FAULT_INJECTION: forcing a failure. [ 2700.391860] name failslab, interval 1, probability 0, space 0, times 0 [ 2700.394280] CPU: 0 PID: 21600 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2700.395726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2700.397633] Call Trace: [ 2700.398192] dump_stack+0x107/0x167 [ 2700.398975] should_fail.cold+0x5/0xa [ 2700.399770] ? create_object.isra.0+0x3a/0xa20 [ 2700.400738] should_failslab+0x5/0x20 [ 2700.401530] kmem_cache_alloc+0x5b/0x310 [ 2700.402387] create_object.isra.0+0x3a/0xa20 [ 2700.403298] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2700.404371] kmem_cache_alloc+0x159/0x310 [ 2700.405238] vm_area_dup+0x78/0x290 [ 2700.406007] ? avc_has_perm_noaudit+0x1c9/0x3e0 [ 2700.406977] ? lock_downgrade+0x6d0/0x6d0 [ 2700.407833] ? copy_page_range+0x24e9/0x3810 [ 2700.408769] ? avc_has_perm_noaudit+0x1f7/0x3e0 [ 2700.409753] ? avc_has_extended_perms+0xf40/0xf40 [ 2700.410779] ? vm_area_alloc+0x110/0x110 [ 2700.411631] ? find_held_lock+0x2c/0x110 [ 2700.412496] ? selinux_vm_enough_memory+0x114/0x180 [ 2700.413541] ? selinux_sb_statfs+0x250/0x250 [ 2700.414469] ? percpu_counter_add_batch+0x8b/0x140 [ 2700.415495] ? __vm_enough_memory+0x184/0x360 [ 2700.416428] ? security_vm_enough_memory_mm+0x8b/0xc0 [ 2700.417495] copy_process+0x291b/0x7800 [ 2700.418339] ? __cleanup_sighand+0xb0/0xb0 [ 2700.419211] ? lock_acquire+0x197/0x470 [ 2700.420026] ? find_held_lock+0x2c/0x110 [ 2700.420901] kernel_clone+0xe7/0x980 [ 2700.421675] ? lock_downgrade+0x6d0/0x6d0 [ 2700.422531] ? find_held_lock+0x2c/0x110 [ 2700.423372] ? create_io_thread+0xf0/0xf0 [ 2700.424234] ? ksys_write+0x12d/0x260 [ 2700.425049] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2700.426056] __do_sys_fork+0x8a/0xc0 [ 2700.426832] ? kernel_thread+0xf0/0xf0 [ 2700.427656] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2700.428752] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2700.429804] ? trace_hardirqs_on+0x5b/0x180 [ 2700.430677] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2700.431739] do_syscall_64+0x33/0x40 [ 2700.432520] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2700.433597] RIP: 0033:0x7f04c97d0b19 [ 2700.434372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2700.438220] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2700.439820] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2700.441342] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2700.442842] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2700.444356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2700.445871] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:01:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x260f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:42 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:42 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:42 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:01:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1a4b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2a03}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:01:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd6b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:02 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:02 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:02 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, 0x0, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:02 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:02 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:02 executing program 4: fork() (fail_nth: 31) 00:02:02 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2719.921200] FAULT_INJECTION: forcing a failure. [ 2719.921200] name failslab, interval 1, probability 0, space 0, times 0 [ 2719.923674] CPU: 0 PID: 21729 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2719.925129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2719.926853] Call Trace: [ 2719.927400] dump_stack+0x107/0x167 [ 2719.928169] should_fail.cold+0x5/0xa [ 2719.928975] ? vm_area_dup+0x78/0x290 [ 2719.929791] should_failslab+0x5/0x20 [ 2719.930653] kmem_cache_alloc+0x5b/0x310 [ 2719.931498] vm_area_dup+0x78/0x290 [ 2719.932268] ? copy_page_range+0x24e9/0x3810 [ 2719.933257] ? vm_area_alloc+0x110/0x110 [ 2719.934116] ? find_held_lock+0x2c/0x110 [ 2719.934962] ? vm_iomap_memory+0x190/0x190 [ 2719.935848] ? __vma_link_rb+0x540/0x700 [ 2719.936704] copy_process+0x291b/0x7800 [ 2719.937574] ? __cleanup_sighand+0xb0/0xb0 [ 2719.938463] ? lock_acquire+0x197/0x470 [ 2719.939300] ? find_held_lock+0x2c/0x110 [ 2719.940146] kernel_clone+0xe7/0x980 [ 2719.940926] ? lock_downgrade+0x6d0/0x6d0 [ 2719.941792] ? find_held_lock+0x2c/0x110 [ 2719.942645] ? create_io_thread+0xf0/0xf0 [ 2719.943512] ? ksys_write+0x12d/0x260 [ 2719.944315] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2719.945348] __do_sys_fork+0x8a/0xc0 [ 2719.946134] ? kernel_thread+0xf0/0xf0 [ 2719.946960] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2719.948043] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2719.949141] ? trace_hardirqs_on+0x5b/0x180 [ 2719.950124] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2719.951192] do_syscall_64+0x33/0x40 [ 2719.951964] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2719.953040] RIP: 0033:0x7f04c97d0b19 [ 2719.953851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2719.958021] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2719.959612] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2719.961139] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2719.962637] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2719.964139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2719.965641] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:02:02 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:02 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20d7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:02 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1004}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:02 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:20 executing program 4: fork() (fail_nth: 32) 00:02:20 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:20 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:20 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:20 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x135b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:20 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3300}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:20 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, 0x0, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:20 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2738.476485] FAULT_INJECTION: forcing a failure. [ 2738.476485] name failslab, interval 1, probability 0, space 0, times 0 [ 2738.478768] CPU: 0 PID: 21964 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2738.480127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2738.481772] Call Trace: [ 2738.482298] dump_stack+0x107/0x167 [ 2738.483017] should_fail.cold+0x5/0xa [ 2738.483768] ? create_object.isra.0+0x3a/0xa20 [ 2738.484670] should_failslab+0x5/0x20 [ 2738.485431] kmem_cache_alloc+0x5b/0x310 [ 2738.486236] create_object.isra.0+0x3a/0xa20 [ 2738.487096] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2738.488096] kmem_cache_alloc+0x159/0x310 [ 2738.488928] vm_area_dup+0x78/0x290 [ 2738.489655] ? copy_page_range+0x24e9/0x3810 [ 2738.490551] ? vm_area_alloc+0x110/0x110 [ 2738.491351] ? find_held_lock+0x2c/0x110 [ 2738.492153] ? vm_iomap_memory+0x190/0x190 [ 2738.492980] ? __vma_link_rb+0x540/0x700 [ 2738.493781] copy_process+0x291b/0x7800 [ 2738.494580] ? __cleanup_sighand+0xb0/0xb0 [ 2738.495398] ? lock_acquire+0x197/0x470 [ 2738.496164] ? find_held_lock+0x2c/0x110 [ 2738.496960] kernel_clone+0xe7/0x980 [ 2738.497691] ? lock_downgrade+0x6d0/0x6d0 [ 2738.498502] ? find_held_lock+0x2c/0x110 [ 2738.499301] ? create_io_thread+0xf0/0xf0 [ 2738.500117] ? ksys_write+0x12d/0x260 [ 2738.500887] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2738.501840] __do_sys_fork+0x8a/0xc0 [ 2738.502571] ? kernel_thread+0xf0/0xf0 [ 2738.503350] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2738.504381] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2738.505402] ? trace_hardirqs_on+0x5b/0x180 [ 2738.506249] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2738.507258] do_syscall_64+0x33/0x40 [ 2738.507990] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2738.509007] RIP: 0033:0x7f04c97d0b19 [ 2738.509746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2738.513420] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2738.515132] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2738.516760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2738.518384] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2738.520048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2738.521692] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:02:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2c6b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:21 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3400}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:21 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:21 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, 0x0, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:21 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:21 executing program 4: fork() (fail_nth: 33) 00:02:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:21 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2738.834595] FAULT_INJECTION: forcing a failure. [ 2738.834595] name failslab, interval 1, probability 0, space 0, times 0 [ 2738.837011] CPU: 0 PID: 22284 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2738.838463] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2738.840213] Call Trace: 00:02:21 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2738.840774] dump_stack+0x107/0x167 [ 2738.841711] should_fail.cold+0x5/0xa [ 2738.842523] ? vm_area_dup+0x78/0x290 [ 2738.843346] should_failslab+0x5/0x20 [ 2738.844163] kmem_cache_alloc+0x5b/0x310 [ 2738.845028] vm_area_dup+0x78/0x290 [ 2738.845811] ? copy_page_range+0x24e9/0x3810 [ 2738.846793] ? vm_area_alloc+0x110/0x110 [ 2738.847669] ? find_held_lock+0x2c/0x110 [ 2738.848573] ? vm_iomap_memory+0x190/0x190 [ 2738.849510] ? __vma_link_rb+0x540/0x700 [ 2738.850377] copy_process+0x291b/0x7800 [ 2738.851256] ? __cleanup_sighand+0xb0/0xb0 [ 2738.852154] ? lock_acquire+0x197/0x470 [ 2738.853050] ? find_held_lock+0x2c/0x110 [ 2738.853936] kernel_clone+0xe7/0x980 [ 2738.854724] ? lock_downgrade+0x6d0/0x6d0 [ 2738.855596] ? find_held_lock+0x2c/0x110 [ 2738.856449] ? create_io_thread+0xf0/0xf0 [ 2738.857380] ? ksys_write+0x12d/0x260 [ 2738.858226] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2738.859251] __do_sys_fork+0x8a/0xc0 [ 2738.860040] ? kernel_thread+0xf0/0xf0 [ 2738.860892] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2738.862020] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2738.863126] ? trace_hardirqs_on+0x5b/0x180 [ 2738.864061] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2738.865183] do_syscall_64+0x33/0x40 [ 2738.865977] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2738.867057] RIP: 0033:0x7f04c97d0b19 [ 2738.867839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2738.871521] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2738.872893] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2738.874168] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2738.875453] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2738.876736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2738.878027] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:02:21 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:21 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x316c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:21 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:37 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:37 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2754.691135] FAULT_INJECTION: forcing a failure. [ 2754.691135] name failslab, interval 1, probability 0, space 0, times 0 [ 2754.693806] CPU: 1 PID: 22313 Comm: syz-executor.4 Not tainted 5.10.234 #1 00:02:37 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3600}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:37 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:37 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:37 executing program 4: fork() (fail_nth: 34) 00:02:37 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3300}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:37 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2754.695359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2754.697667] Call Trace: [ 2754.698301] dump_stack+0x107/0x167 [ 2754.699304] should_fail.cold+0x5/0xa [ 2754.700158] ? create_object.isra.0+0x3a/0xa20 [ 2754.701255] should_failslab+0x5/0x20 [ 2754.702092] kmem_cache_alloc+0x5b/0x310 [ 2754.703009] create_object.isra.0+0x3a/0xa20 [ 2754.703992] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2754.705130] kmem_cache_alloc+0x159/0x310 [ 2754.706076] vm_area_dup+0x78/0x290 [ 2754.706906] ? copy_page_range+0x24e9/0x3810 [ 2754.707960] ? vm_area_alloc+0x110/0x110 [ 2754.708861] ? find_held_lock+0x2c/0x110 [ 2754.709786] ? vm_iomap_memory+0x190/0x190 [ 2754.710745] ? __vma_link_rb+0x540/0x700 [ 2754.711812] copy_process+0x291b/0x7800 [ 2754.712779] ? __cleanup_sighand+0xb0/0xb0 [ 2754.714072] ? lock_acquire+0x197/0x470 [ 2754.715098] ? find_held_lock+0x2c/0x110 [ 2754.716125] kernel_clone+0xe7/0x980 [ 2754.717084] ? lock_downgrade+0x6d0/0x6d0 [ 2754.718127] ? find_held_lock+0x2c/0x110 [ 2754.719110] ? create_io_thread+0xf0/0xf0 [ 2754.720164] ? ksys_write+0x12d/0x260 [ 2754.721145] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2754.722373] __do_sys_fork+0x8a/0xc0 [ 2754.723315] ? kernel_thread+0xf0/0xf0 [ 2754.724317] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2754.725658] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2754.726951] ? trace_hardirqs_on+0x5b/0x180 [ 2754.728043] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2754.729358] do_syscall_64+0x33/0x40 [ 2754.730301] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2754.731599] RIP: 0033:0x7f04c97d0b19 [ 2754.732543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2754.737243] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2754.739303] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2754.741124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2754.742762] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2754.744246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2754.745744] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:02:37 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:54 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3400}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:54 executing program 4: fork() (fail_nth: 35) 00:02:54 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:54 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:54 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3b03}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:54 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3300}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:54 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:54 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2772.225326] FAULT_INJECTION: forcing a failure. [ 2772.225326] name failslab, interval 1, probability 0, space 0, times 0 [ 2772.228283] CPU: 1 PID: 22348 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2772.230019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2772.232079] Call Trace: [ 2772.232738] dump_stack+0x107/0x167 [ 2772.233657] should_fail.cold+0x5/0xa [ 2772.234610] ? vm_area_dup+0x78/0x290 [ 2772.235569] should_failslab+0x5/0x20 [ 2772.236499] kmem_cache_alloc+0x5b/0x310 [ 2772.237514] vm_area_dup+0x78/0x290 [ 2772.238424] ? avc_has_perm_noaudit+0x1c9/0x3e0 [ 2772.239582] ? lock_downgrade+0x6d0/0x6d0 [ 2772.240601] ? copy_page_range+0x24e9/0x3810 [ 2772.241686] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2772.242991] ? avc_has_perm_noaudit+0x1f7/0x3e0 [ 2772.244150] ? avc_has_extended_perms+0xf40/0xf40 [ 2772.245325] ? copy_process+0x2b60/0x7800 [ 2772.246294] ? vm_area_alloc+0x110/0x110 [ 2772.247217] ? find_held_lock+0x2c/0x110 [ 2772.248062] ? selinux_vm_enough_memory+0x114/0x180 [ 2772.249079] ? selinux_sb_statfs+0x250/0x250 [ 2772.249983] ? up_write+0x191/0x550 [ 2772.250724] ? percpu_counter_add_batch+0x8b/0x140 [ 2772.251722] ? __vm_enough_memory+0x184/0x360 [ 2772.252643] ? security_vm_enough_memory_mm+0x8b/0xc0 [ 2772.253720] copy_process+0x291b/0x7800 [ 2772.254558] ? __cleanup_sighand+0xb0/0xb0 [ 2772.255409] ? lock_acquire+0x197/0x470 [ 2772.256222] ? find_held_lock+0x2c/0x110 [ 2772.257046] kernel_clone+0xe7/0x980 [ 2772.257805] ? lock_downgrade+0x6d0/0x6d0 [ 2772.258631] ? find_held_lock+0x2c/0x110 [ 2772.259447] ? create_io_thread+0xf0/0xf0 [ 2772.260292] ? ksys_write+0x12d/0x260 [ 2772.261071] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2772.262080] __do_sys_fork+0x8a/0xc0 [ 2772.262835] ? kernel_thread+0xf0/0xf0 [ 2772.263649] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2772.264739] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2772.265821] ? trace_hardirqs_on+0x5b/0x180 [ 2772.266710] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2772.267757] do_syscall_64+0x33/0x40 [ 2772.268519] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2772.269568] RIP: 0033:0x7f04c97d0b19 [ 2772.270332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2772.274113] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2772.275648] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2772.277097] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2772.278562] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2772.279997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2772.281463] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:02:54 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3400}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:54 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:54 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:54 executing program 4: fork() (fail_nth: 36) 00:02:54 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2772.540669] FAULT_INJECTION: forcing a failure. [ 2772.540669] name failslab, interval 1, probability 0, space 0, times 0 [ 2772.542729] CPU: 0 PID: 22498 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2772.543872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2772.545378] Call Trace: [ 2772.545901] dump_stack+0x107/0x167 [ 2772.546611] should_fail.cold+0x5/0xa [ 2772.547397] ? vm_area_dup+0x78/0x290 [ 2772.548210] should_failslab+0x5/0x20 [ 2772.549033] kmem_cache_alloc+0x5b/0x310 [ 2772.549907] vm_area_dup+0x78/0x290 [ 2772.550705] ? copy_page_range+0x24e9/0x3810 [ 2772.551679] ? vm_area_alloc+0x110/0x110 [ 2772.552548] ? find_held_lock+0x2c/0x110 [ 2772.553296] ? vm_iomap_memory+0x190/0x190 [ 2772.554010] ? __vma_link_rb+0x540/0x700 [ 2772.554800] copy_process+0x291b/0x7800 [ 2772.555611] ? __cleanup_sighand+0xb0/0xb0 [ 2772.556479] ? lock_acquire+0x197/0x470 [ 2772.557293] ? find_held_lock+0x2c/0x110 [ 2772.558111] kernel_clone+0xe7/0x980 [ 2772.558863] ? lock_downgrade+0x6d0/0x6d0 [ 2772.559711] ? find_held_lock+0x2c/0x110 [ 2772.560552] ? create_io_thread+0xf0/0xf0 [ 2772.561451] ? ksys_write+0x12d/0x260 [ 2772.562254] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2772.563284] __do_sys_fork+0x8a/0xc0 [ 2772.564037] ? kernel_thread+0xf0/0xf0 [ 2772.564847] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2772.565929] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2772.566971] ? trace_hardirqs_on+0x5b/0x180 [ 2772.567850] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2772.568894] do_syscall_64+0x33/0x40 [ 2772.569650] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2772.570678] RIP: 0033:0x7f04c97d0b19 [ 2772.571451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2772.575381] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2772.577035] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2772.578409] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2772.579694] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2772.580935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2772.582164] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:02:55 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:55 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:55 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3600}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:55 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:55 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:02:55 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3600}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:55 executing program 4: fork() (fail_nth: 37) 00:02:55 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:02:55 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e63}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2772.912143] FAULT_INJECTION: forcing a failure. [ 2772.912143] name failslab, interval 1, probability 0, space 0, times 0 [ 2772.914778] CPU: 1 PID: 22580 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2772.916357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2772.918282] Call Trace: [ 2772.918889] dump_stack+0x107/0x167 [ 2772.919731] should_fail.cold+0x5/0xa [ 2772.920608] ? anon_vma_clone+0xdc/0x590 [ 2772.921543] should_failslab+0x5/0x20 [ 2772.922414] kmem_cache_alloc+0x5b/0x310 [ 2772.923346] anon_vma_clone+0xdc/0x590 [ 2772.924247] anon_vma_fork+0x82/0x640 [ 2772.925119] ? __vm_enough_memory+0x184/0x360 [ 2772.926146] copy_process+0x7218/0x7800 [ 2772.927095] ? __cleanup_sighand+0xb0/0xb0 [ 2772.928066] ? lock_acquire+0x197/0x470 [ 2772.928979] ? find_held_lock+0x2c/0x110 [ 2772.929919] kernel_clone+0xe7/0x980 [ 2772.930765] ? lock_downgrade+0x6d0/0x6d0 [ 2772.931705] ? find_held_lock+0x2c/0x110 [ 2772.932620] ? create_io_thread+0xf0/0xf0 [ 2772.933568] ? ksys_write+0x12d/0x260 [ 2772.934444] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2772.935547] __do_sys_fork+0x8a/0xc0 [ 2772.936384] ? kernel_thread+0xf0/0xf0 [ 2772.937293] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2772.938481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2772.939660] ? trace_hardirqs_on+0x5b/0x180 [ 2772.940635] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2772.941804] do_syscall_64+0x33/0x40 [ 2772.942644] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2772.943800] RIP: 0033:0x7f04c97d0b19 [ 2772.944633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2772.948758] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2772.950473] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2772.952071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2772.953681] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2772.955277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2772.956869] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:03:09 executing program 4: fork() (fail_nth: 38) 00:03:09 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:09 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={0x0, 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2787.155614] FAULT_INJECTION: forcing a failure. [ 2787.155614] name failslab, interval 1, probability 0, space 0, times 0 [ 2787.158729] CPU: 1 PID: 22593 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2787.160620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2787.162864] Call Trace: [ 2787.163552] dump_stack+0x107/0x167 [ 2787.164521] should_fail.cold+0x5/0xa [ 2787.165547] ? create_object.isra.0+0x3a/0xa20 [ 2787.166718] should_failslab+0x5/0x20 [ 2787.167604] kmem_cache_alloc+0x5b/0x310 [ 2787.168553] create_object.isra.0+0x3a/0xa20 [ 2787.169551] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2787.170691] kmem_cache_alloc+0x159/0x310 [ 2787.171657] anon_vma_clone+0xdc/0x590 [ 2787.172565] anon_vma_fork+0x82/0x640 [ 2787.173456] ? __vm_enough_memory+0x184/0x360 [ 2787.174496] copy_process+0x7218/0x7800 [ 2787.175438] ? __cleanup_sighand+0xb0/0xb0 [ 2787.176402] ? lock_acquire+0x197/0x470 [ 2787.177340] ? find_held_lock+0x2c/0x110 [ 2787.178264] kernel_clone+0xe7/0x980 [ 2787.179103] ? lock_downgrade+0x6d0/0x6d0 [ 2787.180025] ? find_held_lock+0x2c/0x110 [ 2787.180931] ? create_io_thread+0xf0/0xf0 [ 2787.181912] ? ksys_write+0x12d/0x260 [ 2787.182782] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2787.183908] __do_sys_fork+0x8a/0xc0 [ 2787.184768] ? kernel_thread+0xf0/0xf0 [ 2787.185698] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2787.186908] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2787.188104] ? trace_hardirqs_on+0x5b/0x180 [ 2787.189099] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2787.190296] do_syscall_64+0x33/0x40 [ 2787.191133] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2787.192275] RIP: 0033:0x7f04c97d0b19 [ 2787.193130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2787.197439] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2787.199175] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2787.200821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2787.202484] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2787.204127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2787.205800] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:03:09 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:09 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:09 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:09 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3f00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:09 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3df0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:09 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:25 executing program 4: fork() (fail_nth: 39) 00:03:25 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3f00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={0x0, 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:25 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:25 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2802.652082] FAULT_INJECTION: forcing a failure. [ 2802.652082] name failslab, interval 1, probability 0, space 0, times 0 [ 2802.654044] CPU: 0 PID: 22728 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2802.654916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2802.655957] Call Trace: [ 2802.656300] dump_stack+0x107/0x167 [ 2802.656778] should_fail.cold+0x5/0xa [ 2802.657262] ? down_write+0xe0/0x160 [ 2802.657743] ? anon_vma_clone+0xdc/0x590 [ 2802.658270] should_failslab+0x5/0x20 [ 2802.658772] kmem_cache_alloc+0x5b/0x310 [ 2802.659297] anon_vma_clone+0xdc/0x590 [ 2802.659818] anon_vma_fork+0x82/0x640 [ 2802.660304] ? __vm_enough_memory+0x184/0x360 [ 2802.660897] copy_process+0x7218/0x7800 [ 2802.661434] ? __cleanup_sighand+0xb0/0xb0 [ 2802.662007] ? lock_acquire+0x197/0x470 [ 2802.662522] ? find_held_lock+0x2c/0x110 [ 2802.663062] kernel_clone+0xe7/0x980 [ 2802.663540] ? lock_downgrade+0x6d0/0x6d0 [ 2802.664091] ? find_held_lock+0x2c/0x110 [ 2802.664613] ? create_io_thread+0xf0/0xf0 [ 2802.665163] ? ksys_write+0x12d/0x260 [ 2802.665727] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2802.666359] __do_sys_fork+0x8a/0xc0 [ 2802.666837] ? kernel_thread+0xf0/0xf0 [ 2802.667371] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2802.668042] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2802.668722] ? trace_hardirqs_on+0x5b/0x180 [ 2802.669286] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2802.669980] do_syscall_64+0x33/0x40 [ 2802.670497] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2802.671187] RIP: 0033:0x7f04c97d0b19 [ 2802.671696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2802.674182] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2802.675224] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2802.676196] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2802.677167] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2802.678147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2802.679117] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:03:25 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={0x0, 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:25 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3f00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:25 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4101}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4101}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:25 executing program 4: fork() (fail_nth: 40) 00:03:25 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2803.056012] FAULT_INJECTION: forcing a failure. [ 2803.056012] name failslab, interval 1, probability 0, space 0, times 0 [ 2803.058494] CPU: 1 PID: 23049 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2803.060051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2803.062158] Call Trace: [ 2803.062837] dump_stack+0x107/0x167 [ 2803.063766] should_fail.cold+0x5/0xa [ 2803.064690] ? create_object.isra.0+0x3a/0xa20 [ 2803.065714] should_failslab+0x5/0x20 [ 2803.066505] kmem_cache_alloc+0x5b/0x310 [ 2803.067349] create_object.isra.0+0x3a/0xa20 [ 2803.068255] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2803.069307] kmem_cache_alloc+0x159/0x310 [ 2803.070210] anon_vma_clone+0xdc/0x590 [ 2803.071032] anon_vma_fork+0x82/0x640 [ 2803.071815] ? __vm_enough_memory+0x184/0x360 [ 2803.072747] copy_process+0x7218/0x7800 [ 2803.073647] ? __cleanup_sighand+0xb0/0xb0 [ 2803.074537] ? lock_acquire+0x197/0x470 [ 2803.075377] ? find_held_lock+0x2c/0x110 [ 2803.076229] kernel_clone+0xe7/0x980 [ 2803.077001] ? lock_downgrade+0x6d0/0x6d0 [ 2803.077890] ? find_held_lock+0x2c/0x110 [ 2803.078739] ? create_io_thread+0xf0/0xf0 [ 2803.079606] ? ksys_write+0x12d/0x260 [ 2803.080409] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2803.081419] __do_sys_fork+0x8a/0xc0 [ 2803.082216] ? kernel_thread+0xf0/0xf0 [ 2803.083046] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2803.084141] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2803.085214] ? trace_hardirqs_on+0x5b/0x180 [ 2803.086141] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2803.087215] do_syscall_64+0x33/0x40 [ 2803.087987] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2803.089059] RIP: 0033:0x7f04c97d0b19 [ 2803.089867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2803.093771] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2803.095542] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2803.097296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2803.099067] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2803.101053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2803.103166] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:03:43 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4101}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:43 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4203}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:43 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:43 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:43 executing program 4: fork() (fail_nth: 41) 00:03:43 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:43 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4ae5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4afa}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2820.767799] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2820.795705] FAULT_INJECTION: forcing a failure. [ 2820.795705] name failslab, interval 1, probability 0, space 0, times 0 [ 2820.798380] CPU: 0 PID: 23179 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2820.799928] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2820.801779] Call Trace: [ 2820.802392] dump_stack+0x107/0x167 [ 2820.803214] should_fail.cold+0x5/0xa [ 2820.804051] ? anon_vma_clone+0xdc/0x590 [ 2820.804965] should_failslab+0x5/0x20 [ 2820.805835] kmem_cache_alloc+0x5b/0x310 [ 2820.806762] anon_vma_clone+0xdc/0x590 [ 2820.807631] anon_vma_fork+0x82/0x640 [ 2820.808506] ? __vm_enough_memory+0x184/0x360 [ 2820.809496] copy_process+0x7218/0x7800 [ 2820.810458] ? __cleanup_sighand+0xb0/0xb0 [ 2820.811387] ? lock_acquire+0x197/0x470 [ 2820.812283] ? find_held_lock+0x2c/0x110 [ 2820.813181] kernel_clone+0xe7/0x980 [ 2820.814026] ? lock_downgrade+0x6d0/0x6d0 [ 2820.814952] ? find_held_lock+0x2c/0x110 [ 2820.815864] ? create_io_thread+0xf0/0xf0 [ 2820.816769] ? ksys_write+0x12d/0x260 [ 2820.817636] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2820.818723] __do_sys_fork+0x8a/0xc0 [ 2820.819545] ? kernel_thread+0xf0/0xf0 [ 2820.820430] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2820.821581] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2820.822892] ? trace_hardirqs_on+0x5b/0x180 [ 2820.823859] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2820.824973] do_syscall_64+0x33/0x40 00:03:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4ec9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2820.825811] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2820.827030] RIP: 0033:0x7f04c97d0b19 [ 2820.827863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2820.831923] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2820.833660] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2820.835261] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2820.836848] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2820.838452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2820.840071] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:03:43 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4b1a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:43 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4f17}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:43 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x5867}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:43 executing program 4: fork() (fail_nth: 42) [ 2820.988665] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:03:43 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4f10}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2821.011561] FAULT_INJECTION: forcing a failure. [ 2821.011561] name failslab, interval 1, probability 0, space 0, times 0 [ 2821.012915] CPU: 1 PID: 23198 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2821.013732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2821.014694] Call Trace: [ 2821.015004] dump_stack+0x107/0x167 [ 2821.015420] should_fail.cold+0x5/0xa [ 2821.015856] ? create_object.isra.0+0x3a/0xa20 [ 2821.016404] should_failslab+0x5/0x20 [ 2821.016852] kmem_cache_alloc+0x5b/0x310 [ 2821.017322] create_object.isra.0+0x3a/0xa20 [ 2821.017828] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2821.018414] kmem_cache_alloc+0x159/0x310 [ 2821.018897] anon_vma_clone+0xdc/0x590 [ 2821.019349] anon_vma_fork+0x82/0x640 [ 2821.019785] ? __vm_enough_memory+0x184/0x360 [ 2821.020306] copy_process+0x7218/0x7800 [ 2821.020775] ? __cleanup_sighand+0xb0/0xb0 [ 2821.021259] ? lock_acquire+0x197/0x470 [ 2821.021732] ? find_held_lock+0x2c/0x110 [ 2821.022210] kernel_clone+0xe7/0x980 [ 2821.022636] ? lock_downgrade+0x6d0/0x6d0 [ 2821.023108] ? find_held_lock+0x2c/0x110 [ 2821.023565] ? create_io_thread+0xf0/0xf0 [ 2821.024033] ? ksys_write+0x12d/0x260 [ 2821.024473] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2821.025025] __do_sys_fork+0x8a/0xc0 [ 2821.025451] ? kernel_thread+0xf0/0xf0 [ 2821.025922] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2821.026522] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2821.027114] ? trace_hardirqs_on+0x5b/0x180 [ 2821.027604] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2821.028192] do_syscall_64+0x33/0x40 [ 2821.028621] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2821.029207] RIP: 0033:0x7f04c97d0b19 [ 2821.029628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2821.031726] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2821.032592] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2821.033411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2821.034240] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2821.035056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2821.035881] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:03:43 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:43 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x5ab5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x5b13}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x5ae5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x63d8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:58 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:58 executing program 4: fork() (fail_nth: 43) 00:03:58 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:58 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2835.828350] FAULT_INJECTION: forcing a failure. [ 2835.828350] name failslab, interval 1, probability 0, space 0, times 0 [ 2835.831305] CPU: 1 PID: 23226 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2835.833064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2835.835244] Call Trace: [ 2835.835920] dump_stack+0x107/0x167 [ 2835.836858] should_fail.cold+0x5/0xa [ 2835.837842] ? anon_vma_clone+0xdc/0x590 [ 2835.838783] should_failslab+0x5/0x20 [ 2835.839586] kmem_cache_alloc+0x5b/0x310 [ 2835.840436] anon_vma_clone+0xdc/0x590 [ 2835.841258] anon_vma_fork+0x82/0x640 [ 2835.842064] ? __vm_enough_memory+0x184/0x360 [ 2835.843006] copy_process+0x7218/0x7800 [ 2835.843876] ? __cleanup_sighand+0xb0/0xb0 [ 2835.844769] ? lock_acquire+0x197/0x470 [ 2835.845607] ? find_held_lock+0x2c/0x110 [ 2835.846470] kernel_clone+0xe7/0x980 [ 2835.847243] ? lock_downgrade+0x6d0/0x6d0 [ 2835.848102] ? find_held_lock+0x2c/0x110 [ 2835.848945] ? create_io_thread+0xf0/0xf0 [ 2835.849813] ? ksys_write+0x12d/0x260 [ 2835.850634] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2835.851653] __do_sys_fork+0x8a/0xc0 [ 2835.852438] ? kernel_thread+0xf0/0xf0 [ 2835.853278] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2835.854382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2835.855454] ? trace_hardirqs_on+0x5b/0x180 [ 2835.856354] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2835.857422] do_syscall_64+0x33/0x40 [ 2835.858216] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2835.859297] RIP: 0033:0x7f04c97d0b19 [ 2835.860079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2835.863904] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2835.865484] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2835.866971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2835.868449] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2835.869941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2835.871424] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2835.884431] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:03:58 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x5e63}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x633e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x63f2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() 00:03:58 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x635e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6771}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x63fd}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:03:58 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:58 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:58 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:03:58 executing program 4: fork() (fail_nth: 44) 00:03:58 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x63a0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2836.327126] FAULT_INJECTION: forcing a failure. [ 2836.327126] name failslab, interval 1, probability 0, space 0, times 0 [ 2836.329506] CPU: 0 PID: 23281 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2836.330966] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2836.332699] Call Trace: [ 2836.333254] dump_stack+0x107/0x167 [ 2836.334019] should_fail.cold+0x5/0xa [ 2836.334815] ? create_object.isra.0+0x3a/0xa20 [ 2836.335768] should_failslab+0x5/0x20 [ 2836.336562] kmem_cache_alloc+0x5b/0x310 [ 2836.337410] create_object.isra.0+0x3a/0xa20 [ 2836.338332] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2836.339392] kmem_cache_alloc+0x159/0x310 [ 2836.340261] anon_vma_fork+0xf1/0x640 [ 2836.341050] ? __vm_enough_memory+0x184/0x360 [ 2836.341995] copy_process+0x7218/0x7800 [ 2836.342865] ? __cleanup_sighand+0xb0/0xb0 [ 2836.343702] ? lock_acquire+0x197/0x470 [ 2836.344459] ? find_held_lock+0x2c/0x110 [ 2836.345229] kernel_clone+0xe7/0x980 [ 2836.345953] ? lock_downgrade+0x6d0/0x6d0 [ 2836.346776] ? find_held_lock+0x2c/0x110 [ 2836.347607] ? create_io_thread+0xf0/0xf0 [ 2836.348453] ? ksys_write+0x12d/0x260 [ 2836.349233] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2836.350232] __do_sys_fork+0x8a/0xc0 [ 2836.351025] ? kernel_thread+0xf0/0xf0 [ 2836.351819] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2836.352871] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2836.353921] ? trace_hardirqs_on+0x5b/0x180 [ 2836.354794] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2836.355832] do_syscall_64+0x33/0x40 [ 2836.356597] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2836.357636] RIP: 0033:0x7f04c97d0b19 [ 2836.358409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2836.362207] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2836.363808] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2836.365320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2836.366928] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2836.368407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2836.369988] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:04:13 executing program 4: fork() (fail_nth: 45) [ 2850.885698] FAULT_INJECTION: forcing a failure. [ 2850.885698] name failslab, interval 1, probability 0, space 0, times 0 [ 2850.888287] CPU: 1 PID: 23573 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2850.889753] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2850.891858] Call Trace: [ 2850.892487] dump_stack+0x107/0x167 [ 2850.893423] should_fail.cold+0x5/0xa [ 2850.894334] ? anon_vma_fork+0x1ff/0x640 [ 2850.895303] should_failslab+0x5/0x20 [ 2850.896227] kmem_cache_alloc+0x5b/0x310 [ 2850.897211] anon_vma_fork+0x1ff/0x640 [ 2850.898173] copy_process+0x7218/0x7800 [ 2850.899142] ? __cleanup_sighand+0xb0/0xb0 [ 2850.900055] ? lock_acquire+0x197/0x470 [ 2850.900915] ? find_held_lock+0x2c/0x110 [ 2850.901901] kernel_clone+0xe7/0x980 [ 2850.902921] ? lock_downgrade+0x6d0/0x6d0 [ 2850.903918] ? find_held_lock+0x2c/0x110 [ 2850.904866] ? create_io_thread+0xf0/0xf0 [ 2850.905899] ? ksys_write+0x12d/0x260 [ 2850.906796] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2850.907999] __do_sys_fork+0x8a/0xc0 [ 2850.908911] ? kernel_thread+0xf0/0xf0 [ 2850.909851] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2850.911107] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2850.912331] ? trace_hardirqs_on+0x5b/0x180 [ 2850.913350] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2850.914576] do_syscall_64+0x33/0x40 [ 2850.915467] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2850.916668] RIP: 0033:0x7f04c97d0b19 [ 2850.917563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2850.921946] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2850.923815] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2850.925488] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2850.927195] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2850.928909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2850.930523] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:04:13 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() 00:04:13 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6758}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:13 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:13 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:04:13 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6771}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:13 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2851.018085] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:04:13 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() 00:04:13 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6b21}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:13 executing program 4: fork() (fail_nth: 46) 00:04:13 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:13 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() 00:04:13 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6b2c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2851.162136] FAULT_INJECTION: forcing a failure. [ 2851.162136] name failslab, interval 1, probability 0, space 0, times 0 [ 2851.164349] CPU: 1 PID: 23593 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2851.165689] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2851.167281] Call Trace: [ 2851.167810] dump_stack+0x107/0x167 [ 2851.168520] should_fail.cold+0x5/0xa [ 2851.169240] ? create_object.isra.0+0x3a/0xa20 [ 2851.170095] should_failslab+0x5/0x20 [ 2851.170809] kmem_cache_alloc+0x5b/0x310 [ 2851.171575] create_object.isra.0+0x3a/0xa20 [ 2851.172395] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2851.173353] kmem_cache_alloc+0x159/0x310 [ 2851.174151] anon_vma_fork+0x1ff/0x640 [ 2851.174886] copy_process+0x7218/0x7800 [ 2851.175661] ? __cleanup_sighand+0xb0/0xb0 [ 2851.176460] ? lock_acquire+0x197/0x470 [ 2851.177221] ? find_held_lock+0x2c/0x110 [ 2851.177990] kernel_clone+0xe7/0x980 [ 2851.178696] ? lock_downgrade+0x6d0/0x6d0 [ 2851.179469] ? find_held_lock+0x2c/0x110 [ 2851.180243] ? create_io_thread+0xf0/0xf0 [ 2851.181025] ? ksys_write+0x12d/0x260 [ 2851.181752] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2851.182677] __do_sys_fork+0x8a/0xc0 [ 2851.183378] ? kernel_thread+0xf0/0xf0 [ 2851.184320] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2851.185297] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2851.186266] ? trace_hardirqs_on+0x5b/0x180 [ 2851.187071] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2851.188057] do_syscall_64+0x33/0x40 [ 2851.188741] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2851.189687] RIP: 0033:0x7f04c97d0b19 [ 2851.190380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2851.193793] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2851.195240] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2851.196548] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2851.197856] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2851.199181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2851.200501] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2865.946337] FAULT_INJECTION: forcing a failure. [ 2865.946337] name fail_page_alloc, interval 1, probability 0, space 0, times 0 00:04:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6b0d}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:28 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() 00:04:28 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:04:28 executing program 4: fork() (fail_nth: 47) 00:04:28 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:04:28 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6c31}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2865.949465] CPU: 0 PID: 23712 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2865.950738] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2865.952126] Call Trace: [ 2865.952600] dump_stack+0x107/0x167 [ 2865.953263] should_fail.cold+0x5/0xa [ 2865.953962] __alloc_pages_nodemask+0x182/0x600 [ 2865.954828] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2865.955943] ? copy_page_range+0x28e1/0x3810 [ 2865.956749] alloc_pages_current+0x187/0x280 [ 2865.957556] get_zeroed_page+0x14/0xb0 [ 2865.958272] __pud_alloc+0x33/0x270 [ 2865.958966] copy_page_range+0x2ca1/0x3810 [ 2865.959720] ? lock_chain_count+0x20/0x20 [ 2865.960425] ? lock_downgrade+0x6d0/0x6d0 [ 2865.961126] ? up_write+0x191/0x550 [ 2865.961722] ? vm_iomap_memory+0x190/0x190 [ 2865.962435] ? downgrade_write+0x3a0/0x3a0 [ 2865.963132] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2865.964029] ? __vma_link_rb+0x540/0x700 [ 2865.964706] copy_process+0x759b/0x7800 [ 2865.965393] ? __cleanup_sighand+0xb0/0xb0 [ 2865.966098] ? lock_acquire+0x197/0x470 [ 2865.966767] ? find_held_lock+0x2c/0x110 [ 2865.967439] kernel_clone+0xe7/0x980 [ 2865.968049] ? lock_downgrade+0x6d0/0x6d0 [ 2865.968728] ? find_held_lock+0x2c/0x110 [ 2865.969392] ? create_io_thread+0xf0/0xf0 [ 2865.970076] ? ksys_write+0x12d/0x260 [ 2865.970722] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2865.971520] __do_sys_fork+0x8a/0xc0 [ 2865.972133] ? kernel_thread+0xf0/0xf0 [ 2865.972785] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2865.973646] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2865.974500] ? trace_hardirqs_on+0x5b/0x180 [ 2865.975212] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2865.976061] do_syscall_64+0x33/0x40 [ 2865.976670] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2865.977515] RIP: 0033:0x7f04c97d0b19 [ 2865.978126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2865.981319] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2865.982751] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2865.984047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2865.985292] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2865.986920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2865.988222] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:04:28 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6bc6}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:28 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2866.006869] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:04:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6b9c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:28 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x7167}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:28 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x7167}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:28 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6771}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x9c6b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:28 executing program 4: fork() (fail_nth: 48) [ 2866.257124] FAULT_INJECTION: forcing a failure. [ 2866.257124] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2866.259774] CPU: 0 PID: 23733 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2866.260952] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2866.262313] Call Trace: [ 2866.262756] dump_stack+0x107/0x167 [ 2866.263370] should_fail.cold+0x5/0xa [ 2866.264019] __alloc_pages_nodemask+0x182/0x600 [ 2866.264934] ? lock_acquire+0x197/0x470 [ 2866.265611] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2866.266638] ? lock_downgrade+0x6d0/0x6d0 [ 2866.267338] ? do_raw_spin_lock+0x121/0x260 [ 2866.268064] alloc_pages_current+0x187/0x280 [ 2866.268802] __pmd_alloc+0x37/0x5e0 [ 2866.269418] copy_page_range+0x2bd8/0x3810 [ 2866.270121] ? lock_chain_count+0x20/0x20 [ 2866.270909] ? up_write+0x191/0x550 [ 2866.271519] ? vm_iomap_memory+0x190/0x190 [ 2866.272212] ? downgrade_write+0x3a0/0x3a0 [ 2866.272926] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2866.273853] ? __vma_link_rb+0x540/0x700 [ 2866.274533] copy_process+0x759b/0x7800 [ 2866.275227] ? __cleanup_sighand+0xb0/0xb0 [ 2866.275934] ? lock_acquire+0x197/0x470 [ 2866.276605] ? find_held_lock+0x2c/0x110 [ 2866.277279] kernel_clone+0xe7/0x980 [ 2866.277910] ? lock_downgrade+0x6d0/0x6d0 [ 2866.278608] ? find_held_lock+0x2c/0x110 [ 2866.279284] ? create_io_thread+0xf0/0xf0 [ 2866.279976] ? ksys_write+0x12d/0x260 [ 2866.280633] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2866.281461] __do_sys_fork+0x8a/0xc0 [ 2866.282066] ? kernel_thread+0xf0/0xf0 [ 2866.282725] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2866.283610] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2866.284503] ? trace_hardirqs_on+0x5b/0x180 [ 2866.285373] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2866.286407] do_syscall_64+0x33/0x40 [ 2866.287137] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2866.288142] RIP: 0033:0x7f04c97d0b19 [ 2866.288878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2866.292148] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2866.293508] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2866.294784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2866.296056] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2866.297338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2866.298662] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:04:28 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:04:28 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc0100"/90], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2866.331248] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:04:28 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() 00:04:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa063}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:28 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x63a0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb701}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:42 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc0100"/90], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:04:42 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:04:42 executing program 4: fork() (fail_nth: 49) [ 2880.552172] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:04:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x7501}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:42 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:04:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa401}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:42 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x6771}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2880.566843] FAULT_INJECTION: forcing a failure. [ 2880.566843] name failslab, interval 1, probability 0, space 0, times 0 [ 2880.569568] CPU: 1 PID: 23769 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2880.571210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2880.573144] Call Trace: [ 2880.573764] dump_stack+0x107/0x167 [ 2880.574618] should_fail.cold+0x5/0xa [ 2880.575521] ? __pmd_alloc+0x94/0x5e0 [ 2880.576421] should_failslab+0x5/0x20 [ 2880.577315] kmem_cache_alloc+0x5b/0x310 [ 2880.578279] __pmd_alloc+0x94/0x5e0 [ 2880.579149] copy_page_range+0x2bd8/0x3810 [ 2880.580152] ? lock_chain_count+0x20/0x20 [ 2880.581172] ? up_write+0x191/0x550 [ 2880.582028] ? vm_iomap_memory+0x190/0x190 [ 2880.583031] ? downgrade_write+0x3a0/0x3a0 [ 2880.584029] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2880.585309] ? __vma_link_rb+0x540/0x700 [ 2880.586282] copy_process+0x759b/0x7800 [ 2880.587394] ? __cleanup_sighand+0xb0/0xb0 [ 2880.588432] ? lock_acquire+0x197/0x470 [ 2880.589404] ? find_held_lock+0x2c/0x110 [ 2880.590529] kernel_clone+0xe7/0x980 [ 2880.591443] ? lock_downgrade+0x6d0/0x6d0 [ 2880.592453] ? find_held_lock+0x2c/0x110 [ 2880.593435] ? create_io_thread+0xf0/0xf0 [ 2880.594461] ? ksys_write+0x12d/0x260 [ 2880.595376] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2880.596410] __do_sys_fork+0x8a/0xc0 [ 2880.597206] ? kernel_thread+0xf0/0xf0 [ 2880.598037] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2880.599155] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2880.600247] ? trace_hardirqs_on+0x5b/0x180 [ 2880.601161] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2880.602250] do_syscall_64+0x33/0x40 [ 2880.603056] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2880.604146] RIP: 0033:0x7f04c97d0b19 [ 2880.604944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2880.608885] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2880.610519] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2880.612051] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2880.613589] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2880.615132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2880.616673] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:04:43 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc001}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:04:43 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x7e02}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa401}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 4: fork() (fail_nth: 50) [ 2899.795183] FAULT_INJECTION: forcing a failure. [ 2899.795183] name failslab, interval 1, probability 0, space 0, times 0 [ 2899.797631] CPU: 1 PID: 23886 Comm: syz-executor.4 Not tainted 5.10.234 #1 00:05:02 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() [ 2899.799099] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2899.800987] Call Trace: [ 2899.801542] dump_stack+0x107/0x167 [ 2899.802307] should_fail.cold+0x5/0xa [ 2899.803149] ? create_object.isra.0+0x3a/0xa20 [ 2899.804130] should_failslab+0x5/0x20 [ 2899.804940] kmem_cache_alloc+0x5b/0x310 [ 2899.805839] create_object.isra.0+0x3a/0xa20 [ 2899.806796] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2899.807872] kmem_cache_alloc+0x159/0x310 [ 2899.808771] __pmd_alloc+0x94/0x5e0 [ 2899.809569] copy_page_range+0x2bd8/0x3810 [ 2899.810459] ? lock_chain_count+0x20/0x20 [ 2899.811383] ? up_write+0x191/0x550 [ 2899.812145] ? vm_iomap_memory+0x190/0x190 [ 2899.813040] ? downgrade_write+0x3a0/0x3a0 00:05:02 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc200}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb701}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc0100"/90], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:02 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa30f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2899.813958] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2899.815250] ? __vma_link_rb+0x540/0x700 [ 2899.816119] copy_process+0x759b/0x7800 [ 2899.817036] ? __cleanup_sighand+0xb0/0xb0 [ 2899.817970] ? lock_acquire+0x197/0x470 [ 2899.818840] ? find_held_lock+0x2c/0x110 [ 2899.819714] kernel_clone+0xe7/0x980 [ 2899.820524] ? lock_downgrade+0x6d0/0x6d0 [ 2899.821416] ? find_held_lock+0x2c/0x110 [ 2899.822292] ? create_io_thread+0xf0/0xf0 [ 2899.823185] ? ksys_write+0x12d/0x260 [ 2899.824010] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2899.825037] __do_sys_fork+0x8a/0xc0 [ 2899.825861] ? kernel_thread+0xf0/0xf0 [ 2899.826744] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2899.827869] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2899.828983] ? trace_hardirqs_on+0x5b/0x180 [ 2899.829913] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2899.831057] do_syscall_64+0x33/0x40 [ 2899.831880] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2899.832980] RIP: 0033:0x7f04c97d0b19 [ 2899.833804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2899.837818] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2899.839502] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2899.841049] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2899.842611] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 00:05:02 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x63fd}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2899.844158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2899.845860] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2899.873787] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:05:02 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa401}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc703}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc66b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb701}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() 00:05:02 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb502}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd8fc}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 4: fork() (fail_nth: 51) 00:05:02 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc94e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2900.337294] FAULT_INJECTION: forcing a failure. [ 2900.337294] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2900.339967] CPU: 0 PID: 23918 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2900.341448] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2900.343245] Call Trace: [ 2900.343830] dump_stack+0x107/0x167 [ 2900.344621] should_fail.cold+0x5/0xa [ 2900.345446] __alloc_pages_nodemask+0x182/0x600 [ 2900.346596] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2900.348003] ? find_held_lock+0x2c/0x110 [ 2900.348951] ? __pmd_alloc+0x2db/0x5e0 [ 2900.349859] ? lock_downgrade+0x6d0/0x6d0 [ 2900.350810] ? do_raw_spin_lock+0x121/0x260 [ 2900.351673] alloc_pages_current+0x187/0x280 [ 2900.352686] pte_alloc_one+0x16/0x1a0 [ 2900.353627] __pte_alloc+0x1d/0x330 [ 2900.354528] copy_page_range+0x1b62/0x3810 [ 2900.355468] ? lock_chain_count+0x20/0x20 [ 2900.356340] ? up_write+0x191/0x550 [ 2900.357075] ? vm_iomap_memory+0x190/0x190 [ 2900.357925] ? downgrade_write+0x3a0/0x3a0 [ 2900.358828] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2900.359906] ? __vma_link_rb+0x540/0x700 [ 2900.360719] copy_process+0x759b/0x7800 [ 2900.361557] ? __cleanup_sighand+0xb0/0xb0 [ 2900.362415] ? lock_acquire+0x197/0x470 [ 2900.363243] ? find_held_lock+0x2c/0x110 [ 2900.364064] kernel_clone+0xe7/0x980 [ 2900.364806] ? lock_downgrade+0x6d0/0x6d0 [ 2900.365621] ? find_held_lock+0x2c/0x110 [ 2900.366420] ? create_io_thread+0xf0/0xf0 [ 2900.367246] ? ksys_write+0x12d/0x260 [ 2900.368002] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2900.368958] __do_sys_fork+0x8a/0xc0 [ 2900.369686] ? kernel_thread+0xf0/0xf0 [ 2900.370464] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2900.371509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2900.372526] ? trace_hardirqs_on+0x5b/0x180 [ 2900.373379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2900.374394] do_syscall_64+0x33/0x40 [ 2900.375150] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2900.376167] RIP: 0033:0x7f04c97d0b19 [ 2900.376902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2900.380524] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2900.382018] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2900.383433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2900.384833] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2900.386238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2900.387641] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:05:02 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc66b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:02 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc0100"/135], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:02 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:02 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe54a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb55a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe55a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fork() 00:05:21 executing program 4: fork() (fail_nth: 52) 00:05:21 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd801}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc0100"/135], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:21 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc66b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2918.878778] FAULT_INJECTION: forcing a failure. [ 2918.878778] name failslab, interval 1, probability 0, space 0, times 0 [ 2918.880983] CPU: 0 PID: 24140 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2918.882358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2918.884015] Call Trace: [ 2918.884524] dump_stack+0x107/0x167 [ 2918.885226] should_fail.cold+0x5/0xa [ 2918.885961] ? ptlock_alloc+0x1d/0x70 [ 2918.886698] should_failslab+0x5/0x20 [ 2918.887452] kmem_cache_alloc+0x5b/0x310 [ 2918.888250] ptlock_alloc+0x1d/0x70 [ 2918.888959] pte_alloc_one+0x68/0x1a0 [ 2918.889726] __pte_alloc+0x1d/0x330 [ 2918.890453] copy_page_range+0x1b62/0x3810 [ 2918.891322] ? lock_chain_count+0x20/0x20 [ 2918.892168] ? up_write+0x191/0x550 [ 2918.892902] ? vm_iomap_memory+0x190/0x190 [ 2918.893775] ? downgrade_write+0x3a0/0x3a0 [ 2918.894606] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2918.895675] ? __vma_link_rb+0x540/0x700 [ 2918.896508] copy_process+0x759b/0x7800 [ 2918.897312] ? __cleanup_sighand+0xb0/0xb0 [ 2918.898208] ? lock_acquire+0x197/0x470 [ 2918.899005] ? find_held_lock+0x2c/0x110 [ 2918.899808] kernel_clone+0xe7/0x980 [ 2918.900534] ? lock_downgrade+0x6d0/0x6d0 [ 2918.901342] ? find_held_lock+0x2c/0x110 [ 2918.902149] ? create_io_thread+0xf0/0xf0 [ 2918.902977] ? ksys_write+0x12d/0x260 [ 2918.903769] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2918.904720] __do_sys_fork+0x8a/0xc0 [ 2918.905463] ? kernel_thread+0xf0/0xf0 [ 2918.906230] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2918.907326] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2918.908354] ? trace_hardirqs_on+0x5b/0x180 [ 2918.909220] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2918.910213] do_syscall_64+0x33/0x40 [ 2918.910987] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2918.912000] RIP: 0033:0x7f04c97d0b19 [ 2918.912729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2918.916384] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2918.917907] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2918.919359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2918.920794] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2918.922221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2918.923667] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2918.930082] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:05:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb701}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf001}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd8e2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe55a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf315}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe55a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:21 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe2d8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:35 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc801}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:35 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4f17}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:35 executing program 4: fork() (fail_nth: 53) 00:05:35 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfcd8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:35 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe8f3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:35 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc0100"/135], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 2933.256336] FAULT_INJECTION: forcing a failure. [ 2933.256336] name failslab, interval 1, probability 0, space 0, times 0 [ 2933.259013] CPU: 0 PID: 24178 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2933.260810] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2933.262622] Call Trace: [ 2933.263190] dump_stack+0x107/0x167 [ 2933.263922] should_fail.cold+0x5/0xa [ 2933.264731] ? create_object.isra.0+0x3a/0xa20 [ 2933.265659] should_failslab+0x5/0x20 [ 2933.266461] kmem_cache_alloc+0x5b/0x310 [ 2933.267331] create_object.isra.0+0x3a/0xa20 [ 2933.268214] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2933.269287] kmem_cache_alloc+0x159/0x310 [ 2933.270168] ptlock_alloc+0x1d/0x70 [ 2933.270931] pte_alloc_one+0x68/0x1a0 [ 2933.271729] __pte_alloc+0x1d/0x330 [ 2933.272507] copy_page_range+0x1b62/0x3810 [ 2933.273416] ? lock_chain_count+0x20/0x20 [ 2933.274287] ? up_write+0x191/0x550 [ 2933.275054] ? vm_iomap_memory+0x190/0x190 [ 2933.275906] ? downgrade_write+0x3a0/0x3a0 [ 2933.276769] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2933.277875] ? __vma_link_rb+0x540/0x700 [ 2933.278704] copy_process+0x759b/0x7800 [ 2933.279560] ? __cleanup_sighand+0xb0/0xb0 [ 2933.280426] ? lock_acquire+0x197/0x470 [ 2933.281242] ? find_held_lock+0x2c/0x110 [ 2933.282069] kernel_clone+0xe7/0x980 [ 2933.282827] ? lock_downgrade+0x6d0/0x6d0 [ 2933.283688] ? find_held_lock+0x2c/0x110 [ 2933.284513] ? create_io_thread+0xf0/0xf0 [ 2933.285351] ? ksys_write+0x12d/0x260 [ 2933.286135] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2933.287141] __do_sys_fork+0x8a/0xc0 [ 2933.287899] ? kernel_thread+0xf0/0xf0 [ 2933.288717] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2933.289783] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2933.290837] ? trace_hardirqs_on+0x5b/0x180 [ 2933.291724] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2933.292758] do_syscall_64+0x33/0x40 [ 2933.293517] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2933.294558] RIP: 0033:0x7f04c97d0b19 [ 2933.295325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2933.299051] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2933.300612] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2933.302059] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2933.303531] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2933.304989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2933.306426] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:05:35 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4101}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2933.370844] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:05:35 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={0x0, 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:35 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:35 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf3e8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:35 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd720}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:35 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfd63}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:35 executing program 4: fork() (fail_nth: 54) [ 2933.585695] FAULT_INJECTION: forcing a failure. [ 2933.585695] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2933.587821] CPU: 1 PID: 24203 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2933.588814] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2933.590467] Call Trace: [ 2933.590862] dump_stack+0x107/0x167 [ 2933.591559] should_fail.cold+0x5/0xa [ 2933.592261] __alloc_pages_nodemask+0x182/0x600 [ 2933.593100] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2933.594187] ? find_held_lock+0x2c/0x110 [ 2933.594919] ? __pmd_alloc+0x2db/0x5e0 [ 2933.595627] ? lock_downgrade+0x6d0/0x6d0 [ 2933.596388] ? do_raw_spin_lock+0x121/0x260 [ 2933.597156] alloc_pages_current+0x187/0x280 [ 2933.597929] pte_alloc_one+0x16/0x1a0 [ 2933.598607] __pte_alloc+0x1d/0x330 [ 2933.599256] copy_page_range+0x1b62/0x3810 [ 2933.600007] ? lock_chain_count+0x20/0x20 [ 2933.600767] ? up_write+0x191/0x550 [ 2933.601399] ? vm_iomap_memory+0x190/0x190 [ 2933.602013] ? downgrade_write+0x3a0/0x3a0 [ 2933.602642] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2933.603586] ? __vma_link_rb+0x540/0x700 [ 2933.604211] copy_process+0x759b/0x7800 [ 2933.604792] ? __cleanup_sighand+0xb0/0xb0 [ 2933.605420] ? lock_acquire+0x197/0x470 [ 2933.606015] ? find_held_lock+0x2c/0x110 [ 2933.606620] kernel_clone+0xe7/0x980 [ 2933.607173] ? lock_downgrade+0x6d0/0x6d0 [ 2933.607766] ? find_held_lock+0x2c/0x110 [ 2933.608350] ? create_io_thread+0xf0/0xf0 [ 2933.608971] ? ksys_write+0x12d/0x260 [ 2933.609518] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2933.610225] __do_sys_fork+0x8a/0xc0 [ 2933.610773] ? kernel_thread+0xf0/0xf0 [ 2933.611440] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2933.612334] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2933.613197] ? trace_hardirqs_on+0x5b/0x180 [ 2933.613929] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2933.614793] do_syscall_64+0x33/0x40 [ 2933.615458] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2933.616335] RIP: 0033:0x7f04c97d0b19 [ 2933.616964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2933.620258] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2933.621669] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2933.622919] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2933.624194] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2933.625406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2933.626523] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:05:54 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd863}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:54 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3f00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:54 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc801}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:54 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfa4a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:54 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfcd8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:54 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfeff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:54 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:54 executing program 4: fork() (fail_nth: 55) [ 2952.547476] FAULT_INJECTION: forcing a failure. [ 2952.547476] name failslab, interval 1, probability 0, space 0, times 0 [ 2952.548008] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2952.549847] CPU: 1 PID: 24215 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2952.553183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2952.554860] Call Trace: [ 2952.555407] dump_stack+0x107/0x167 [ 2952.556157] should_fail.cold+0x5/0xa [ 2952.556954] ? create_object.isra.0+0x3a/0xa20 [ 2952.557889] should_failslab+0x5/0x20 [ 2952.558666] kmem_cache_alloc+0x5b/0x310 [ 2952.559513] create_object.isra.0+0x3a/0xa20 [ 2952.560415] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2952.561451] kmem_cache_alloc+0x159/0x310 [ 2952.562307] vm_area_dup+0x78/0x290 [ 2952.563071] ? _cond_resched+0x12/0x80 [ 2952.563886] ? copy_page_range+0x24e9/0x3810 [ 2952.564830] ? vm_area_alloc+0x110/0x110 [ 2952.565681] ? up_write+0x191/0x550 [ 2952.566426] ? vm_iomap_memory+0x190/0x190 [ 2952.567301] ? downgrade_write+0x3a0/0x3a0 [ 2952.568170] ? anon_vma_interval_tree_insert+0x277/0x450 [ 2952.569291] ? __vma_link_rb+0x540/0x700 [ 2952.570124] copy_process+0x291b/0x7800 [ 2952.570968] ? __cleanup_sighand+0xb0/0xb0 [ 2952.571860] ? lock_acquire+0x197/0x470 [ 2952.572681] ? find_held_lock+0x2c/0x110 [ 2952.573514] kernel_clone+0xe7/0x980 [ 2952.574285] ? lock_downgrade+0x6d0/0x6d0 [ 2952.575144] ? find_held_lock+0x2c/0x110 [ 2952.576014] ? create_io_thread+0xf0/0xf0 [ 2952.576887] ? ksys_write+0x12d/0x260 [ 2952.577689] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2952.578693] __do_sys_fork+0x8a/0xc0 [ 2952.579493] ? kernel_thread+0xf0/0xf0 [ 2952.580486] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2952.581790] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2952.583029] ? trace_hardirqs_on+0x5b/0x180 [ 2952.584084] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2952.585283] do_syscall_64+0x33/0x40 [ 2952.586166] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2952.587407] RIP: 0033:0x7f04c97d0b19 [ 2952.588299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2952.592818] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2952.594714] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2952.596378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2952.597931] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2952.599500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2952.601051] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:05:55 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:55 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfeff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:55 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:55 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:05:55 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:55 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf03d}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:55 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:55 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf263}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:55 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:05:55 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2969.329654] FAULT_INJECTION: forcing a failure. [ 2969.329654] name failslab, interval 1, probability 0, space 0, times 0 [ 2969.332564] CPU: 1 PID: 24361 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2969.334266] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2969.336333] Call Trace: [ 2969.336981] dump_stack+0x107/0x167 [ 2969.337877] should_fail.cold+0x5/0xa [ 2969.338814] ? vm_area_dup+0x78/0x290 [ 2969.339775] should_failslab+0x5/0x20 [ 2969.340807] kmem_cache_alloc+0x5b/0x310 [ 2969.341812] ? lock_downgrade+0x6d0/0x6d0 [ 2969.342837] vm_area_dup+0x78/0x290 [ 2969.343756] ? _cond_resched+0x12/0x80 [ 2969.344723] ? copy_page_range+0x24e9/0x3810 [ 2969.345832] ? vm_area_alloc+0x110/0x110 [ 2969.346836] ? up_write+0x191/0x550 [ 2969.347736] ? vm_iomap_memory+0x190/0x190 [ 2969.348869] ? downgrade_write+0x3a0/0x3a0 [ 2969.350118] ? anon_vma_interval_tree_insert+0x277/0x450 00:06:11 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:11 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={0x0, 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:11 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:11 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x40000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:11 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:11 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x40000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:11 executing program 4: fork() (fail_nth: 56) 00:06:11 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfeff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2969.351785] ? __vma_link_rb+0x540/0x700 [ 2969.357673] copy_process+0x291b/0x7800 [ 2969.358676] ? __cleanup_sighand+0xb0/0xb0 [ 2969.359828] ? lock_acquire+0x197/0x470 [ 2969.360888] ? find_held_lock+0x2c/0x110 [ 2969.361924] kernel_clone+0xe7/0x980 [ 2969.362861] ? lock_downgrade+0x6d0/0x6d0 [ 2969.363944] ? find_held_lock+0x2c/0x110 [ 2969.364984] ? create_io_thread+0xf0/0xf0 [ 2969.366050] ? ksys_write+0x12d/0x260 [ 2969.367032] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2969.368424] __do_sys_fork+0x8a/0xc0 [ 2969.369340] ? kernel_thread+0xf0/0xf0 [ 2969.370219] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2969.371371] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2969.372480] ? trace_hardirqs_on+0x5b/0x180 [ 2969.373351] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2969.374421] do_syscall_64+0x33/0x40 [ 2969.375204] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2969.376306] RIP: 0033:0x7f04c97d0b19 [ 2969.377097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2969.380985] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2969.382593] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2969.384111] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2969.385619] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2969.387131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2969.388659] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2969.430590] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:06:11 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3600}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:11 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:11 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:11 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:12 executing program 4: fork() (fail_nth: 57) 00:06:12 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:12 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={0x0, 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:12 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 2969.764211] FAULT_INJECTION: forcing a failure. [ 2969.764211] name failslab, interval 1, probability 0, space 0, times 0 [ 2969.766850] CPU: 1 PID: 24486 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2969.768310] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2969.770038] Call Trace: [ 2969.770595] dump_stack+0x107/0x167 [ 2969.771356] should_fail.cold+0x5/0xa [ 2969.772169] ? create_object.isra.0+0x3a/0xa20 [ 2969.773127] should_failslab+0x5/0x20 [ 2969.773927] kmem_cache_alloc+0x5b/0x310 [ 2969.774781] create_object.isra.0+0x3a/0xa20 [ 2969.775699] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2969.776916] kmem_cache_alloc+0x159/0x310 [ 2969.777789] vm_area_dup+0x78/0x290 [ 2969.778563] ? avc_has_perm_noaudit+0x1c9/0x3e0 [ 2969.779546] ? lock_downgrade+0x6d0/0x6d0 [ 2969.780498] ? copy_page_range+0x24e9/0x3810 [ 2969.781439] ? avc_has_perm_noaudit+0x1f7/0x3e0 [ 2969.782436] ? avc_has_extended_perms+0xf40/0xf40 [ 2969.783464] ? vm_area_alloc+0x110/0x110 [ 2969.784352] ? selinux_vm_enough_memory+0x114/0x180 [ 2969.785400] ? selinux_sb_statfs+0x250/0x250 [ 2969.786368] ? percpu_counter_add_batch+0x8b/0x140 [ 2969.787396] ? __vm_enough_memory+0x184/0x360 [ 2969.788345] ? security_vm_enough_memory_mm+0x8b/0xc0 [ 2969.789438] copy_process+0x291b/0x7800 [ 2969.790302] ? __cleanup_sighand+0xb0/0xb0 [ 2969.791520] ? lock_acquire+0x197/0x470 [ 2969.792361] ? find_held_lock+0x2c/0x110 [ 2969.793226] kernel_clone+0xe7/0x980 [ 2969.794000] ? lock_downgrade+0x6d0/0x6d0 [ 2969.794871] ? find_held_lock+0x2c/0x110 [ 2969.795729] ? create_io_thread+0xf0/0xf0 [ 2969.796609] ? ksys_write+0x12d/0x260 [ 2969.797409] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2969.798480] __do_sys_fork+0x8a/0xc0 [ 2969.799514] ? kernel_thread+0xf0/0xf0 [ 2969.800398] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2969.801537] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2969.802610] ? trace_hardirqs_on+0x5b/0x180 [ 2969.803580] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2969.804746] do_syscall_64+0x33/0x40 [ 2969.805578] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2969.806665] RIP: 0033:0x7f04c97d0b19 [ 2969.807615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2969.811701] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2969.813484] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2969.815004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2969.816697] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2969.818214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2969.819904] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 2986.246328] FAULT_INJECTION: forcing a failure. [ 2986.246328] name failslab, interval 1, probability 0, space 0, times 0 [ 2986.249351] CPU: 1 PID: 24602 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2986.251095] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2986.253199] Call Trace: [ 2986.253860] dump_stack+0x107/0x167 [ 2986.254775] should_fail.cold+0x5/0xa [ 2986.255751] ? anon_vma_clone+0xdc/0x590 [ 2986.256788] should_failslab+0x5/0x20 [ 2986.257747] kmem_cache_alloc+0x5b/0x310 [ 2986.258776] anon_vma_clone+0xdc/0x590 [ 2986.259781] anon_vma_fork+0x82/0x640 [ 2986.260737] ? __vm_enough_memory+0x184/0x360 [ 2986.261871] copy_process+0x7218/0x7800 [ 2986.262922] ? __cleanup_sighand+0xb0/0xb0 [ 2986.264011] ? lock_acquire+0x197/0x470 [ 2986.265025] ? find_held_lock+0x2c/0x110 [ 2986.266052] kernel_clone+0xe7/0x980 [ 2986.266995] ? lock_downgrade+0x6d0/0x6d0 [ 2986.268052] ? find_held_lock+0x2c/0x110 [ 2986.269081] ? create_io_thread+0xf0/0xf0 [ 2986.270141] ? ksys_write+0x12d/0x260 [ 2986.271124] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2986.272367] __do_sys_fork+0x8a/0xc0 [ 2986.273319] ? kernel_thread+0xf0/0xf0 [ 2986.274327] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2986.275669] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2986.276984] ? trace_hardirqs_on+0x5b/0x180 [ 2986.278084] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2986.279391] do_syscall_64+0x33/0x40 [ 2986.280359] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2986.281671] RIP: 0033:0x7f04c97d0b19 [ 2986.282622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2986.287323] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2986.289284] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2986.291115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2986.292937] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2986.294758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2986.296576] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:06:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:28 executing program 4: fork() (fail_nth: 58) 00:06:28 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={0x0, 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:28 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:28 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:28 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:28 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:28 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:28 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x7000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:28 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:28 executing program 4: fork() (fail_nth: 59) [ 2986.482454] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2986.483322] FAULT_INJECTION: forcing a failure. [ 2986.483322] name failslab, interval 1, probability 0, space 0, times 0 [ 2986.485908] CPU: 1 PID: 24619 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 2986.487561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2986.489325] Call Trace: [ 2986.489882] dump_stack+0x107/0x167 [ 2986.490652] should_fail.cold+0x5/0xa [ 2986.491470] ? create_object.isra.0+0x3a/0xa20 [ 2986.492449] should_failslab+0x5/0x20 [ 2986.493253] kmem_cache_alloc+0x5b/0x310 [ 2986.494121] create_object.isra.0+0x3a/0xa20 [ 2986.495058] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2986.496153] kmem_cache_alloc+0x159/0x310 [ 2986.497050] anon_vma_clone+0xdc/0x590 [ 2986.497885] anon_vma_fork+0x82/0x640 [ 2986.498686] ? __vm_enough_memory+0x184/0x360 [ 2986.499651] copy_process+0x7218/0x7800 [ 2986.500535] ? __cleanup_sighand+0xb0/0xb0 [ 2986.501449] ? lock_acquire+0x197/0x470 [ 2986.502308] ? find_held_lock+0x2c/0x110 [ 2986.503167] kernel_clone+0xe7/0x980 [ 2986.503967] ? lock_downgrade+0x6d0/0x6d0 [ 2986.504846] ? find_held_lock+0x2c/0x110 [ 2986.505702] ? create_io_thread+0xf0/0xf0 [ 2986.506585] ? ksys_write+0x12d/0x260 [ 2986.507433] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2986.508568] __do_sys_fork+0x8a/0xc0 [ 2986.509479] ? kernel_thread+0xf0/0xf0 [ 2986.510328] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2986.511553] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2986.512748] ? trace_hardirqs_on+0x5b/0x180 [ 2986.513763] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2986.514844] do_syscall_64+0x33/0x40 [ 2986.515625] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2986.516712] RIP: 0033:0x7f04c97d0b19 [ 2986.517496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2986.521520] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 2986.523233] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 2986.525093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2986.526710] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 2986.528221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2986.529944] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:06:29 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:29 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:29 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x40000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:29 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4100000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:29 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x10000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:29 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x5000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd6b0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:43 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2a03}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:43 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x15f30000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:43 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1a4b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:43 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:43 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:43 executing program 4: fork() (fail_nth: 60) 00:06:43 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:43 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x342}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3001.396309] FAULT_INJECTION: forcing a failure. [ 3001.396309] name failslab, interval 1, probability 0, space 0, times 0 [ 3001.399564] CPU: 0 PID: 24659 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3001.401393] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 00:06:43 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3001.403506] Call Trace: [ 3001.404421] dump_stack+0x107/0x167 [ 3001.405223] should_fail.cold+0x5/0xa [ 3001.406123] ? anon_vma_fork+0xf1/0x640 [ 3001.407020] should_failslab+0x5/0x20 [ 3001.408002] kmem_cache_alloc+0x5b/0x310 [ 3001.409129] anon_vma_fork+0xf1/0x640 [ 3001.410227] ? __vm_enough_memory+0x184/0x360 [ 3001.411462] copy_process+0x7218/0x7800 [ 3001.412485] ? __cleanup_sighand+0xb0/0xb0 [ 3001.413509] ? finish_task_switch+0x126/0x5d0 [ 3001.414588] kernel_clone+0xe7/0x980 [ 3001.415459] ? create_io_thread+0xf0/0xf0 [ 3001.416442] ? _raw_spin_unlock_irq+0x1f/0x30 [ 3001.417571] ? trace_hardirqs_on+0x5b/0x180 [ 3001.418804] ? _raw_spin_unlock_irq+0x1f/0x30 [ 3001.420089] ? finish_task_switch+0x126/0x5d0 [ 3001.421359] ? finish_task_switch+0xef/0x5d0 [ 3001.422609] ? __switch_to+0x572/0xf70 [ 3001.423719] ? __switch_to_asm+0x3a/0x60 [ 3001.424879] ? __switch_to_asm+0x34/0x60 [ 3001.426055] ? __schedule+0x82c/0x1ea0 [ 3001.427176] __do_sys_fork+0x8a/0xc0 [ 3001.428258] ? kernel_thread+0xf0/0xf0 [ 3001.429370] ? io_schedule_timeout+0x140/0x140 [ 3001.430677] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 3001.432023] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3001.433513] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3001.434975] ? trace_hardirqs_on+0x5b/0x180 [ 3001.436218] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3001.437690] do_syscall_64+0x33/0x40 [ 3001.438758] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3001.440226] RIP: 0033:0x7f04c97d0b19 [ 3001.441289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3001.446393] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3001.448489] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3001.450438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3001.452403] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3001.454367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3001.456337] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:06:43 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x174f0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:43 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:44 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:44 executing program 4: fork() (fail_nth: 61) 00:06:44 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3001.619475] FAULT_INJECTION: forcing a failure. [ 3001.619475] name failslab, interval 1, probability 0, space 0, times 0 [ 3001.621100] CPU: 1 PID: 24673 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3001.622029] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3001.623134] Call Trace: [ 3001.623492] dump_stack+0x107/0x167 [ 3001.623990] should_fail.cold+0x5/0xa [ 3001.624496] ? create_object.isra.0+0x3a/0xa20 [ 3001.625103] should_failslab+0x5/0x20 [ 3001.625613] kmem_cache_alloc+0x5b/0x310 [ 3001.626162] create_object.isra.0+0x3a/0xa20 [ 3001.626743] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3001.627562] kmem_cache_alloc+0x159/0x310 [ 3001.628178] anon_vma_fork+0xf1/0x640 [ 3001.628702] ? __vm_enough_memory+0x184/0x360 [ 3001.629322] copy_process+0x7218/0x7800 [ 3001.629889] ? __cleanup_sighand+0xb0/0xb0 [ 3001.630484] ? lock_acquire+0x197/0x470 [ 3001.631048] ? find_held_lock+0x2c/0x110 [ 3001.631616] kernel_clone+0xe7/0x980 [ 3001.632138] ? lock_downgrade+0x6d0/0x6d0 [ 3001.632696] ? find_held_lock+0x2c/0x110 [ 3001.633243] ? create_io_thread+0xf0/0xf0 [ 3001.633816] ? ksys_write+0x12d/0x260 [ 3001.634350] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3001.635014] __do_sys_fork+0x8a/0xc0 [ 3001.635532] ? kernel_thread+0xf0/0xf0 [ 3001.636099] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3001.636812] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3001.637524] ? trace_hardirqs_on+0x5b/0x180 [ 3001.638113] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3001.638814] do_syscall_64+0x33/0x40 [ 3001.639325] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3001.640041] RIP: 0033:0x7f04c97d0b19 [ 3001.640551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3001.643051] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3001.644096] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3001.645066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3001.646024] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3001.646995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3001.647969] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:06:44 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:44 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x9000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:44 executing program 4: fork() (fail_nth: 62) [ 3001.778228] FAULT_INJECTION: forcing a failure. [ 3001.778228] name failslab, interval 1, probability 0, space 0, times 0 [ 3001.779556] CPU: 1 PID: 24685 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3001.780360] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3001.781302] Call Trace: [ 3001.781606] dump_stack+0x107/0x167 [ 3001.782018] should_fail.cold+0x5/0xa [ 3001.782457] ? anon_vma_fork+0x1ff/0x640 [ 3001.782917] should_failslab+0x5/0x20 [ 3001.783353] kmem_cache_alloc+0x5b/0x310 [ 3001.783814] anon_vma_fork+0x1ff/0x640 [ 3001.784270] copy_process+0x7218/0x7800 [ 3001.784945] ? __cleanup_sighand+0xb0/0xb0 [ 3001.785440] ? lock_acquire+0x197/0x470 [ 3001.785894] ? find_held_lock+0x2c/0x110 [ 3001.786363] kernel_clone+0xe7/0x980 [ 3001.786790] ? lock_downgrade+0x6d0/0x6d0 [ 3001.787265] ? find_held_lock+0x2c/0x110 [ 3001.787719] ? create_io_thread+0xf0/0xf0 [ 3001.788237] ? ksys_write+0x12d/0x260 [ 3001.788682] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3001.789251] __do_sys_fork+0x8a/0xc0 [ 3001.789681] ? kernel_thread+0xf0/0xf0 [ 3001.790156] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3001.790753] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3001.791339] ? trace_hardirqs_on+0x5b/0x180 [ 3001.791831] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3001.792423] do_syscall_64+0x33/0x40 [ 3001.792839] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3001.793417] RIP: 0033:0x7f04c97d0b19 [ 3001.793841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3001.795932] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3001.796799] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3001.797636] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3001.798470] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3001.799292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3001.800296] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:06:59 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:59 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1c8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:59 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x141}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3017.207454] FAULT_INJECTION: forcing a failure. [ 3017.207454] name failslab, interval 1, probability 0, space 0, times 0 [ 3017.209813] CPU: 1 PID: 24700 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3017.211237] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3017.212950] Call Trace: 00:06:59 executing program 4: fork() (fail_nth: 63) 00:06:59 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x135b0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:59 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:06:59 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x15f3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:59 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x18000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3017.213494] dump_stack+0x107/0x167 [ 3017.214530] should_fail.cold+0x5/0xa [ 3017.215324] ? create_object.isra.0+0x3a/0xa20 [ 3017.216290] should_failslab+0x5/0x20 [ 3017.217070] kmem_cache_alloc+0x5b/0x310 [ 3017.217943] create_object.isra.0+0x3a/0xa20 [ 3017.219046] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3017.220268] kmem_cache_alloc+0x159/0x310 [ 3017.221221] anon_vma_fork+0x1ff/0x640 [ 3017.222162] copy_process+0x7218/0x7800 [ 3017.223154] ? __cleanup_sighand+0xb0/0xb0 [ 3017.224185] ? lock_acquire+0x197/0x470 [ 3017.225023] ? find_held_lock+0x2c/0x110 [ 3017.225870] kernel_clone+0xe7/0x980 [ 3017.226648] ? lock_downgrade+0x6d0/0x6d0 [ 3017.227493] ? find_held_lock+0x2c/0x110 [ 3017.228460] ? create_io_thread+0xf0/0xf0 [ 3017.229496] ? ksys_write+0x12d/0x260 [ 3017.230431] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3017.231612] __do_sys_fork+0x8a/0xc0 [ 3017.232473] ? kernel_thread+0xf0/0xf0 [ 3017.233333] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3017.234532] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3017.235761] ? trace_hardirqs_on+0x5b/0x180 [ 3017.236954] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3017.238247] do_syscall_64+0x33/0x40 [ 3017.239211] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3017.240554] RIP: 0033:0x7f04c97d0b19 [ 3017.241515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3017.246252] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3017.248184] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3017.249908] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3017.251605] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3017.253409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3017.255095] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:06:59 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x104f0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:59 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1c8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:06:59 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:12 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x175}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:12 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:12 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800080008"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:12 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x18000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:12 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:12 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x18000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:13 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x216b0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:13 executing program 4: fork() (fail_nth: 64) [ 3030.583593] FAULT_INJECTION: forcing a failure. [ 3030.583593] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3030.586332] CPU: 1 PID: 24735 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3030.587866] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3030.589684] Call Trace: [ 3030.590244] dump_stack+0x107/0x167 [ 3030.591044] should_fail.cold+0x5/0xa [ 3030.591875] __alloc_pages_nodemask+0x182/0x600 [ 3030.592893] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3030.594183] ? copy_page_range+0x28e1/0x3810 [ 3030.595141] alloc_pages_current+0x187/0x280 [ 3030.596108] get_zeroed_page+0x14/0xb0 [ 3030.596972] __pud_alloc+0x33/0x270 [ 3030.597768] copy_page_range+0x2ca1/0x3810 [ 3030.598685] ? lock_chain_count+0x20/0x20 [ 3030.599578] ? lock_downgrade+0x6d0/0x6d0 [ 3030.600509] ? up_write+0x191/0x550 [ 3030.601308] ? vm_iomap_memory+0x190/0x190 [ 3030.602233] ? downgrade_write+0x3a0/0x3a0 [ 3030.603156] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3030.604338] ? __vma_link_rb+0x540/0x700 [ 3030.605234] copy_process+0x759b/0x7800 [ 3030.606140] ? __cleanup_sighand+0xb0/0xb0 [ 3030.607070] ? lock_acquire+0x197/0x470 [ 3030.607917] ? find_held_lock+0x2c/0x110 [ 3030.608812] kernel_clone+0xe7/0x980 [ 3030.609632] ? lock_downgrade+0x6d0/0x6d0 [ 3030.610521] ? find_held_lock+0x2c/0x110 [ 3030.611404] ? create_io_thread+0xf0/0xf0 [ 3030.612273] ? ksys_write+0x12d/0x260 [ 3030.613090] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3030.614155] __do_sys_fork+0x8a/0xc0 [ 3030.614982] ? kernel_thread+0xf0/0xf0 [ 3030.615826] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3030.616973] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3030.618081] ? trace_hardirqs_on+0x5b/0x180 [ 3030.619029] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3030.620117] do_syscall_64+0x33/0x40 [ 3030.620954] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3030.622088] RIP: 0033:0x7f04c97d0b19 [ 3030.622922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3030.626879] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3030.628537] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3030.630059] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3030.631588] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3030.633083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3030.634622] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:07:13 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:13 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x260f0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:13 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:13 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1f0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:13 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x1a4b0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:13 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:13 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240), 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:28 executing program 4: fork() (fail_nth: 65) 00:07:28 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2a030000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:28 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800080008"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3045.749204] FAULT_INJECTION: forcing a failure. [ 3045.749204] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3045.752088] CPU: 0 PID: 24764 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3045.753658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3045.755623] Call Trace: [ 3045.756307] dump_stack+0x107/0x167 [ 3045.757264] should_fail.cold+0x5/0xa [ 3045.758245] __alloc_pages_nodemask+0x182/0x600 [ 3045.759432] ? lock_acquire+0x197/0x470 [ 3045.760467] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3045.762007] ? lock_downgrade+0x6d0/0x6d0 [ 3045.763057] ? do_raw_spin_lock+0x121/0x260 [ 3045.764176] alloc_pages_current+0x187/0x280 [ 3045.765314] __pmd_alloc+0x37/0x5e0 [ 3045.766295] copy_page_range+0x2bd8/0x3810 [ 3045.767379] ? lock_chain_count+0x20/0x20 [ 3045.768496] ? up_write+0x191/0x550 [ 3045.769428] ? vm_iomap_memory+0x190/0x190 [ 3045.770592] ? downgrade_write+0x3a0/0x3a0 [ 3045.771715] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3045.773168] ? __vma_link_rb+0x540/0x700 [ 3045.774305] copy_process+0x759b/0x7800 [ 3045.775441] ? __cleanup_sighand+0xb0/0xb0 [ 3045.776636] ? lock_acquire+0x197/0x470 [ 3045.777727] ? find_held_lock+0x2c/0x110 [ 3045.778830] kernel_clone+0xe7/0x980 [ 3045.779842] ? lock_downgrade+0x6d0/0x6d0 [ 3045.780878] ? find_held_lock+0x2c/0x110 [ 3045.781790] ? create_io_thread+0xf0/0xf0 [ 3045.782718] ? ksys_write+0x12d/0x260 [ 3045.783581] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3045.784716] __do_sys_fork+0x8a/0xc0 [ 3045.785546] ? kernel_thread+0xf0/0xf0 [ 3045.786429] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3045.787596] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3045.788754] ? trace_hardirqs_on+0x5b/0x180 [ 3045.789720] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3045.790870] do_syscall_64+0x33/0x40 [ 3045.791703] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3045.792857] RIP: 0033:0x7f04c97d0b19 [ 3045.793685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3045.797797] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3045.799517] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3045.801170] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3045.802759] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3045.804351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3045.805956] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:07:28 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x35}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240), 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:28 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x20d70000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x33000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:28 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240), 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:28 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800080008"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:46 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 4: fork() (fail_nth: 66) 00:07:46 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3064.201982] FAULT_INJECTION: forcing a failure. 00:07:46 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x34000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:46 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800080008000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3064.201982] name failslab, interval 1, probability 0, space 0, times 0 [ 3064.204741] CPU: 1 PID: 25009 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3064.206471] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3064.208557] Call Trace: [ 3064.209254] dump_stack+0x107/0x167 [ 3064.210189] should_fail.cold+0x5/0xa [ 3064.211162] ? __pmd_alloc+0x94/0x5e0 [ 3064.212135] should_failslab+0x5/0x20 [ 3064.213119] kmem_cache_alloc+0x5b/0x310 [ 3064.214162] __pmd_alloc+0x94/0x5e0 [ 3064.215092] copy_page_range+0x2bd8/0x3810 [ 3064.216171] ? lock_chain_count+0x20/0x20 [ 3064.217297] ? up_write+0x191/0x550 [ 3064.218225] ? vm_iomap_memory+0x190/0x190 [ 3064.219303] ? downgrade_write+0x3a0/0x3a0 [ 3064.220383] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3064.221770] ? __vma_link_rb+0x540/0x700 [ 3064.222821] copy_process+0x759b/0x7800 [ 3064.223889] ? __cleanup_sighand+0xb0/0xb0 [ 3064.224974] ? lock_acquire+0x197/0x470 [ 3064.225999] ? find_held_lock+0x2c/0x110 [ 3064.227031] kernel_clone+0xe7/0x980 [ 3064.227976] ? lock_downgrade+0x6d0/0x6d0 [ 3064.229034] ? find_held_lock+0x2c/0x110 [ 3064.230061] ? create_io_thread+0xf0/0xf0 [ 3064.231110] ? ksys_write+0x12d/0x260 [ 3064.232089] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3064.233328] __do_sys_fork+0x8a/0xc0 00:07:46 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2c6b0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3064.234263] ? kernel_thread+0xf0/0xf0 [ 3064.235390] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3064.236728] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3064.238050] ? trace_hardirqs_on+0x5b/0x180 [ 3064.239139] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3064.240431] do_syscall_64+0x33/0x40 [ 3064.241422] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3064.242739] RIP: 0033:0x7f04c97d0b19 [ 3064.243700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3064.247952] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3064.249734] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3064.251506] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3064.253268] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3064.255035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3064.256746] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:07:46 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x33000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x35000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x36000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:46 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x34000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:47 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800080008000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:07:47 executing program 4: fork() (fail_nth: 67) [ 3064.717506] FAULT_INJECTION: forcing a failure. [ 3064.717506] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3064.720471] CPU: 0 PID: 25042 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3064.721938] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3064.723679] Call Trace: [ 3064.724236] dump_stack+0x107/0x167 [ 3064.725234] should_fail.cold+0x5/0xa [ 3064.726207] __alloc_pages_nodemask+0x182/0x600 [ 3064.727385] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3064.728946] ? copy_page_range+0x28e1/0x3810 [ 3064.730062] alloc_pages_current+0x187/0x280 [ 3064.731178] get_zeroed_page+0x14/0xb0 [ 3064.732154] __pud_alloc+0x33/0x270 [ 3064.733094] copy_page_range+0x2ca1/0x3810 [ 3064.734161] ? lock_chain_count+0x20/0x20 [ 3064.735232] ? lock_downgrade+0x6d0/0x6d0 [ 3064.736294] ? up_write+0x191/0x550 [ 3064.737223] ? vm_iomap_memory+0x190/0x190 [ 3064.738287] ? downgrade_write+0x3a0/0x3a0 [ 3064.739353] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3064.740728] ? __vma_link_rb+0x540/0x700 [ 3064.741754] copy_process+0x759b/0x7800 [ 3064.742786] ? __cleanup_sighand+0xb0/0xb0 [ 3064.743844] ? lock_acquire+0x197/0x470 [ 3064.744853] ? find_held_lock+0x2c/0x110 [ 3064.745864] kernel_clone+0xe7/0x980 [ 3064.746789] ? lock_downgrade+0x6d0/0x6d0 [ 3064.747733] ? find_held_lock+0x2c/0x110 [ 3064.748581] ? create_io_thread+0xf0/0xf0 [ 3064.749510] ? ksys_write+0x12d/0x260 [ 3064.750328] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3064.751355] __do_sys_fork+0x8a/0xc0 [ 3064.752135] ? kernel_thread+0xf0/0xf0 [ 3064.752991] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3064.754100] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3064.755188] ? trace_hardirqs_on+0x5b/0x180 [ 3064.756103] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3064.757205] do_syscall_64+0x33/0x40 [ 3064.757994] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3064.759076] RIP: 0033:0x7f04c97d0b19 [ 3064.759863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3064.763769] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3064.765396] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3064.766907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3064.768417] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3064.769945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3064.771453] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:07:47 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x33}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:47 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:07:47 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800080008000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:05 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x316c0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x35000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:05 executing program 1: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 6: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x36000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3082.759884] FAULT_INJECTION: forcing a failure. [ 3082.759884] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3082.762956] CPU: 1 PID: 25166 Comm: syz-executor.4 Not tainted 5.10.234 #1 00:08:05 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 4: fork() (fail_nth: 68) [ 3082.765090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3082.767311] Call Trace: [ 3082.768124] dump_stack+0x107/0x167 [ 3082.769073] should_fail.cold+0x5/0xa [ 3082.770050] __alloc_pages_nodemask+0x182/0x600 [ 3082.771239] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3082.772745] ? find_held_lock+0x2c/0x110 [ 3082.773921] ? __pmd_alloc+0x2db/0x5e0 [ 3082.775054] ? lock_downgrade+0x6d0/0x6d0 [ 3082.776103] ? do_raw_spin_lock+0x121/0x260 [ 3082.777179] alloc_pages_current+0x187/0x280 [ 3082.778108] pte_alloc_one+0x16/0x1a0 [ 3082.779065] __pte_alloc+0x1d/0x330 [ 3082.779950] copy_page_range+0x1b62/0x3810 [ 3082.781010] ? lock_chain_count+0x20/0x20 [ 3082.782143] ? up_write+0x191/0x550 [ 3082.783050] ? vm_iomap_memory+0x190/0x190 [ 3082.784051] ? downgrade_write+0x3a0/0x3a0 [ 3082.784958] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3082.786118] ? __vma_link_rb+0x540/0x700 [ 3082.786987] copy_process+0x759b/0x7800 [ 3082.787860] ? __cleanup_sighand+0xb0/0xb0 [ 3082.788780] ? lock_acquire+0x197/0x470 [ 3082.789748] ? find_held_lock+0x2c/0x110 [ 3082.790740] kernel_clone+0xe7/0x980 [ 3082.791678] ? lock_downgrade+0x6d0/0x6d0 [ 3082.792694] ? find_held_lock+0x2c/0x110 [ 3082.793666] ? create_io_thread+0xf0/0xf0 [ 3082.794720] ? ksys_write+0x12d/0x260 [ 3082.795683] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3082.796900] __do_sys_fork+0x8a/0xc0 [ 3082.797936] ? kernel_thread+0xf0/0xf0 [ 3082.798927] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3082.800192] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3082.801506] ? trace_hardirqs_on+0x5b/0x180 [ 3082.802617] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3082.803909] do_syscall_64+0x33/0x40 [ 3082.804695] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3082.805784] RIP: 0033:0x7f04c97d0b19 [ 3082.806658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3082.811237] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3082.813194] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3082.814954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3082.816689] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3082.818433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3082.820125] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:08:05 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x33000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 7: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x2e000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800080008000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:05 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() (fail_nth: 1) 00:08:05 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x34000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:05 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x36000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3083.110228] FAULT_INJECTION: forcing a failure. [ 3083.110228] name failslab, interval 1, probability 0, space 0, times 0 [ 3083.113084] CPU: 1 PID: 25187 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 3083.114501] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3083.116214] Call Trace: [ 3083.116759] dump_stack+0x107/0x167 [ 3083.117543] should_fail.cold+0x5/0xa [ 3083.118357] ? copy_process+0x3285/0x7800 [ 3083.119237] should_failslab+0x5/0x20 [ 3083.120038] kmem_cache_alloc_node+0x55/0x330 [ 3083.120991] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3083.122076] copy_process+0x3285/0x7800 [ 3083.122900] ? __lock_acquire+0xbb1/0x5b00 [ 3083.123795] ? lock_downgrade+0x6d0/0x6d0 [ 3083.124646] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3083.125741] ? __cleanup_sighand+0xb0/0xb0 [ 3083.126633] ? lock_acquire+0x197/0x470 [ 3083.127453] ? find_held_lock+0x2c/0x110 [ 3083.128293] kernel_clone+0xe7/0x980 [ 3083.129110] ? lock_downgrade+0x6d0/0x6d0 [ 3083.129956] ? find_held_lock+0x2c/0x110 [ 3083.130791] ? create_io_thread+0xf0/0xf0 [ 3083.131774] ? ksys_write+0x12d/0x260 [ 3083.132573] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3083.133598] __do_sys_fork+0x8a/0xc0 [ 3083.134360] ? kernel_thread+0xf0/0xf0 [ 3083.135172] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3083.136240] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3083.137317] ? trace_hardirqs_on+0x5b/0x180 [ 3083.138207] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3083.139250] do_syscall_64+0x33/0x40 [ 3083.140012] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3083.141069] RIP: 0033:0x7f33bbb5db19 [ 3083.141821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3083.145627] RSP: 002b:00007f33b90d3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3083.147166] RAX: ffffffffffffffda RBX: 00007f33bbc70f60 RCX: 00007f33bbb5db19 [ 3083.148625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3083.150084] RBP: 00007f33b90d31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3083.151539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3083.152992] R13: 00007ffe89fd42af R14: 00007f33b90d3300 R15: 0000000000022000 00:08:19 executing program 4: fork() (fail_nth: 69) 00:08:19 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x35000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:19 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() (fail_nth: 1) 00:08:19 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() (fail_nth: 2) 00:08:19 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:19 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3b030000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:19 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3f000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3097.445541] FAULT_INJECTION: forcing a failure. [ 3097.445541] name failslab, interval 1, probability 0, space 0, times 0 [ 3097.448667] CPU: 0 PID: 25206 Comm: syz-executor.4 Not tainted 5.10.234 #1 00:08:19 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() (fail_nth: 1) [ 3097.450570] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3097.452775] Call Trace: [ 3097.453452] dump_stack+0x107/0x167 [ 3097.454385] should_fail.cold+0x5/0xa [ 3097.455368] ? ptlock_alloc+0x1d/0x70 [ 3097.456344] should_failslab+0x5/0x20 [ 3097.457327] kmem_cache_alloc+0x5b/0x310 [ 3097.458301] ptlock_alloc+0x1d/0x70 [ 3097.459070] pte_alloc_one+0x68/0x1a0 [ 3097.459866] __pte_alloc+0x1d/0x330 [ 3097.460633] copy_page_range+0x1b62/0x3810 [ 3097.461533] ? lock_chain_count+0x20/0x20 [ 3097.462445] ? up_write+0x191/0x550 [ 3097.463205] ? vm_iomap_memory+0x190/0x190 [ 3097.464087] ? downgrade_write+0x3a0/0x3a0 [ 3097.465017] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3097.466192] ? __vma_link_rb+0x540/0x700 [ 3097.467070] copy_process+0x759b/0x7800 [ 3097.467966] ? __cleanup_sighand+0xb0/0xb0 [ 3097.468888] ? lock_acquire+0x197/0x470 [ 3097.469765] ? find_held_lock+0x2c/0x110 [ 3097.470652] kernel_clone+0xe7/0x980 [ 3097.471445] ? lock_downgrade+0x6d0/0x6d0 [ 3097.472338] ? find_held_lock+0x2c/0x110 [ 3097.473221] ? create_io_thread+0xf0/0xf0 [ 3097.474098] ? ksys_write+0x12d/0x260 [ 3097.474933] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3097.475986] __do_sys_fork+0x8a/0xc0 [ 3097.476788] ? kernel_thread+0xf0/0xf0 [ 3097.477664] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3097.478769] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3097.479880] ? trace_hardirqs_on+0x5b/0x180 [ 3097.480807] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3097.481929] do_syscall_64+0x33/0x40 [ 3097.482730] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3097.483822] RIP: 0033:0x7f04c97d0b19 [ 3097.484595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3097.488465] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3097.490121] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3097.491656] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3097.493171] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3097.494715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3097.496278] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 3097.524374] FAULT_INJECTION: forcing a failure. [ 3097.524374] name failslab, interval 1, probability 0, space 0, times 0 [ 3097.527058] CPU: 1 PID: 25198 Comm: syz-executor.1 Not tainted 5.10.234 #1 [ 3097.528534] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3097.530332] Call Trace: [ 3097.530899] dump_stack+0x107/0x167 [ 3097.531669] should_fail.cold+0x5/0xa [ 3097.532481] ? copy_process+0x3285/0x7800 [ 3097.533413] should_failslab+0x5/0x20 [ 3097.534234] kmem_cache_alloc_node+0x55/0x330 [ 3097.535189] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3097.536316] copy_process+0x3285/0x7800 [ 3097.537203] ? __lock_acquire+0xbb1/0x5b00 [ 3097.538114] ? lock_downgrade+0x6d0/0x6d0 [ 3097.539003] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3097.540125] ? __cleanup_sighand+0xb0/0xb0 [ 3097.541063] ? lock_acquire+0x197/0x470 [ 3097.541932] ? find_held_lock+0x2c/0x110 [ 3097.542801] kernel_clone+0xe7/0x980 [ 3097.543596] ? lock_downgrade+0x6d0/0x6d0 [ 3097.544453] ? find_held_lock+0x2c/0x110 [ 3097.545333] ? create_io_thread+0xf0/0xf0 [ 3097.546222] ? ksys_write+0x12d/0x260 [ 3097.547046] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3097.548054] __do_sys_fork+0x8a/0xc0 [ 3097.548825] ? kernel_thread+0xf0/0xf0 [ 3097.549676] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3097.550784] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3097.551857] ? trace_hardirqs_on+0x5b/0x180 [ 3097.552787] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3097.553897] do_syscall_64+0x33/0x40 [ 3097.554699] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3097.555804] RIP: 0033:0x7f4c2624bb19 [ 3097.556609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3097.560526] RSP: 002b:00007f4c237c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3097.562195] RAX: ffffffffffffffda RBX: 00007f4c2635ef60 RCX: 00007f4c2624bb19 [ 3097.563687] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3097.565208] RBP: 00007f4c237c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 3097.566708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3097.568444] R13: 00007ffe94d41cdf R14: 00007f4c237c1300 R15: 0000000000022000 00:08:19 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x40000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:20 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:20 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x36000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:20 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:20 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:36 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3c000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:36 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x41010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:36 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:36 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:36 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() (fail_nth: 2) 00:08:36 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:36 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000002c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYRESHEX=r1, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x8000) r4 = getpgrp(0xffffffffffffffff) r5 = pidfd_open(r4, 0x0) pidfd_getfd(r5, 0xffffffffffffffff, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x2, 0x8) ioctl$BTRFS_IOC_RESIZE(r5, 0x50009403, &(0x7f0000000240)=ANY=[@ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB="3a2d42303030303030303030303030301d30303030354b"]) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8921, &(0x7f0000000a80)={'wlan1\x00'}) sendmsg$TIPC_CMD_SHOW_PORTS(r6, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008055}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:36 executing program 4: fork() (fail_nth: 70) [ 3114.407425] FAULT_INJECTION: forcing a failure. [ 3114.407425] name failslab, interval 1, probability 0, space 0, times 0 [ 3114.409947] CPU: 1 PID: 25542 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3114.411497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3114.413443] Call Trace: [ 3114.414054] dump_stack+0x107/0x167 [ 3114.414905] should_fail.cold+0x5/0xa [ 3114.415789] ? create_object.isra.0+0x3a/0xa20 [ 3114.416912] should_failslab+0x5/0x20 [ 3114.417809] kmem_cache_alloc+0x5b/0x310 [ 3114.418740] create_object.isra.0+0x3a/0xa20 [ 3114.419734] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3114.420906] kmem_cache_alloc+0x159/0x310 [ 3114.421872] ptlock_alloc+0x1d/0x70 [ 3114.422703] pte_alloc_one+0x68/0x1a0 [ 3114.423580] __pte_alloc+0x1d/0x330 [ 3114.424419] copy_page_range+0x1b62/0x3810 [ 3114.425396] ? lock_chain_count+0x20/0x20 [ 3114.426391] ? up_write+0x191/0x550 [ 3114.427227] ? vm_iomap_memory+0x190/0x190 [ 3114.428202] ? downgrade_write+0x3a0/0x3a0 [ 3114.429180] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3114.430440] ? __vma_link_rb+0x540/0x700 [ 3114.431389] copy_process+0x759b/0x7800 [ 3114.432347] ? __cleanup_sighand+0xb0/0xb0 [ 3114.433352] ? lock_acquire+0x197/0x470 [ 3114.434405] ? find_held_lock+0x2c/0x110 [ 3114.435373] kernel_clone+0xe7/0x980 [ 3114.436247] ? lock_downgrade+0x6d0/0x6d0 [ 3114.437237] ? find_held_lock+0x2c/0x110 [ 3114.438290] ? create_io_thread+0xf0/0xf0 [ 3114.439451] ? ksys_write+0x12d/0x260 [ 3114.440445] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3114.441681] __do_sys_fork+0x8a/0xc0 [ 3114.442567] ? kernel_thread+0xf0/0xf0 [ 3114.443504] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3114.444744] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3114.445993] ? trace_hardirqs_on+0x5b/0x180 [ 3114.447027] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3114.448244] do_syscall_64+0x33/0x40 [ 3114.449151] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3114.450382] RIP: 0033:0x7f04c97d0b19 [ 3114.451273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3114.455683] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3114.457530] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3114.459246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3114.460937] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3114.462664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3114.464357] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 3114.487785] FAULT_INJECTION: forcing a failure. [ 3114.487785] name failslab, interval 1, probability 0, space 0, times 0 [ 3114.491338] CPU: 0 PID: 25537 Comm: syz-executor.1 Not tainted 5.10.234 #1 [ 3114.493573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3114.495919] Call Trace: [ 3114.496667] dump_stack+0x107/0x167 [ 3114.497727] should_fail.cold+0x5/0xa [ 3114.498826] ? create_object.isra.0+0x3a/0xa20 [ 3114.500127] should_failslab+0x5/0x20 [ 3114.501223] kmem_cache_alloc+0x5b/0x310 [ 3114.502351] create_object.isra.0+0x3a/0xa20 [ 3114.503553] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3114.504905] kmem_cache_alloc_node+0x169/0x330 [ 3114.506116] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3114.507487] copy_process+0x3285/0x7800 [ 3114.508648] ? __lock_acquire+0xbb1/0x5b00 [ 3114.509792] ? lock_downgrade+0x6d0/0x6d0 [ 3114.510891] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3114.512308] ? __cleanup_sighand+0xb0/0xb0 [ 3114.513458] ? lock_acquire+0x197/0x470 [ 3114.514510] ? find_held_lock+0x2c/0x110 [ 3114.515591] kernel_clone+0xe7/0x980 [ 3114.516555] ? lock_downgrade+0x6d0/0x6d0 [ 3114.517619] ? find_held_lock+0x2c/0x110 [ 3114.518490] ? create_io_thread+0xf0/0xf0 [ 3114.519433] ? ksys_write+0x12d/0x260 [ 3114.520330] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3114.521446] __do_sys_fork+0x8a/0xc0 [ 3114.522275] ? kernel_thread+0xf0/0xf0 [ 3114.523161] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3114.524334] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3114.525499] ? trace_hardirqs_on+0x5b/0x180 [ 3114.526459] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3114.527613] do_syscall_64+0x33/0x40 [ 3114.528444] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3114.529587] RIP: 0033:0x7f4c2624bb19 [ 3114.530420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3114.534543] RSP: 002b:00007f4c237c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3114.536226] RAX: ffffffffffffffda RBX: 00007f4c2635ef60 RCX: 00007f4c2624bb19 [ 3114.537817] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3114.539387] RBP: 00007f4c237c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 3114.540949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3114.542548] R13: 00007ffe94d41cdf R14: 00007f4c237c1300 R15: 0000000000022000 00:08:37 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e630000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:37 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x42030000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:37 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:37 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3df00000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:37 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3f000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:37 executing program 4: fork() (fail_nth: 71) 00:08:37 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x58670000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3114.901371] FAULT_INJECTION: forcing a failure. [ 3114.901371] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3114.904133] CPU: 0 PID: 25566 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3114.905687] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3114.907551] Call Trace: [ 3114.908150] dump_stack+0x107/0x167 [ 3114.908977] should_fail.cold+0x5/0xa [ 3114.909843] __alloc_pages_nodemask+0x182/0x600 [ 3114.910887] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3114.912231] ? find_held_lock+0x2c/0x110 [ 3114.913148] ? __pmd_alloc+0x2db/0x5e0 [ 3114.914027] ? lock_downgrade+0x6d0/0x6d0 [ 3114.914957] ? do_raw_spin_lock+0x121/0x260 [ 3114.915933] alloc_pages_current+0x187/0x280 [ 3114.916922] pte_alloc_one+0x16/0x1a0 [ 3114.917768] __pte_alloc+0x1d/0x330 [ 3114.918577] copy_page_range+0x1b62/0x3810 [ 3114.919943] ? lock_chain_count+0x20/0x20 [ 3114.921148] ? up_write+0x191/0x550 [ 3114.922168] ? vm_iomap_memory+0x190/0x190 [ 3114.923317] ? downgrade_write+0x3a0/0x3a0 [ 3114.924483] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3114.925975] ? __vma_link_rb+0x540/0x700 [ 3114.927094] copy_process+0x759b/0x7800 [ 3114.928232] ? __cleanup_sighand+0xb0/0xb0 [ 3114.929421] ? lock_acquire+0x197/0x470 [ 3114.930519] ? find_held_lock+0x2c/0x110 [ 3114.931629] kernel_clone+0xe7/0x980 [ 3114.932636] ? lock_downgrade+0x6d0/0x6d0 [ 3114.933774] ? find_held_lock+0x2c/0x110 [ 3114.934878] ? create_io_thread+0xf0/0xf0 [ 3114.936020] ? ksys_write+0x12d/0x260 [ 3114.937084] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3114.938417] __do_sys_fork+0x8a/0xc0 [ 3114.939418] ? kernel_thread+0xf0/0xf0 [ 3114.940505] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3114.941947] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3114.943342] ? trace_hardirqs_on+0x5b/0x180 [ 3114.944519] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3114.946021] do_syscall_64+0x33/0x40 [ 3114.946798] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3114.947852] RIP: 0033:0x7f04c97d0b19 [ 3114.948646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3114.952478] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3114.954123] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3114.955612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3114.957095] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3114.958718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3114.960526] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:08:51 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3e000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:51 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x5e630000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:51 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0x20080, 0x0) io_uring_register$IORING_REGISTER_PROBE(r4, 0x8, &(0x7f0000000280)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0xd) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:51 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:51 executing program 4: fork() (fail_nth: 72) 00:08:51 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x40000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3128.806487] FAULT_INJECTION: forcing a failure. [ 3128.806487] name failslab, interval 1, probability 0, space 0, times 0 [ 3128.809295] CPU: 0 PID: 25680 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3128.811122] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3128.813158] Call Trace: [ 3128.813816] dump_stack+0x107/0x167 [ 3128.814707] should_fail.cold+0x5/0xa [ 3128.815630] ? create_object.isra.0+0x3a/0xa20 [ 3128.816722] should_failslab+0x5/0x20 [ 3128.817662] kmem_cache_alloc+0x5b/0x310 [ 3128.818640] create_object.isra.0+0x3a/0xa20 [ 3128.819694] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3128.820942] kmem_cache_alloc+0x159/0x310 [ 3128.821993] vm_area_dup+0x78/0x290 [ 3128.822896] ? _cond_resched+0x12/0x80 [ 3128.823837] ? copy_page_range+0x24e9/0x3810 [ 3128.824955] ? vm_area_alloc+0x110/0x110 [ 3128.826117] ? up_write+0x191/0x550 [ 3128.827054] ? vm_iomap_memory+0x190/0x190 [ 3128.828121] ? downgrade_write+0x3a0/0x3a0 [ 3128.829190] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3128.830499] ? __vma_link_rb+0x540/0x700 [ 3128.831370] copy_process+0x291b/0x7800 [ 3128.832242] ? __cleanup_sighand+0xb0/0xb0 [ 3128.833155] ? lock_acquire+0x197/0x470 [ 3128.834015] ? find_held_lock+0x2c/0x110 [ 3128.834881] kernel_clone+0xe7/0x980 [ 3128.835721] ? lock_downgrade+0x6d0/0x6d0 [ 3128.836622] ? find_held_lock+0x2c/0x110 [ 3128.837493] ? create_io_thread+0xf0/0xf0 [ 3128.838377] ? ksys_write+0x12d/0x260 [ 3128.839197] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3128.840233] __do_sys_fork+0x8a/0xc0 [ 3128.841024] ? kernel_thread+0xf0/0xf0 [ 3128.841875] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3128.842992] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3128.844087] ? trace_hardirqs_on+0x5b/0x180 [ 3128.844996] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3128.846105] do_syscall_64+0x33/0x40 [ 3128.846891] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3128.847982] RIP: 0033:0x7f04c97d0b19 [ 3128.848784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3128.852724] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3128.854372] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3128.855889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3128.857727] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3128.859256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3128.860783] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 3128.867533] FAULT_INJECTION: forcing a failure. [ 3128.867533] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3128.870187] CPU: 1 PID: 25682 Comm: syz-executor.1 Not tainted 5.10.234 #1 [ 3128.871602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3128.873534] Call Trace: [ 3128.874067] dump_stack+0x107/0x167 00:08:51 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() (fail_nth: 3) [ 3128.874787] should_fail.cold+0x5/0xa [ 3128.875737] __alloc_pages_nodemask+0x182/0x600 [ 3128.876668] ? lock_downgrade+0x6d0/0x6d0 [ 3128.877503] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3128.878697] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 3128.879721] ? kmem_cache_alloc_node+0x2bc/0x330 [ 3128.880670] copy_process+0x618/0x7800 [ 3128.881444] ? __lock_acquire+0xbb1/0x5b00 [ 3128.882278] ? lock_downgrade+0x6d0/0x6d0 [ 3128.883104] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3128.884152] ? __cleanup_sighand+0xb0/0xb0 [ 3128.884983] ? lock_acquire+0x197/0x470 [ 3128.885777] ? find_held_lock+0x2c/0x110 [ 3128.886586] kernel_clone+0xe7/0x980 [ 3128.887312] ? lock_downgrade+0x6d0/0x6d0 [ 3128.888129] ? find_held_lock+0x2c/0x110 [ 3128.888926] ? create_io_thread+0xf0/0xf0 [ 3128.889797] ? ksys_write+0x12d/0x260 [ 3128.890715] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3128.891846] __do_sys_fork+0x8a/0xc0 [ 3128.892731] ? kernel_thread+0xf0/0xf0 [ 3128.893665] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3128.894977] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3128.896134] ? trace_hardirqs_on+0x5b/0x180 [ 3128.897150] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3128.898166] do_syscall_64+0x33/0x40 [ 3128.898908] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3128.899912] RIP: 0033:0x7f4c2624bb19 [ 3128.900647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3128.904235] RSP: 002b:00007f4c237c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3128.905723] RAX: ffffffffffffffda RBX: 00007f4c2635ef60 RCX: 00007f4c2624bb19 [ 3128.907109] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3128.908495] RBP: 00007f4c237c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 3128.909920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3128.911301] R13: 00007ffe94d41cdf R14: 00007f4c237c1300 R15: 0000000000022000 00:08:51 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x3f000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:51 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x68000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:51 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)=0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r3 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r3, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000f2ffffffff01000000ffffac141400e000000200000000000000000000c0550000000800"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000", @ANYRES32, @ANYRES16=r1, @ANYRESDEC], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:51 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:51 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x41010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:51 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() (fail_nth: 4) 00:08:51 executing program 4: fork() (fail_nth: 73) 00:08:51 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x40000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:51 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x9c6b0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3129.233650] FAULT_INJECTION: forcing a failure. [ 3129.233650] name failslab, interval 1, probability 0, space 0, times 0 [ 3129.236038] CPU: 1 PID: 25799 Comm: syz-executor.1 Not tainted 5.10.234 #1 [ 3129.237358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3129.238937] Call Trace: [ 3129.239438] dump_stack+0x107/0x167 [ 3129.240136] should_fail.cold+0x5/0xa [ 3129.240859] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 3129.241862] should_failslab+0x5/0x20 [ 3129.242582] __kmalloc_node+0x76/0x420 [ 3129.243323] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3129.244331] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 3129.245270] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 3129.246192] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 3129.247155] kmem_cache_alloc_node+0x181/0x330 [ 3129.247996] copy_process+0x3285/0x7800 [ 3129.248739] ? __lock_acquire+0xbb1/0x5b00 [ 3129.249748] ? lock_downgrade+0x6d0/0x6d0 [ 3129.250572] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3129.251588] ? __cleanup_sighand+0xb0/0xb0 [ 3129.252374] ? lock_acquire+0x197/0x470 [ 3129.253113] ? find_held_lock+0x2c/0x110 [ 3129.254051] kernel_clone+0xe7/0x980 [ 3129.254902] ? lock_downgrade+0x6d0/0x6d0 [ 3129.255841] ? find_held_lock+0x2c/0x110 [ 3129.256762] ? create_io_thread+0xf0/0xf0 [ 3129.257729] ? ksys_write+0x12d/0x260 [ 3129.258601] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3129.259702] __do_sys_fork+0x8a/0xc0 [ 3129.260748] ? kernel_thread+0xf0/0xf0 [ 3129.261658] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3129.262838] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3129.264000] ? trace_hardirqs_on+0x5b/0x180 [ 3129.264973] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3129.266150] do_syscall_64+0x33/0x40 [ 3129.266992] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3129.268150] RIP: 0033:0x7f4c2624bb19 [ 3129.268990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3129.273176] RSP: 002b:00007f4c237c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3129.274886] RAX: ffffffffffffffda RBX: 00007f4c2635ef60 RCX: 00007f4c2624bb19 00:08:51 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x71670000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3129.276610] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3129.278247] RBP: 00007f4c237c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 3129.279845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3129.281459] R13: 00007ffe94d41cdf R14: 00007f4c237c1300 R15: 0000000000022000 [ 3129.324162] FAULT_INJECTION: forcing a failure. [ 3129.324162] name failslab, interval 1, probability 0, space 0, times 0 [ 3129.327953] CPU: 1 PID: 25806 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3129.329549] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3129.331409] Call Trace: [ 3129.332005] dump_stack+0x107/0x167 [ 3129.332832] should_fail.cold+0x5/0xa [ 3129.333724] ? vm_area_dup+0x78/0x290 [ 3129.334576] should_failslab+0x5/0x20 [ 3129.335616] kmem_cache_alloc+0x5b/0x310 [ 3129.336527] vm_area_dup+0x78/0x290 [ 3129.337335] ? avc_has_perm_noaudit+0x1c9/0x3e0 [ 3129.338396] ? lock_downgrade+0x6d0/0x6d0 [ 3129.339328] ? copy_page_range+0x24e9/0x3810 [ 3129.340337] ? avc_has_perm_noaudit+0x1f7/0x3e0 [ 3129.341398] ? avc_has_extended_perms+0xf40/0xf40 [ 3129.342473] ? vm_area_alloc+0x110/0x110 [ 3129.343392] ? selinux_vm_enough_memory+0x114/0x180 [ 3129.344518] ? selinux_sb_statfs+0x250/0x250 [ 3129.345507] ? percpu_counter_add_batch+0x8b/0x140 [ 3129.346601] ? __vm_enough_memory+0x184/0x360 [ 3129.347596] ? security_vm_enough_memory_mm+0x8b/0xc0 [ 3129.348724] copy_process+0x291b/0x7800 [ 3129.349661] ? __cleanup_sighand+0xb0/0xb0 [ 3129.350594] ? lock_acquire+0x197/0x470 [ 3129.351477] ? find_held_lock+0x2c/0x110 [ 3129.352377] kernel_clone+0xe7/0x980 [ 3129.353199] ? lock_downgrade+0x6d0/0x6d0 [ 3129.354107] ? find_held_lock+0x2c/0x110 [ 3129.355002] ? create_io_thread+0xf0/0xf0 [ 3129.355908] ? ksys_write+0x12d/0x260 [ 3129.356753] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3129.357838] __do_sys_fork+0x8a/0xc0 [ 3129.358649] ? kernel_thread+0xf0/0xf0 [ 3129.359518] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3129.360690] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3129.361820] ? trace_hardirqs_on+0x5b/0x180 [ 3129.362762] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3129.363872] do_syscall_64+0x33/0x40 [ 3129.364675] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3129.365825] RIP: 0033:0x7f04c97d0b19 [ 3129.366628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3129.370675] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3129.372335] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3129.373908] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3129.375791] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3129.377495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3129.379197] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:08:51 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d20202020202020202020202020202020202020202020202020202000000000000000002100000000000021000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000010600)="ff4344303031", 0x6, 0x8800}], 0x0, &(0x7f0000011300)) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8921, &(0x7f0000000a80)={'wlan1\x00'}) sendmsg$nl_generic(r3, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000800)={0xac, 0x34, 0x10, 0x70bd28, 0x25dfdbfb, {0xe}, [@generic="37fd8cbc7004f0aca37fae0df7e5be86f3e8e862d5d64710e277c11d3ace661260f0c70627cb389281658e3960fc98f42854028aebb9eabc0ad6ba59515e3471769f1ec2be8dc2b15791180fd68135a2318b6782a98f0111799681996f6694dfdc281c58ca85d52fec26b3af375e5c12f4e1953a283d5ef92f353723a0209c934bd4fd511f216d9bff238cf0fe8abfe646b67a1e70804761"]}, 0xac}, 0x1, 0x0, 0x0, 0x20008850}, 0x26000811) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000240), 0x400000, 0x0) ioctl$KDSIGACCEPT(r5, 0x4b4e, 0x1a) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:51 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa0630000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3129.464234] loop6: detected capacity change from 0 to 69632 00:08:51 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x41010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3129.527841] isofs_fill_super: get root inode failed 00:08:52 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb7010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:08:52 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:08:52 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa4010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:09 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() (fail_nth: 5) 00:09:09 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:09 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r4, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000600)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0xf) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r5, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000000000000000000"], 0xfc}}, 0x0) r6 = getpid() r7 = getpgrp(0xffffffffffffffff) r8 = pidfd_open(r7, 0x0) pidfd_getfd(r8, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x6000, @fd=r8, 0x80000001, 0x8000, 0xcef, 0x0, 0x1}, 0x20) perf_event_open(&(0x7f0000000500)={0x4, 0x80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, r6, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:09 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x68000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:09 executing program 4: fork() (fail_nth: 74) 00:09:09 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc0010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:09 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb7010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:09 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0xfffffffe, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000180)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000000), 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000940)=ANY=[@ANYBLOB="fc00052c00000000000000000000000000000000000000000000000000000000ffff00020000000000000000e4ff1f00000000000000000000b3129b619d0f01000000549c6397b25c3e6840000000008fb447b7fc5b2f1f8920c6da34cb8b30d14bdc2fc7596b03d2aa2e5b5bd63770e0201eeb62c423dec5c98409014a7ce52df57f00a4c4d680ed01f40000048e1ad73551e5247233be38b96f931cda5b406cae3328b5201a2b1c15a0560640e8db234007520a43c308a833a6e5c9ea7e93710954e315fc2384d7eb3b6d35163f12994cffd3f28a556518c1d01c25de52e3f1d8318c2aa8224a70b6dd27bc1eb06d71dde7ef6a5998224373331ccb60f870978251708d20be5a801efaeda7deeb7e3920585d050f4ec70ab9ee71eba846748429eae7e327f6f930e6c9be054b9c9cffe5d114fcfeaa27dedc5debd5eb5237448984864db633", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @ipv4, 0xffffffff}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a64485f108d23b76be1cc06a8682449c18157c739b4f25f709", 0x19}, {0x0}, {0x0}], 0x3}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r5 = getpgrp(0xffffffffffffffff) r6 = pidfd_open(r5, 0x0) pidfd_getfd(r6, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000540)=@IORING_OP_CLOSE={0x13, 0x4, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x3f) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3146.909264] FAULT_INJECTION: forcing a failure. [ 3146.909264] name failslab, interval 1, probability 0, space 0, times 0 [ 3146.911654] CPU: 0 PID: 26044 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3146.913090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3146.914811] Call Trace: [ 3146.915356] dump_stack+0x107/0x167 [ 3146.916104] should_fail.cold+0x5/0xa [ 3146.916891] ? create_object.isra.0+0x3a/0xa20 [ 3146.917841] should_failslab+0x5/0x20 [ 3146.918621] kmem_cache_alloc+0x5b/0x310 [ 3146.919457] create_object.isra.0+0x3a/0xa20 [ 3146.920353] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3146.921539] kmem_cache_alloc+0x159/0x310 [ 3146.922428] vm_area_dup+0x78/0x290 [ 3146.923197] ? avc_has_perm_noaudit+0x1c9/0x3e0 [ 3146.924170] ? lock_downgrade+0x6d0/0x6d0 [ 3146.925027] ? copy_page_range+0x24e9/0x3810 [ 3146.925973] ? avc_has_perm_noaudit+0x1f7/0x3e0 [ 3146.926955] ? avc_has_extended_perms+0xf40/0xf40 [ 3146.927971] ? vm_area_alloc+0x110/0x110 [ 3146.928843] ? selinux_vm_enough_memory+0x114/0x180 [ 3146.929906] ? selinux_sb_statfs+0x250/0x250 [ 3146.930838] ? percpu_counter_add_batch+0x8b/0x140 [ 3146.931869] ? __vm_enough_memory+0x184/0x360 [ 3146.932830] ? security_vm_enough_memory_mm+0x8b/0xc0 [ 3146.933947] copy_process+0x291b/0x7800 [ 3146.934821] ? __cleanup_sighand+0xb0/0xb0 [ 3146.935733] ? lock_acquire+0x197/0x470 [ 3146.936579] ? find_held_lock+0x2c/0x110 [ 3146.937451] kernel_clone+0xe7/0x980 [ 3146.938255] ? lock_downgrade+0x6d0/0x6d0 [ 3146.939133] ? find_held_lock+0x2c/0x110 [ 3146.939990] ? create_io_thread+0xf0/0xf0 [ 3146.940865] ? ksys_write+0x12d/0x260 [ 3146.941699] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3146.942734] __do_sys_fork+0x8a/0xc0 [ 3146.943527] ? kernel_thread+0xf0/0xf0 [ 3146.944374] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3146.945476] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3146.946598] ? trace_hardirqs_on+0x5b/0x180 [ 3146.947509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3146.948604] do_syscall_64+0x33/0x40 [ 3146.949391] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3146.950489] RIP: 0033:0x7f04c97d0b19 [ 3146.951281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3146.955213] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3146.956821] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3146.958364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3146.959877] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3146.961382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3146.962912] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:09:09 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x71670000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:09 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc7030000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc2000000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:24 executing program 4: fork() (fail_nth: 75) 00:09:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x75010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc94e0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:24 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:24 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:24 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r3 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r3, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ff0000/0x3000)=nil, 0x3000, 0x0, 0x1010, 0xffffffffffffffff, 0x10000000) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r5, &(0x7f0000000280)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x3938700}, 0x1, 0x0, 0x1, {0x0, r6}}, 0xfffffffb) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3162.406690] FAULT_INJECTION: forcing a failure. [ 3162.406690] name failslab, interval 1, probability 0, space 0, times 0 [ 3162.409358] CPU: 1 PID: 26368 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3162.411150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3162.413000] Call Trace: [ 3162.413579] dump_stack+0x107/0x167 [ 3162.414453] should_fail.cold+0x5/0xa [ 3162.415324] ? anon_vma_clone+0xdc/0x590 [ 3162.416211] should_failslab+0x5/0x20 [ 3162.417038] kmem_cache_alloc+0x5b/0x310 [ 3162.417999] anon_vma_clone+0xdc/0x590 [ 3162.418890] anon_vma_fork+0x82/0x640 [ 3162.419713] ? __vm_enough_memory+0x184/0x360 00:09:24 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)=0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r5 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') r7 = syz_open_dev$vcsn(&(0x7f0000000040), 0xfff, 0x0) syz_io_uring_setup(0x47aa, &(0x7f0000000280)={0x0, 0x15b6, 0x8, 0x1, 0x67, 0x0, r7}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000300)=0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r8, &(0x7f0000000600)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r6, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)="39e5bda0f9f16bee888be44c4d9fe6513d9b8fed3d06e28c1f988b267452f6736c78cccf27e6b7344062915c8300cfd6e7f6dd0bfc796253b04f794573f8559152fba2ba26532fd133af8687f9d0aba72da47ccd4f724e44fb589efbe4b098aca3f3903c432b0b78a6c3b1caebbbfe97c05552aef37b32a147cdab42c9e9657c32f07de808888f6013584ec40bbee57948ac3cecf25e16be44fead15dfc09c758e73c17b9540e0888d6e411345ad7a41ead429aac95d6803a2cf4bca75258f071d4ac11c5b955b0df67d95b57f4a3b51c70f8a25397d28", 0xd7}], 0x1, &(0x7f0000000500)=[{0x40, 0x102, 0x0, "8046229553bdcba8f1883a43859f07cf728d965ae7ed76d96d889b10d46567b22da56c8585849c3d264e3bc723"}], 0x40}, 0x0, 0x4004, 0x0, {0x0, r9}}, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x2007, @fd=r4, 0x9, 0x0, 0x40, 0x10, 0x1, {0x2, r9}}, 0xabd4) read(r5, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r10, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(r7, &(0x7f0000000640)=""/74, 0x4a, 0x7ff) fork() [ 3162.420657] copy_process+0x7218/0x7800 [ 3162.423828] ? __cleanup_sighand+0xb0/0xb0 [ 3162.425030] ? lock_acquire+0x197/0x470 [ 3162.426172] ? find_held_lock+0x2c/0x110 [ 3162.427285] kernel_clone+0xe7/0x980 [ 3162.428360] ? lock_downgrade+0x6d0/0x6d0 [ 3162.429533] ? find_held_lock+0x2c/0x110 [ 3162.430720] ? create_io_thread+0xf0/0xf0 [ 3162.431905] ? ksys_write+0x12d/0x260 [ 3162.433022] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3162.434423] __do_sys_fork+0x8a/0xc0 [ 3162.435492] ? kernel_thread+0xf0/0xf0 [ 3162.436540] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3162.437806] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3162.439125] ? trace_hardirqs_on+0x5b/0x180 [ 3162.440497] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3162.442008] do_syscall_64+0x33/0x40 [ 3162.443102] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3162.444600] RIP: 0033:0x7f04c97d0b19 [ 3162.445697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3162.451589] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3162.451618] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3162.451631] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3162.451645] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3162.451658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3162.451672] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:09:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x7e020000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd8010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc66b0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:25 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe54a0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:25 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe2d80000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:25 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:25 executing program 4: fork() (fail_nth: 76) 00:09:25 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa30f0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3162.845280] FAULT_INJECTION: forcing a failure. [ 3162.845280] name failslab, interval 1, probability 0, space 0, times 0 [ 3162.846656] CPU: 0 PID: 26586 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3162.847442] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3162.848396] Call Trace: [ 3162.848699] dump_stack+0x107/0x167 [ 3162.849121] should_fail.cold+0x5/0xa [ 3162.849575] ? create_object.isra.0+0x3a/0xa20 [ 3162.850115] should_failslab+0x5/0x20 [ 3162.850553] kmem_cache_alloc+0x5b/0x310 [ 3162.851027] create_object.isra.0+0x3a/0xa20 [ 3162.851528] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3162.852173] kmem_cache_alloc+0x159/0x310 [ 3162.852761] anon_vma_clone+0xdc/0x590 [ 3162.853329] anon_vma_fork+0x82/0x640 [ 3162.853911] ? __vm_enough_memory+0x184/0x360 [ 3162.854482] copy_process+0x7218/0x7800 [ 3162.855020] ? __cleanup_sighand+0xb0/0xb0 [ 3162.855570] ? lock_acquire+0x197/0x470 [ 3162.856096] ? find_held_lock+0x2c/0x110 [ 3162.856623] kernel_clone+0xe7/0x980 [ 3162.857109] ? lock_downgrade+0x6d0/0x6d0 [ 3162.857645] ? find_held_lock+0x2c/0x110 [ 3162.858124] ? create_io_thread+0xf0/0xf0 [ 3162.858602] ? ksys_write+0x12d/0x260 [ 3162.859052] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3162.859612] __do_sys_fork+0x8a/0xc0 [ 3162.860037] ? kernel_thread+0xf0/0xf0 [ 3162.860492] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3162.861094] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3162.861687] ? trace_hardirqs_on+0x5b/0x180 [ 3162.862200] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3162.862786] do_syscall_64+0x33/0x40 [ 3162.863213] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3162.863802] RIP: 0033:0x7f04c97d0b19 [ 3162.864231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3162.866343] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3162.867220] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3162.868038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3162.868858] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3162.869675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3162.870503] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:09:42 executing program 4: fork() (fail_nth: 77) 00:09:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe55a0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:42 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) ftruncate(r3, 0x1000003) write$eventfd(r3, &(0x7f0000000140)=0xfff, 0x8) readv(r3, &(0x7f0000000200)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1) openat$cgroup_procs(r3, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)={0x4c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8040}, 0x4004040) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:42 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb5020000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xe8f30000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:42 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a0001000000000000331e0000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a00010000000000000000000000004d980002000000ffffac141400ff00000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:42 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000400000000000000000000000000000000ffffac141400e0000002000000002000"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x4, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3179.771640] FAULT_INJECTION: forcing a failure. [ 3179.771640] name failslab, interval 1, probability 0, space 0, times 0 [ 3179.774145] CPU: 0 PID: 26616 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3179.775614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3179.777368] Call Trace: [ 3179.777934] dump_stack+0x107/0x167 [ 3179.778720] should_fail.cold+0x5/0xa [ 3179.779519] ? down_write+0xe0/0x160 [ 3179.780311] ? anon_vma_clone+0xdc/0x590 [ 3179.781182] should_failslab+0x5/0x20 [ 3179.782002] kmem_cache_alloc+0x5b/0x310 [ 3179.782865] anon_vma_clone+0xdc/0x590 [ 3179.783702] anon_vma_fork+0x82/0x640 [ 3179.784499] ? __vm_enough_memory+0x184/0x360 [ 3179.785452] copy_process+0x7218/0x7800 [ 3179.786349] ? __cleanup_sighand+0xb0/0xb0 [ 3179.787249] ? lock_acquire+0x197/0x470 [ 3179.788098] ? find_held_lock+0x2c/0x110 [ 3179.788958] kernel_clone+0xe7/0x980 [ 3179.789749] ? lock_downgrade+0x6d0/0x6d0 [ 3179.790634] ? find_held_lock+0x2c/0x110 [ 3179.791488] ? create_io_thread+0xf0/0xf0 [ 3179.792369] ? ksys_write+0x12d/0x260 [ 3179.793187] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3179.794232] __do_sys_fork+0x8a/0xc0 [ 3179.795016] ? kernel_thread+0xf0/0xf0 [ 3179.795861] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3179.796965] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3179.798058] ? trace_hardirqs_on+0x5b/0x180 [ 3179.798970] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3179.800051] do_syscall_64+0x33/0x40 [ 3179.800836] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3179.801911] RIP: 0033:0x7f04c97d0b19 [ 3179.802706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3179.806579] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3179.808177] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3179.809692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3179.811206] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3179.812715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3179.814230] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:09:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf0010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf0ffffff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfa4a0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf0ffffff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:09:42 executing program 4: fork() (fail_nth: 78) 00:09:42 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:09:42 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01220000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800080008000000000000000000000000000000897a3febd1d3270eff2a3809428adfedd090d39c7e61a50775b67b7449fd15a9e76b268e9058712f35f2e273a7ebecaaca4c71a74488e38c13c3e2d93a59d588eb8c3e77e19cb1cabbcc98b6bad70c1105f269a0cc46c0c4c1a83b0900000000000000d261a5f1f02c7200b663ffc9503f8559b7bfc94d0eb57e4246157936d38f2b490d7302a136a8d559d6569e474015865ffdef0aed9ddac0c7220afe9af0e5d1fff65c58e38445b7ded0bb7f66d8a47d57611052468c53ca32ee20471fafa2f95b3bf57502853fe0b965d62313429277a60afc393bf1811fd61002ca2f52c3a17d0ba0d98075148ef0f1d7232641a2b0ce49894680518b4606dd6309"], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x242040, 0x8) fork() 00:09:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb55a0000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3180.242146] FAULT_INJECTION: forcing a failure. [ 3180.242146] name failslab, interval 1, probability 0, space 0, times 0 [ 3180.244446] CPU: 0 PID: 26941 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3180.245840] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3180.247565] Call Trace: [ 3180.248098] dump_stack+0x107/0x167 [ 3180.248833] should_fail.cold+0x5/0xa [ 3180.249610] ? anon_vma_clone+0xdc/0x590 [ 3180.250445] should_failslab+0x5/0x20 [ 3180.251215] kmem_cache_alloc+0x5b/0x310 [ 3180.252035] anon_vma_clone+0xdc/0x590 [ 3180.252819] anon_vma_fork+0x82/0x640 [ 3180.253585] ? __vm_enough_memory+0x184/0x360 [ 3180.254528] copy_process+0x7218/0x7800 [ 3180.255372] ? __cleanup_sighand+0xb0/0xb0 [ 3180.256236] ? lock_acquire+0x197/0x470 [ 3180.257047] ? find_held_lock+0x2c/0x110 [ 3180.257958] kernel_clone+0xe7/0x980 [ 3180.258910] ? lock_downgrade+0x6d0/0x6d0 [ 3180.259922] ? find_held_lock+0x2c/0x110 [ 3180.260912] ? create_io_thread+0xf0/0xf0 [ 3180.261958] ? ksys_write+0x12d/0x260 [ 3180.262950] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3180.264191] __do_sys_fork+0x8a/0xc0 [ 3180.265090] ? kernel_thread+0xf0/0xf0 [ 3180.265940] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3180.267058] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3180.268348] ? trace_hardirqs_on+0x5b/0x180 [ 3180.269429] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3180.270700] do_syscall_64+0x33/0x40 [ 3180.271609] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3180.272891] RIP: 0033:0x7f04c97d0b19 [ 3180.273792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3180.278291] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3180.280172] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3180.281883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3180.283673] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3180.285460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3180.287255] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:10:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfcd80000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:08 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800460000200000000000029078ac1414aa0a0101020703000000009078ffffffff04ae7a4eedfab440ac1c5bf17a5f101755b7eeb267ac0a6e9ddff05a291a4d7d0cf5fd40fe0d99e740760145217d30f00b09bfc0de5b96675c3b18d604cc00fa2e6609acebfb7d86d3f83b2efd0cefbc48ca"], 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:08 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfeffffff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:08 executing program 4: fork() (fail_nth: 79) 00:10:08 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) ftruncate(r4, 0x1000003) write$eventfd(r4, &(0x7f0000000140)=0xfff, 0x8) readv(r4, &(0x7f0000000200)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1) openat$cgroup_procs(r4, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=@getsa={0x68, 0x12, 0x20, 0x70bd25, 0x25dfdbfb, {@in6=@dev={0xfe, 0x80, '\x00', 0x2b}, 0x4d5, 0xa, 0x2b}, [@replay_esn_val={0x40, 0x17, {0x9, 0x70bd2d, 0x70bd26, 0x70bd2d, 0x70bd27, 0xde2, [0x9a5, 0x4, 0x0, 0x8, 0x3, 0x4, 0x20, 0xfffffff9, 0x0]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0) 00:10:08 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xb7010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:08 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:08 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$int_out(r1, 0x0, &(0x7f0000000240)) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3205.713835] FAULT_INJECTION: forcing a failure. [ 3205.713835] name failslab, interval 1, probability 0, space 0, times 0 [ 3205.717293] CPU: 0 PID: 27063 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3205.718857] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3205.720705] Call Trace: [ 3205.721303] dump_stack+0x107/0x167 [ 3205.722135] should_fail.cold+0x5/0xa [ 3205.723015] ? anon_vma_fork+0xf1/0x640 [ 3205.723925] should_failslab+0x5/0x20 [ 3205.724769] kmem_cache_alloc+0x5b/0x310 [ 3205.725679] anon_vma_fork+0xf1/0x640 [ 3205.726541] ? __vm_enough_memory+0x184/0x360 [ 3205.727541] copy_process+0x7218/0x7800 [ 3205.728472] ? __cleanup_sighand+0xb0/0xb0 [ 3205.729408] ? lock_acquire+0x197/0x470 [ 3205.730320] ? find_held_lock+0x2c/0x110 [ 3205.731219] kernel_clone+0xe7/0x980 [ 3205.732036] ? lock_downgrade+0x6d0/0x6d0 [ 3205.732945] ? find_held_lock+0x2c/0x110 [ 3205.733844] ? create_io_thread+0xf0/0xf0 [ 3205.734764] ? ksys_write+0x12d/0x260 [ 3205.735624] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3205.736710] __do_sys_fork+0x8a/0xc0 [ 3205.737543] ? kernel_thread+0xf0/0xf0 [ 3205.738471] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3205.739635] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3205.740786] ? trace_hardirqs_on+0x5b/0x180 [ 3205.741727] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3205.742869] do_syscall_64+0x33/0x40 [ 3205.743705] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3205.744841] RIP: 0033:0x7f04c97d0b19 [ 3205.745650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3205.749673] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3205.751342] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3205.752882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3205.754450] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3205.756023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3205.757597] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:10:08 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xffffff7f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfd630000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:08 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffffff0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:08 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xc8010000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:08 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfeffffff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:24 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000feffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) r4 = getpgrp(0xffffffffffffffff) r5 = pidfd_open(r4, 0x0) pidfd_getfd(r5, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000002600)={0x0, 0x0}) recvmmsg$unix(r1, &(0x7f00000024c0)=[{{&(0x7f0000000500)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)=""/57, 0x39}, {&(0x7f0000000640)=""/74, 0x4a}, {&(0x7f0000000800)=""/4096, 0x1000}], 0x3, &(0x7f0000001800)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb0}}, {{&(0x7f00000018c0)=@abs, 0x6e, &(0x7f0000001940)=[{&(0x7f0000000700)=""/33, 0x21}, {&(0x7f0000002e40)=""/4096, 0x1000}], 0x2, &(0x7f0000001980)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x88}}, {{&(0x7f0000001a40)=@abs, 0x6e, &(0x7f0000001f00)=[{&(0x7f0000001ac0)=""/73, 0x49}, {&(0x7f0000001b40)=""/224, 0xe0}, {&(0x7f0000001c40)=""/228, 0xe4}, {&(0x7f0000001d40)=""/25, 0x19}, {&(0x7f0000001e00)=""/233, 0xe9}, {&(0x7f0000003e40)=""/4096, 0x1000}], 0x6, &(0x7f0000001f80)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb8}}, {{&(0x7f0000002040)=@abs, 0x6e, &(0x7f00000022c0)=[{&(0x7f0000004e40)=""/4096, 0x1000}, {&(0x7f00000020c0)=""/235, 0xeb}, {&(0x7f00000021c0)=""/245, 0xf5}], 0x3}}, {{&(0x7f0000002300)=@abs, 0x6e, &(0x7f0000002480)=[{&(0x7f0000002380)=""/221, 0xdd}], 0x1}}], 0x5, 0x10111, &(0x7f0000002640)={r6, r7+10000000}) sendfile(r5, r8, 0x0, 0x1000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xd8630000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:24 executing program 4: fork() (fail_nth: 80) 00:10:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xffffff7f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffffffe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:24 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_expedited', 0x22902, 0x0) mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000008, 0x1010, r2, 0x6) write$vga_arbiter(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='target f:13:17.s\x00'], 0x16) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0x80, 0xb9a}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000440)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c050827ce54500"/68, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) write$vga_arbiter(r1, &(0x7f00000001c0)=@other={'trylock', ' ', 'mem'}, 0xc) sendfile(0xffffffffffffffff, r3, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:24 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r4, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r6, 0x0, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000500)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x3, &(0x7f00000002c0)={0x0, 0x3938700}, 0x1, 0x0, 0x0, {0x0, r7}}, 0x9) sendmsg$nl_xfrm(r5, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000300000000000000f2579825f264f4d90000000000000000000000001108000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) r8 = getpgrp(0xffffffffffffffff) r9 = pidfd_open(r8, 0x0) pidfd_getfd(r9, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000280)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x3, 0x0, r2, &(0x7f0000000240)={0x10}, r9}, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:24 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xffffffff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3222.093664] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3222.093772] FAULT_INJECTION: forcing a failure. [ 3222.093772] name failslab, interval 1, probability 0, space 0, times 0 [ 3222.097949] CPU: 1 PID: 27402 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3222.099478] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3222.101458] Call Trace: [ 3222.102041] dump_stack+0x107/0x167 [ 3222.102828] should_fail.cold+0x5/0xa [ 3222.103627] ? create_object.isra.0+0x3a/0xa20 [ 3222.104584] should_failslab+0x5/0x20 [ 3222.105386] kmem_cache_alloc+0x5b/0x310 [ 3222.106243] create_object.isra.0+0x3a/0xa20 [ 3222.107188] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3222.108250] kmem_cache_alloc+0x159/0x310 [ 3222.109184] anon_vma_fork+0xf1/0x640 [ 3222.110007] ? __vm_enough_memory+0x184/0x360 [ 3222.111030] copy_process+0x7218/0x7800 [ 3222.111908] ? __cleanup_sighand+0xb0/0xb0 [ 3222.112865] ? lock_acquire+0x197/0x470 [ 3222.113708] ? find_held_lock+0x2c/0x110 [ 3222.114645] kernel_clone+0xe7/0x980 [ 3222.115499] ? lock_downgrade+0x6d0/0x6d0 [ 3222.116372] ? find_held_lock+0x2c/0x110 [ 3222.117322] ? create_io_thread+0xf0/0xf0 [ 3222.118268] ? ksys_write+0x12d/0x260 [ 3222.119138] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3222.120247] __do_sys_fork+0x8a/0xc0 [ 3222.121052] ? kernel_thread+0xf0/0xf0 [ 3222.121882] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3222.122996] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3222.124077] ? trace_hardirqs_on+0x5b/0x180 [ 3222.125005] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3222.126128] do_syscall_64+0x33/0x40 [ 3222.127034] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3222.128114] RIP: 0033:0x7f04c97d0b19 [ 3222.128945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3222.132845] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3222.134458] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3222.135963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3222.137464] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3222.139029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3222.140516] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:10:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffffff0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xf2630000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:24 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:24 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfeffffff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:24 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) syz_io_uring_setup(0x7e73, &(0x7f0000000180)={0x0, 0x7f7a, 0x20, 0x0, 0x21d, 0x0, r0}, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000200)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000440)=@IORING_OP_SEND={0x1a, 0x1, 0x0, r1, 0x0, &(0x7f0000000340)="540a7a765523f94f0daca5044094035c7db835b3bc3a1efeed22335244f5b42bf6c2418c9625eb45e0961e41893bf3e6e62dcda69fc612da7bf84864cdc8de490512", 0x42, 0x8000, 0x1}, 0x6) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:24 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:24 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffffffe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3222.487507] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:10:25 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) io_uring_enter(r0, 0x616e, 0x815f, 0x1, &(0x7f0000000280)={[0xb17]}, 0x8) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) syz_open_dev$vcsn(&(0x7f0000000240), 0x596, 0x6c641) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000006cad1f650000000000000000000002000000ffffad141400e000000200000000000004000000c055000000000000000000009f8d39", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f00000002c0), 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x2c, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9c1a}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x20000080) fork() 00:10:25 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000240)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:25 executing program 4: fork() (fail_nth: 81) 00:10:25 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xffffff7f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:25 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xffffffff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:25 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3222.706367] FAULT_INJECTION: forcing a failure. [ 3222.706367] name failslab, interval 1, probability 0, space 0, times 0 [ 3222.708788] CPU: 0 PID: 27739 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3222.710213] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3222.711979] Call Trace: [ 3222.712537] dump_stack+0x107/0x167 [ 3222.713305] should_fail.cold+0x5/0xa [ 3222.714110] ? anon_vma_fork+0x1ff/0x640 [ 3222.714981] should_failslab+0x5/0x20 [ 3222.715772] kmem_cache_alloc+0x5b/0x310 [ 3222.716627] anon_vma_fork+0x1ff/0x640 [ 3222.717452] copy_process+0x7218/0x7800 [ 3222.718317] ? __cleanup_sighand+0xb0/0xb0 [ 3222.719226] ? lock_acquire+0x197/0x470 [ 3222.720068] ? find_held_lock+0x2c/0x110 [ 3222.720928] kernel_clone+0xe7/0x980 [ 3222.721700] ? lock_downgrade+0x6d0/0x6d0 [ 3222.722574] ? find_held_lock+0x2c/0x110 [ 3222.723402] ? create_io_thread+0xf0/0xf0 [ 3222.724271] ? ksys_write+0x12d/0x260 [ 3222.725070] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3222.726089] __do_sys_fork+0x8a/0xc0 [ 3222.726882] ? kernel_thread+0xf0/0xf0 [ 3222.727719] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3222.728817] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3222.729893] ? trace_hardirqs_on+0x5b/0x180 [ 3222.730816] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3222.731898] do_syscall_64+0x33/0x40 [ 3222.732681] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3222.733761] RIP: 0033:0x7f04c97d0b19 [ 3222.734552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3222.738409] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3222.740022] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3222.741516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3222.743030] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3222.744529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3222.746032] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 3222.803511] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. 00:10:25 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xfffffffe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:25 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:25 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:25 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3, 0xd1b649dfb7632f1a, r2, 0x8000000) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r3, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:41 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)) syz_io_uring_setup(0x55c4, &(0x7f0000000280)={0x0, 0x385a, 0x1, 0x3, 0x307}, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ff4000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000800)=@IORING_OP_NOP={0x0, 0x3}, 0x200) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_expedited', 0x22902, 0x0) mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000008, 0x1010, r3, 0x6) io_uring_enter(r3, 0x2735, 0x7648, 0x5, &(0x7f0000000240)={[0x2]}, 0x8) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r5 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r5, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) shmget$private(0x0, 0x2000, 0x1000, &(0x7f0000ffd000/0x2000)=nil) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r4, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:41 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:41 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x1010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:41 executing program 4: fork() (fail_nth: 82) 00:10:41 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xffffffff}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:41 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:41 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:41 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180)={0x0, 0x4ac1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @ipv4, 0xffffffff}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a64485f108d23b76be1cc06a8682449c18157c739b4f25f709", 0x19}, {0x0}, {0x0}], 0x3}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) syz_io_uring_submit(0x0, r3, &(0x7f0000000340)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x2004, @fd_index=0x7, 0x2, 0x6, 0x4, 0xd, 0x1}, 0x5) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000ff001faacfbc000000003c000000fc01000000000000000000000000000000000000000400040000000000e13b8386e33dd5a0000000cf0000000000000000000000982909eb00fe000000000043007728ed1df3e000000000000000000000000000000000000000000000005dd046ae0000000000000000000000000002000000000000000000000000000a00000000000000000000000c0008000800080000000000000000000000000000e2490441186e00948695c5e5ae3613ce24703a4552ee4b86987e89e0eafec1a1b8946ded5b2b4fb300745face005c7be4f8a8c608f605c61627f3b1be92d7ade4209aa72767a63567986dfd1fe312b489e52aeb3b096052b05b6364e4d6a580e6a3254fb49137443648e00"/298], 0xfc}}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) r7 = creat(&(0x7f0000000180)='./file0\x00', 0x48) sendmsg$nl_xfrm(r7, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x9010) sendfile(0xffffffffffffffff, r6, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10435, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x7}, 0x190, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3239.533536] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3239.603586] FAULT_INJECTION: forcing a failure. [ 3239.603586] name failslab, interval 1, probability 0, space 0, times 0 [ 3239.606505] CPU: 1 PID: 28171 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3239.608255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3239.610336] Call Trace: [ 3239.611021] dump_stack+0x107/0x167 [ 3239.611949] should_fail.cold+0x5/0xa [ 3239.612918] ? create_object.isra.0+0x3a/0xa20 [ 3239.614087] should_failslab+0x5/0x20 [ 3239.615073] kmem_cache_alloc+0x5b/0x310 [ 3239.616119] create_object.isra.0+0x3a/0xa20 [ 3239.617225] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3239.618519] kmem_cache_alloc+0x159/0x310 [ 3239.619583] anon_vma_fork+0x1ff/0x640 [ 3239.620547] copy_process+0x7218/0x7800 [ 3239.621529] ? __cleanup_sighand+0xb0/0xb0 [ 3239.622529] ? lock_acquire+0x197/0x470 [ 3239.623489] ? find_held_lock+0x2c/0x110 [ 3239.624444] kernel_clone+0xe7/0x980 [ 3239.625321] ? lock_downgrade+0x6d0/0x6d0 [ 3239.626286] ? find_held_lock+0x2c/0x110 [ 3239.627246] ? create_io_thread+0xf0/0xf0 [ 3239.628242] ? ksys_write+0x12d/0x260 [ 3239.629218] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3239.630455] __do_sys_fork+0x8a/0xc0 [ 3239.631413] ? kernel_thread+0xf0/0xf0 [ 3239.632399] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3239.633729] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3239.635007] ? trace_hardirqs_on+0x5b/0x180 [ 3239.636114] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3239.637365] do_syscall_64+0x33/0x40 [ 3239.638308] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3239.639643] RIP: 0033:0x7f04c97d0b19 [ 3239.640570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3239.645210] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3239.647145] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3239.648965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3239.650779] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3239.652600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3239.654403] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:10:57 executing program 4: fork() (fail_nth: 83) 00:10:57 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3255.232252] FAULT_INJECTION: forcing a failure. [ 3255.232252] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3255.234072] CPU: 1 PID: 28485 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3255.235935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3255.238280] Call Trace: [ 3255.239012] dump_stack+0x107/0x167 [ 3255.239967] should_fail.cold+0x5/0xa [ 3255.240976] __alloc_pages_nodemask+0x182/0x600 [ 3255.242050] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3255.242876] alloc_pages_current+0x187/0x280 [ 3255.243483] pte_alloc_one+0x16/0x1a0 [ 3255.245399] __pte_alloc+0x1d/0x330 [ 3255.245893] copy_page_range+0x1b62/0x3810 [ 3255.246490] ? up_write+0x191/0x550 [ 3255.247016] ? vm_iomap_memory+0x190/0x190 [ 3255.247563] ? downgrade_write+0x3a0/0x3a0 [ 3255.248155] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3255.248860] ? __vma_link_rb+0x540/0x700 [ 3255.249436] copy_process+0x759b/0x7800 [ 3255.249995] ? __cleanup_sighand+0xb0/0xb0 [ 3255.250585] ? lock_acquire+0x197/0x470 [ 3255.251123] ? find_held_lock+0x2c/0x110 [ 3255.251708] kernel_clone+0xe7/0x980 [ 3255.252246] ? lock_downgrade+0x6d0/0x6d0 [ 3255.252837] ? find_held_lock+0x2c/0x110 [ 3255.253423] ? create_io_thread+0xf0/0xf0 [ 3255.254023] ? ksys_write+0x12d/0x260 [ 3255.254586] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3255.255498] __do_sys_fork+0x8a/0xc0 00:10:57 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)=0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r4, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r5, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES64, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000500)={{0x1, 0x1, 0x18, r3, {0x9}}, './file0\x00'}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r7, 0x0, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r8 = accept$unix(r6, 0x0, &(0x7f0000000240)) syz_io_uring_submit(r7, r1, &(0x7f0000000a40)=@IORING_OP_SENDMSG={0x9, 0x1, 0x0, r8, 0x0, &(0x7f0000000a00)={&(0x7f0000000280)=@un=@abs={0x0, 0x0, 0x4e22}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000800)="8c1b23ac6dc652711c56d9a05968587bf4f4c022408e9ec85dd8aaed1d1cf19a40925f88e3c27ea49e5df93bb142cb12bdbb89dcc9711a4ae5af6aa0acfc32e59f4ae14fb7de650355928c0d0b83a58016404fa1f63b15d834e1477f8a6e27fbdbcbc11a49357bb49af858cb33d414635f35a7ba5fc69e74b72b6a246559245c8b7a2c30bd6446e1765506e529b8e5d1d4e7ddaf2adca5253e80488a93f1b137c9345eb89427297456a394d475d80a65ab00dfa4ec55586c65fec5761c79c793db3697d86258edd81489bc96da5bca42fef910560be2", 0xd6}], 0x1, &(0x7f0000000900)=[{0x100, 0x88, 0x3, "8b905390359fa62633977bc475ac23fe14b1b2be35940f9b079e2dc6912e2d99c726441d90fc8629b3aa690a80f1cde346fa55f6cb9317a53247035d74c137caf160bb6a43de632dc8587caeba9c8d523183143c05b1dfe57a29ebbe3b00c8c637a95114a62e62aac38b7c5dd10c1b483a2ea6581ab8cd441bb14e824cae037f518e3a4a9526e6df8495c698a43c95a6d3e136077f7341a7982d12fcb6256237db3a8f8e707677fee00cf4ad485b3981fba5e12985e92ce0d63d265ee0d8a0b032edaadd69315e0476f88f3c31dfe106950adae5aad509b9f990b0fb76370a8c43051b1d917a5a39e93cea"}], 0x100}, 0x0, 0x4008004, 0x1}, 0x100) setsockopt$inet6_opts(r6, 0x29, 0x37, &(0x7f0000000540)=@dstopts={0x6, 0x5, '\x00', [@pad1, @hao={0xc9, 0x10, @loopback}, @ra={0x5, 0x2, 0x40}, @ra={0x5, 0x2, 0x1}, @ra={0x5, 0x2, 0x3}, @jumbo={0xc2, 0x4, 0xc5bb}, @ra={0x5, 0x2, 0x1}, @ra={0x5, 0x2, 0x87}]}, 0x38) fork() 00:10:57 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)=0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) syz_io_uring_setup(0x40f3, &(0x7f0000000180)={0x0, 0x2bc2, 0x8, 0x2, 0x4d}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x6f1) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0200001a00010000000000000000000000000000000200001fb41a48fb2b20750ba53b34c732ece900ffffac141400e000000200000000000000000000c055", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r6 = socket$inet(0x2, 0x3, 0x6) connect$inet(r6, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r6, &(0x7f0000000000), 0x400000d, 0xff03000000000000) syz_io_uring_submit(r1, 0x0, &(0x7f0000000980)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r6, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)=@tipc=@id, 0x80, &(0x7f0000000840)=[{&(0x7f00000004c0)=""/126, 0x7e}, {&(0x7f0000000540)=""/103, 0x67}, {&(0x7f0000000700)=""/80, 0x50}, {&(0x7f0000000780)=""/146, 0x92}, {&(0x7f0000000380)=""/2, 0x2}], 0x5, &(0x7f00000008c0)=""/133, 0x85}, 0x0, 0x10042, 0x1, {0x1}}, 0x6) 00:10:57 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000a80)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e00000020000000000000000001dfac80b1648e2c4e08220a839000000000000000000000000000000110000004e7024fbeb782fb3fafd1ef68cca0b9b47b4b1b92a9b46ee0b2e1b6ce59052856c1147a897b9ef6c8d6061ad4f7dac871b252e0cd07c474eaae16321d97998c5533d029ebd5a69e210be33caf2b866715b7305", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000000000000000000000000074106e273a50a4cb5505fe1040bc2f425c5b30cdd3e996715439c0656a00c228ad85a7e22d547a1c893990d5bfc510db00000050e4b62b96682fa06168b1667c17c41985d9d9c648ef48cabf1ab53c4304f74e16453b6f648a08976dd1f5ce3730b1bc633a9bb8e2f2882f6c17eb7317b33bd2b8a7bbcb168ca3d5b15917e98d897df662240373a4fcd43e1993c939e23f57f7e1eb813760a6e8eb85ef507b98407db5817219fc69b2bbbd19a46add563bae0fd40440eb8343f5c82c69026e2dd5b0258eeda8434a778140d8526803cc252fcf241c092b2db42656d2c7bfc31779d6874ca590ed5e24103a54ac8c942b94"], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000000500)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_config_ext={0x7fffffff}, 0x1004, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4a1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x20010, 0xffffffffffffffff, 0xee77b000) setsockopt$inet6_IPV6_PKTINFO(r4, 0x29, 0x32, &(0x7f0000000080)={@mcast1}, 0x14) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r5, &(0x7f0000000240)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'ip6tnl0\x00', r7, 0x4, 0x1f, 0x9, 0x3, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, @private0, 0xa1, 0x8000, 0x7, 0x500}}) fork() [ 3255.256066] ? kernel_thread+0xf0/0xf0 [ 3255.256814] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3255.257491] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3255.258219] ? trace_hardirqs_on+0x5b/0x180 00:10:57 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:57 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:57 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3255.258833] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3255.259697] do_syscall_64+0x33/0x40 [ 3255.260232] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3255.260965] RIP: 0033:0x7f04c97d0b19 [ 3255.261492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3255.264117] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3255.265191] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3255.266203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3255.267235] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3255.268250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3255.269257] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 [ 3255.279769] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3255.301471] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. 00:10:57 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:57 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:57 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xf}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:57 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = dup(r1) sendmsg$nl_generic(r3, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x24, 0x400, 0x70bd2d, 0x25dfdbfc, {0x5}, [@typed={0x8, 0x56, 0x0, 0x0, @ipv4=@multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40081}, 0x8000) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:10:57 executing program 4: fork() (fail_nth: 84) 00:10:58 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x18}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:58 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:58 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xf}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3255.669915] FAULT_INJECTION: forcing a failure. [ 3255.669915] name failslab, interval 1, probability 0, space 0, times 0 [ 3255.672558] CPU: 1 PID: 28766 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3255.674081] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3255.675898] Call Trace: [ 3255.676476] dump_stack+0x107/0x167 [ 3255.677283] should_fail.cold+0x5/0xa [ 3255.678132] ? anon_vma_fork+0x1ff/0x640 [ 3255.679047] should_failslab+0x5/0x20 [ 3255.679874] kmem_cache_alloc+0x5b/0x310 [ 3255.680776] anon_vma_fork+0x1ff/0x640 [ 3255.681629] copy_process+0x7218/0x7800 [ 3255.682550] ? __cleanup_sighand+0xb0/0xb0 [ 3255.683498] ? lock_acquire+0x197/0x470 [ 3255.684375] ? find_held_lock+0x2c/0x110 [ 3255.685274] kernel_clone+0xe7/0x980 [ 3255.686104] ? lock_downgrade+0x6d0/0x6d0 [ 3255.687016] ? find_held_lock+0x2c/0x110 [ 3255.687961] ? create_io_thread+0xf0/0xf0 [ 3255.688940] ? ksys_write+0x12d/0x260 [ 3255.689837] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3255.690985] __do_sys_fork+0x8a/0xc0 [ 3255.691839] ? kernel_thread+0xf0/0xf0 [ 3255.692761] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3255.693962] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3255.695128] ? trace_hardirqs_on+0x5b/0x180 [ 3255.696090] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3255.697230] do_syscall_64+0x33/0x40 [ 3255.698048] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3255.699291] RIP: 0033:0x7f04c97d0b19 [ 3255.700109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3255.704463] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3255.706150] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3255.707737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3255.709302] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3255.710981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3255.712590] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:10:58 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:10:58 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c055", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3255.865548] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:10:58 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x10}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:14 executing program 4: fork() (fail_nth: 85) 00:11:14 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xf}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:14 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x18}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:14 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000600), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) mmap(&(0x7f0000ff1000/0x3000)=nil, 0x3000, 0xb, 0x110, r0, 0x53c81000) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) r4 = dup3(r3, r1, 0x80000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r4, 0xc04c5349, &(0x7f0000000500)={0x5eb2, 0xfffffffd, 0xfffffeff}) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) flock(r5, 0x8) fork() 00:11:14 executing program 1: r0 = syz_io_uring_setup(0x78d0, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = syz_open_dev$mouse(&(0x7f0000000000), 0x8001, 0x103040) sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)={0x124, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x54, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010101}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x60, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1e}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast1}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7e}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x8}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1d}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3f}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x19}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x89}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x9db}]}]}, 0x124}}, 0x20040000) sendmsg$nl_xfrm(r2, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r2, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() write$vga_arbiter(r1, &(0x7f0000000340)=@other={'trylock', ' ', 'io'}, 0xb) 00:11:14 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000240)=@unlock_all, 0xb) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac1400000000000000000000000000000000000000000000000002000000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000200000982909eb00fe000000000000000000475b6d1e2bb2c4e62942000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000f200000000000000000a00000000000000000000000c00910205dd080000000000"], 0xfc}}, 0x8) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:11:14 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c055", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:11:14 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3271.757364] FAULT_INJECTION: forcing a failure. [ 3271.757364] name failslab, interval 1, probability 0, space 0, times 0 [ 3271.758712] CPU: 1 PID: 28939 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3271.759507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3271.760455] Call Trace: [ 3271.760762] dump_stack+0x107/0x167 [ 3271.761183] should_fail.cold+0x5/0xa [ 3271.761627] ? create_object.isra.0+0x3a/0xa20 [ 3271.762154] should_failslab+0x5/0x20 [ 3271.762593] kmem_cache_alloc+0x5b/0x310 [ 3271.763056] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3271.763757] create_object.isra.0+0x3a/0xa20 [ 3271.764259] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3271.764848] kmem_cache_alloc+0x159/0x310 [ 3271.765329] ptlock_alloc+0x1d/0x70 [ 3271.765751] pte_alloc_one+0x68/0x1a0 [ 3271.766185] __pte_alloc+0x1d/0x330 [ 3271.766606] copy_page_range+0x1b62/0x3810 [ 3271.767141] ? up_write+0x191/0x550 [ 3271.767559] ? vm_iomap_memory+0x190/0x190 [ 3271.768048] ? downgrade_write+0x3a0/0x3a0 [ 3271.768539] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3271.769164] ? __vma_link_rb+0x540/0x700 [ 3271.769641] copy_process+0x759b/0x7800 [ 3271.770126] ? __cleanup_sighand+0xb0/0xb0 [ 3271.770615] ? lock_acquire+0x197/0x470 [ 3271.771076] ? find_held_lock+0x2c/0x110 [ 3271.771549] kernel_clone+0xe7/0x980 [ 3271.771973] ? lock_downgrade+0x6d0/0x6d0 [ 3271.772444] ? find_held_lock+0x2c/0x110 [ 3271.772911] ? create_io_thread+0xf0/0xf0 [ 3271.773386] ? ksys_write+0x12d/0x260 [ 3271.773832] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3271.774389] __do_sys_fork+0x8a/0xc0 [ 3271.774817] ? kernel_thread+0xf0/0xf0 [ 3271.775281] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3271.775878] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3271.776465] ? trace_hardirqs_on+0x5b/0x180 [ 3271.776964] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3271.777549] do_syscall_64+0x33/0x40 [ 3271.777976] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3271.778565] RIP: 0033:0x7f04c97d0b19 [ 3271.778992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3271.779210] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3271.781128] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3271.781140] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3271.781145] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3271.781151] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3271.781157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3271.781163] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:11:14 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3271.805488] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 00:11:14 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x33}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:14 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x18}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:14 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:14 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000500)={{0x1, 0x1, 0x18, r0, {0x1, 0x2}}, './file0\x00'}) ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000540)={0x0, 0x7f, "82114b", 0x3f, 0x9}) r3 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r3, 0x0, 0x2e) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:11:14 executing program 4: fork() (fail_nth: 86) 00:11:14 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:14 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3272.037871] FAULT_INJECTION: forcing a failure. [ 3272.037871] name failslab, interval 1, probability 0, space 0, times 0 [ 3272.040631] CPU: 0 PID: 29150 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3272.042103] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3272.043881] Call Trace: [ 3272.044440] dump_stack+0x107/0x167 [ 3272.045221] should_fail.cold+0x5/0xa [ 3272.046030] ? vm_area_dup+0x78/0x290 [ 3272.046848] should_failslab+0x5/0x20 [ 3272.047675] kmem_cache_alloc+0x5b/0x310 [ 3272.048536] ? lock_downgrade+0x6d0/0x6d0 [ 3272.049420] vm_area_dup+0x78/0x290 [ 3272.050214] ? _cond_resched+0x12/0x80 [ 3272.051048] ? copy_page_range+0x24e9/0x3810 [ 3272.052033] ? vm_area_alloc+0x110/0x110 [ 3272.052910] ? vm_iomap_memory+0x190/0x190 [ 3272.053818] ? __sanitizer_cov_trace_pc+0x4/0x60 [ 3272.054838] ? __vma_link_rb+0x540/0x700 [ 3272.055718] copy_process+0x291b/0x7800 [ 3272.056608] ? __cleanup_sighand+0xb0/0xb0 [ 3272.057534] ? lock_acquire+0x197/0x470 [ 3272.058394] ? find_held_lock+0x2c/0x110 [ 3272.059281] kernel_clone+0xe7/0x980 [ 3272.060080] ? lock_downgrade+0x6d0/0x6d0 [ 3272.060953] ? find_held_lock+0x2c/0x110 [ 3272.061823] ? create_io_thread+0xf0/0xf0 [ 3272.062703] ? ksys_write+0x12d/0x260 [ 3272.063564] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3272.064595] __do_sys_fork+0x8a/0xc0 [ 3272.065379] ? kernel_thread+0xf0/0xf0 [ 3272.066220] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3272.067347] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3272.068431] ? trace_hardirqs_on+0x5b/0x180 [ 3272.069353] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3272.070443] do_syscall_64+0x33/0x40 [ 3272.071280] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3272.072358] RIP: 0033:0x7f04c97d0b19 [ 3272.073155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3272.077048] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3272.078657] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3272.080175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3272.081678] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3272.083197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3272.084698] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:11:33 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:33 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x34}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:33 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x33}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:33 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/module/srcutree', 0x0, 0xb1) r5 = getpgrp(0xffffffffffffffff) r6 = pidfd_open(r5, 0x0) pidfd_getfd(r6, 0xffffffffffffffff, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000800)={0x81, 0x1, 0x9, 0x0, 0x0, [{{r2}, 0x100000000}, {{r1}, 0x8000}, {{r3}, 0x10000}, {{r1}, 0x1}, {{r0}, 0xab9a}, {{r1}, 0x4}, {{r1}, 0x1}, {{r4}, 0x9}, {{r6}, 0x1}]}) r7 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r7, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) lseek(0xffffffffffffffff, 0x100000000, 0x3) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:11:33 executing program 4: fork() (fail_nth: 87) 00:11:33 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c055", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:11:33 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a00010000000000000000000000e000000200005fb98334b1f7f8e0f6450000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:11:33 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_expedited', 0x22902, 0x0) mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000008, 0x1010, r4, 0x6) r5 = getpgrp(0xffffffffffffffff) pidfd_open(r5, 0x0) sendmsg$AUDIT_SET(r4, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x38, 0x3e9, 0x400, 0x70bd2c, 0x25dfdbfc, {0x2, 0x1, 0x2, r5, 0xffffff00, 0xfffff000, 0x5, 0x1}, ["", "", ""]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20044810) [ 3290.668237] FAULT_INJECTION: forcing a failure. [ 3290.668237] name failslab, interval 1, probability 0, space 0, times 0 [ 3290.670640] CPU: 1 PID: 29384 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3290.672109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3290.673858] Call Trace: [ 3290.674425] dump_stack+0x107/0x167 [ 3290.675206] should_fail.cold+0x5/0xa [ 3290.676029] ? create_object.isra.0+0x3a/0xa20 [ 3290.676997] should_failslab+0x5/0x20 [ 3290.677799] kmem_cache_alloc+0x5b/0x310 [ 3290.678660] create_object.isra.0+0x3a/0xa20 [ 3290.679643] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3290.680806] kmem_cache_alloc+0x159/0x310 [ 3290.681675] vm_area_dup+0x78/0x290 [ 3290.682479] ? _cond_resched+0x12/0x80 [ 3290.683277] ? copy_page_range+0x24e9/0x3810 [ 3290.684222] ? vm_area_alloc+0x110/0x110 [ 3290.685063] ? up_write+0x191/0x550 [ 3290.685810] ? vm_iomap_memory+0x190/0x190 [ 3290.686665] ? downgrade_write+0x3a0/0x3a0 [ 3290.687543] ? anon_vma_interval_tree_insert+0x277/0x450 [ 3290.688636] ? __vma_link_rb+0x540/0x700 [ 3290.689481] copy_process+0x291b/0x7800 [ 3290.690316] ? __cleanup_sighand+0xb0/0xb0 [ 3290.691186] ? lock_acquire+0x197/0x470 [ 3290.692008] ? find_held_lock+0x2c/0x110 [ 3290.692831] kernel_clone+0xe7/0x980 [ 3290.693577] ? lock_downgrade+0x6d0/0x6d0 [ 3290.694414] ? find_held_lock+0x2c/0x110 [ 3290.695222] ? create_io_thread+0xf0/0xf0 [ 3290.696105] ? ksys_write+0x12d/0x260 [ 3290.696888] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3290.697881] __do_sys_fork+0x8a/0xc0 [ 3290.698632] ? kernel_thread+0xf0/0xf0 [ 3290.699444] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3290.700510] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3290.701550] ? trace_hardirqs_on+0x5b/0x180 [ 3290.702414] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3290.703472] do_syscall_64+0x33/0x40 [ 3290.704242] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3290.705284] RIP: 0033:0x7f04c97d0b19 [ 3290.706035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3290.709792] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3290.711370] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3290.712833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3290.714299] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3290.715774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3290.717238] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:11:33 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x34}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:33 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x33}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:33 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x35}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:33 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x35}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:48 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r1 = getpgrp(0xffffffffffffffff) r2 = pidfd_open(r1, 0x0) pidfd_getfd(r2, 0xffffffffffffffff, 0x0) write(r2, &(0x7f0000000180)="1d5a0dbefbb903f38d649f7d0a978ae33107b4290667622ea1f328c240428a8eebddc1229f7a3e645f8e4d70493225f5f67849aa7098e6aed16c3880c64256ca23dbcf3063783c0cfcfbf7d95b180d6ff267cdb3c9d92253c22b0df31b224b6e70d3b2f0fef3ca6c9e092890c12e6152598b5990e8167b195fa7a3839ef38af5083c22937579a1b4e7bd9bc602ecf9dc7c0f933771e98c70630436e25c101391a8a2dd6c0e2d3d0dff794cd65da88aaf596eaf5cd2", 0xb5) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r3, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:11:48 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x34}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3306.377787] FAULT_INJECTION: forcing a failure. [ 3306.377787] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3306.380415] CPU: 0 PID: 29810 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3306.381856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3306.383564] Call Trace: [ 3306.384116] dump_stack+0x107/0x167 [ 3306.384867] should_fail.cold+0x5/0xa [ 3306.385661] __alloc_pages_nodemask+0x182/0x600 [ 3306.386629] ? trace_hardirqs_on+0x5b/0x180 [ 3306.387539] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3306.388813] alloc_pages_current+0x187/0x280 [ 3306.389729] pte_alloc_one+0x16/0x1a0 [ 3306.390518] __pte_alloc+0x1d/0x330 [ 3306.391276] copy_page_range+0x1b62/0x3810 [ 3306.392235] ? vm_iomap_memory+0x190/0x190 [ 3306.393117] ? up_write+0x191/0x550 [ 3306.393875] ? downgrade_write+0x3a0/0x3a0 [ 3306.394745] ? down_write_killable+0x180/0x180 [ 3306.395709] ? __vma_link_rb+0x540/0x700 [ 3306.396556] copy_process+0x759b/0x7800 [ 3306.397421] ? __cleanup_sighand+0xb0/0xb0 [ 3306.398305] ? lock_acquire+0x197/0x470 [ 3306.399143] ? find_held_lock+0x2c/0x110 [ 3306.400138] kernel_clone+0xe7/0x980 [ 3306.400920] ? lock_downgrade+0x6d0/0x6d0 [ 3306.401789] ? find_held_lock+0x2c/0x110 [ 3306.402648] ? create_io_thread+0xf0/0xf0 [ 3306.403537] ? ksys_write+0x12d/0x260 [ 3306.404350] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3306.405373] __do_sys_fork+0x8a/0xc0 [ 3306.406158] ? kernel_thread+0xf0/0xf0 [ 3306.406987] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3306.408098] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3306.409167] ? trace_hardirqs_on+0x5b/0x180 [ 3306.410137] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3306.411311] do_syscall_64+0x33/0x40 [ 3306.412207] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3306.413421] RIP: 0033:0x7f04c97d0b19 [ 3306.414304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3306.418786] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3306.420625] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3306.422284] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3306.423968] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3306.425621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3306.427418] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:11:48 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c0550000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:11:48 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000000000000000000000009cb0ee9a59a884604133c4b3f597b549551bc61ac774b936cb2bb4b00ec3800cbbe56286ba7a4aab9f10ff1788fd4151ab4d009d1d6c7b4fa57bc8d42669122d6b599640e9ae2a4f21c41c8430c9c12a189caa177f0b849baec9234f9e1e50d27bcf20e164ba4e2e4816769368f050acd50db7be8118088d426dd5ce5a2ae89c203f508c9ea437c550b7e1121da040009b8ebcb47f0d4a3a4b2136eb70ab43185f181b483a619217d4d393db70ff492f2bb55a8de40788ea9a7fd014a70b81a5fae664915cec8d53d48c39fb5da0a3971833b94fe6c70bb900445e17bca33ddcbbda136bf34755da9c938121fdace6657cefe1765aef3f7e7684ced8fcc8ace4492f62e1ff95d4f1153528e5255673ef77a6aad0bdf76d3e68"], 0xfc}}, 0x0) pread64(r2, &(0x7f0000000a80)=""/4096, 0x1000, 0x8) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x4, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) fork() mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xf, 0x11, 0xffffffffffffffff, 0x10000000) r4 = getpgrp(0xffffffffffffffff) r5 = pidfd_open(r4, 0x0) pidfd_getfd(r5, 0xffffffffffffffff, 0x0) r6 = inotify_init() copy_file_range(r6, 0x0, r5, &(0x7f0000000500)=0x8000, 0x100, 0x0) pwrite64(r5, &(0x7f0000000240)="5b961801b26bbb5f7e4179b0aacbf51b66ae3657544846dee1f2cdc801604bf21bd9b835847db354337d71c75588e565b5e212a68f3644af71715216f038955d034f77c89f4a2b9a46c8d59f5d4ff04f22d84307b6b85891efa0cdfde3698227e2d38967debdab0d9dc3eb36230156c35864629523bdb95362ae7da181064e8bd74ae227c3760b6c170adf75c7d048490b5372c0c592795b1cc9", 0x9a, 0x0) 00:11:48 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x36}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:48 executing program 4: fork() (fail_nth: 88) 00:11:48 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x36}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3306.447264] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 00:11:48 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000500)=""/102, 0x66}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) pipe2(&(0x7f0000000580), 0x80000) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r4, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x41}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bf2b, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000800)=ANY=[@ANYBLOB="fc0000002c0001000001001d4ab5373e6f010000000000000000000000000000000002000000ffffac0000c45500000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000008a9dfb1fd70cb4432b9a76e16d311df128686c26f13e88fe4e83350e893af3b6ec4bdb23c305363af64e60e4eafb6d9c41b7e8cd1efe29b7ba913fea5ba0c1630fb7ff1be8e649bff8fe83735493b4a2eea312868c4cf83ae58bfae05b9a20a7bae83ad0dc726ccb0104431b7ec5bb05cb8ef33a155eaf9082f32b7f3549d85777ae7fbd52242a8939061bd5378a329d5f66533f334574b192554e1c42a615c3cd5dd869b40bcac8a967f83ea9f58df21597b556071e90eb0fad7deef2887baa73366eb7a5b22d8281b1615a94d449667045376ce9ef7ff4550df355984f98e1579de4efb945f3914a9a2f4404dfc2295d3ea75942c810ae7b4db3b3bd9d26a0d65687fb0e826e771e53c90a283bdae072102cbe66f9c208f6397517ed2562a3e39ed88b105ceda1f519965267cd50581f44ac48a5a6dc3b7a0a7c02226d5cb5425062481c765b6f414407000000000000001e0adfb23630a80acdd120fffc9dde44265ddc3eaf8d6a3b71422ef6d3eb4a3db9a47a771e749deb3470895fceabf8df577d1f052d14d4f22f0276bf7231117da8474077675407440bfd62e75eb3df9e73429fd73b77da8cf47af1047c1af97a96b26f1409035181e6dc2e2eb95d9b57741ec852da357505586a8920d4031b4d4b1ae6c2ce2fda2d6f8ac97da65b1e8c39"], 0xfc}}, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x0, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r5, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() r6 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x7, 0x200000) fcntl$addseals(r6, 0x409, 0x2) io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) 00:11:48 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3306.518228] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=44 sclass=netlink_xfrm_socket pid=29822 comm=syz-executor.7 00:11:49 executing program 4: fork() (fail_nth: 89) 00:11:49 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x35}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:49 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:49 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3306.718207] FAULT_INJECTION: forcing a failure. [ 3306.718207] name failslab, interval 1, probability 0, space 0, times 0 [ 3306.721022] CPU: 1 PID: 29921 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3306.722631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3306.724553] Call Trace: [ 3306.725145] dump_stack+0x107/0x167 [ 3306.725979] should_fail.cold+0x5/0xa [ 3306.726868] ? ptlock_alloc+0x1d/0x70 [ 3306.727792] should_failslab+0x5/0x20 [ 3306.728678] kmem_cache_alloc+0x5b/0x310 [ 3306.729634] ptlock_alloc+0x1d/0x70 [ 3306.730469] pte_alloc_one+0x68/0x1a0 [ 3306.731360] __pte_alloc+0x1d/0x330 [ 3306.732236] copy_page_range+0x1b62/0x3810 [ 3306.733295] ? vm_iomap_memory+0x190/0x190 [ 3306.734280] ? up_write+0x191/0x550 [ 3306.735148] ? downgrade_write+0x3a0/0x3a0 [ 3306.736137] ? down_write_killable+0x180/0x180 [ 3306.737200] ? __vma_link_rb+0x540/0x700 [ 3306.738130] copy_process+0x759b/0x7800 [ 3306.739117] ? __cleanup_sighand+0xb0/0xb0 [ 3306.740148] ? lock_acquire+0x197/0x470 [ 3306.741087] ? find_held_lock+0x2c/0x110 [ 3306.742052] kernel_clone+0xe7/0x980 [ 3306.742935] ? lock_downgrade+0x6d0/0x6d0 [ 3306.743942] ? find_held_lock+0x2c/0x110 [ 3306.744915] ? create_io_thread+0xf0/0xf0 [ 3306.745925] ? ksys_write+0x12d/0x260 [ 3306.746862] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3306.748023] __do_sys_fork+0x8a/0xc0 [ 3306.748878] ? kernel_thread+0xf0/0xf0 [ 3306.749789] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3306.750866] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3306.751846] ? trace_hardirqs_on+0x5b/0x180 [ 3306.752659] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3306.753623] do_syscall_64+0x33/0x40 [ 3306.754312] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3306.755272] RIP: 0033:0x7f04c97d0b19 [ 3306.755990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3306.759430] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3306.760841] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3306.762156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3306.763487] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3306.764813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3306.766130] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:11:49 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x36}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:49 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:11:49 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x68}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:04 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xfe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:04 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:04 executing program 7: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'ipvlan1\x00'}) r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = syz_open_dev$vcsa(&(0x7f0000000500), 0x10000, 0xd61b310ddc0bf8df) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:04 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = getpgrp(0xffffffffffffffff) r5 = pidfd_open(r4, 0x0) pidfd_getfd(r5, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, r5, {r1}}, './file0\x00'}) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:04 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c0550000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:04 executing program 4: fork() (fail_nth: 90) 00:12:04 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xc2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:04 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000440)=ANY=[@ANYBLOB="fc0000000000000000000000ffffac1414009a4f0ce267f901af06cca3688ee45bf4d3ba0bc906d3b6046e6ca97b0d8654e717685990370a94920619746554ad0d331d4760204ab8f07b48d951d5b9b26e941d23ee738792875c71621bf99f056248ee225319824adeddf312be028decb54d0dd8aa91b9ba08f5b100"/137, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3322.305078] FAULT_INJECTION: forcing a failure. [ 3322.305078] name failslab, interval 1, probability 0, space 0, times 0 [ 3322.307599] CPU: 1 PID: 30159 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3322.309034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3322.310752] Call Trace: [ 3322.311308] dump_stack+0x107/0x167 [ 3322.312094] should_fail.cold+0x5/0xa [ 3322.312866] ? create_object.isra.0+0x3a/0xa20 [ 3322.313820] should_failslab+0x5/0x20 [ 3322.314605] kmem_cache_alloc+0x5b/0x310 [ 3322.315459] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3322.316721] create_object.isra.0+0x3a/0xa20 [ 3322.317616] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3322.318842] kmem_cache_alloc+0x159/0x310 [ 3322.319872] ptlock_alloc+0x1d/0x70 [ 3322.320775] pte_alloc_one+0x68/0x1a0 [ 3322.321720] __pte_alloc+0x1d/0x330 [ 3322.322606] copy_page_range+0x1b62/0x3810 [ 3322.323704] ? vm_iomap_memory+0x190/0x190 [ 3322.324756] ? up_write+0x191/0x550 [ 3322.325660] ? downgrade_write+0x3a0/0x3a0 [ 3322.326701] ? down_write_killable+0x180/0x180 [ 3322.327856] ? __vma_link_rb+0x540/0x700 [ 3322.328888] copy_process+0x759b/0x7800 [ 3322.330177] ? __cleanup_sighand+0xb0/0xb0 [ 3322.331479] ? lock_acquire+0x197/0x470 [ 3322.332695] ? find_held_lock+0x2c/0x110 [ 3322.333909] kernel_clone+0xe7/0x980 [ 3322.334983] ? lock_downgrade+0x6d0/0x6d0 [ 3322.336197] ? find_held_lock+0x2c/0x110 [ 3322.337363] ? create_io_thread+0xf0/0xf0 [ 3322.338549] ? ksys_write+0x12d/0x260 [ 3322.339671] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3322.340969] __do_sys_fork+0x8a/0xc0 [ 3322.341910] ? kernel_thread+0xf0/0xf0 [ 3322.342947] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3322.344495] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3322.345826] ? trace_hardirqs_on+0x5b/0x180 [ 3322.346950] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3322.348335] do_syscall_64+0x33/0x40 [ 3322.349478] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3322.350943] RIP: 0033:0x7f04c97d0b19 [ 3322.351962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3322.356867] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3322.359165] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3322.361244] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3322.363257] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3322.365232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3322.367227] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:12:04 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xfe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:04 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:04 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x141}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:05 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x68}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:05 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1a4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:05 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x141}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:05 executing program 4: fork() (fail_nth: 91) 00:12:05 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c0550000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3322.700583] FAULT_INJECTION: forcing a failure. [ 3322.700583] name failslab, interval 1, probability 0, space 0, times 0 [ 3322.702735] CPU: 0 PID: 30356 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3322.704008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3322.705506] Call Trace: [ 3322.706116] dump_stack+0x107/0x167 [ 3322.706894] should_fail.cold+0x5/0xa [ 3322.707683] ? vm_area_dup+0x78/0x290 [ 3322.708422] should_failslab+0x5/0x20 [ 3322.709110] kmem_cache_alloc+0x5b/0x310 [ 3322.709862] ? lock_downgrade+0x6d0/0x6d0 [ 3322.710814] vm_area_dup+0x78/0x290 [ 3322.711735] ? _cond_resched+0x12/0x80 [ 3322.712638] ? copy_page_range+0x24e9/0x3810 [ 3322.713525] ? vm_area_alloc+0x110/0x110 [ 3322.714476] ? vm_iomap_memory+0x190/0x190 [ 3322.715422] ? up_write+0x191/0x550 [ 3322.716168] ? downgrade_write+0x3a0/0x3a0 [ 3322.717038] ? down_write_killable+0x180/0x180 [ 3322.718095] ? __vma_link_rb+0x540/0x700 [ 3322.719040] copy_process+0x291b/0x7800 [ 3322.720000] ? __cleanup_sighand+0xb0/0xb0 [ 3322.720977] ? lock_acquire+0x197/0x470 [ 3322.721884] ? find_held_lock+0x2c/0x110 [ 3322.722816] kernel_clone+0xe7/0x980 [ 3322.723673] ? lock_downgrade+0x6d0/0x6d0 [ 3322.724482] ? find_held_lock+0x2c/0x110 [ 3322.725230] ? create_io_thread+0xf0/0xf0 [ 3322.725996] ? ksys_write+0x12d/0x260 [ 3322.726707] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3322.727596] __do_sys_fork+0x8a/0xc0 [ 3322.728322] ? kernel_thread+0xf0/0xf0 [ 3322.729056] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3322.730012] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3322.730977] ? trace_hardirqs_on+0x5b/0x180 [ 3322.731970] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3322.732960] do_syscall_64+0x33/0x40 [ 3322.733664] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3322.734618] RIP: 0033:0x7f04c97d0b19 [ 3322.735306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3322.739241] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3322.740689] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3322.741972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3322.743266] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3322.744616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3322.745932] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:12:05 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xfe}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 4: fork() (fail_nth: 92) 00:12:21 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1b7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x141}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1b7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500000000000000000000000003000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000004000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:21 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4040084) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c0551e00"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000500), &(0x7f0000000540)={'L-', 0x80}, 0x16, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3338.984822] FAULT_INJECTION: forcing a failure. [ 3338.984822] name failslab, interval 1, probability 0, space 0, times 0 [ 3338.987355] CPU: 0 PID: 30707 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3338.989206] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3338.991307] Call Trace: [ 3338.991986] dump_stack+0x107/0x167 [ 3338.992902] should_fail.cold+0x5/0xa [ 3338.993858] ? create_object.isra.0+0x3a/0xa20 [ 3338.994965] should_failslab+0x5/0x20 [ 3338.995885] kmem_cache_alloc+0x5b/0x310 [ 3338.996861] create_object.isra.0+0x3a/0xa20 [ 3338.997875] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 00:12:21 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) write$binfmt_aout(r3, &(0x7f0000000800)={{0x0, 0x7, 0x1f, 0xb8, 0x22b, 0x5, 0x317}, "8f811525d00c66ddc1749e204fc904123ad4eff95ea07ece6bbdb98d1076a45f", ['\x00', '\x00', '\x00', '\x00']}, 0x440) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_expedited', 0x22902, 0x0) mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000008, 0x1010, r5, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000c40)=@getsa={0x1b0, 0x12, 0x200, 0x70bd26, 0x25dfdbfd, {@in6=@local, 0x4d3, 0x2, 0x33}, [@coaddr={0x14, 0xe, @in6=@private1={0xfc, 0x1, '\x00', 0x1}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x6000}, @algo_crypt={0x13e, 0x2, {{'ctr-twofish-3way\x00'}, 0x7b0, "862eca9be3f42b2e7f03ea6d517492bfb62b97c90fb4d2a9f6d3c2022cf91e94f2c90139a9ba8c4daff8b8cbb28f2d684d196cc76796eb12d89858841e122190abfdbf19ec1e47d321ccbe3a058cfab79ab107d34a6800c95a997a7cc4a79c57c52b048400f1b18c0b9194e0a99f2cd105cff7d4a257fcf99f90a3fa36e484f16b7b7466930c97e6d15d3dbbce05ef2fbc2fee2a5d3a3169907815d41873e57d27c725df37133ccac5fdb144793b8341d0266d5915f87837fef1e2f6cfd8853669265a9ba3fe96c188132976a80d3e6aefafe9fd41085e8eca10819579b2301a3c7d6eaea4c7f90e5feb4382b52ea42453455bb68e0f"}}, @user_kmaddress={0x2c, 0x13, {@in6=@loopback, @in=@local, 0x0, 0xa}}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x4004001}, 0x4000000) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3338.999016] kmem_cache_alloc+0x159/0x310 [ 3339.000704] vm_area_dup+0x78/0x290 [ 3339.001475] ? _cond_resched+0x12/0x80 [ 3339.002371] ? copy_page_range+0x24e9/0x3810 [ 3339.003446] ? vm_area_alloc+0x110/0x110 [ 3339.004403] ? vm_iomap_memory+0x190/0x190 [ 3339.005357] ? up_write+0x191/0x550 [ 3339.006183] ? downgrade_write+0x3a0/0x3a0 [ 3339.007161] ? down_write_killable+0x180/0x180 [ 3339.008277] ? __vma_link_rb+0x540/0x700 [ 3339.009216] copy_process+0x291b/0x7800 [ 3339.010091] ? __cleanup_sighand+0xb0/0xb0 [ 3339.010978] ? lock_acquire+0x197/0x470 [ 3339.011765] ? find_held_lock+0x2c/0x110 [ 3339.012593] kernel_clone+0xe7/0x980 [ 3339.013380] ? lock_downgrade+0x6d0/0x6d0 [ 3339.014253] ? find_held_lock+0x2c/0x110 [ 3339.015110] ? create_io_thread+0xf0/0xf0 [ 3339.016003] ? ksys_write+0x12d/0x260 [ 3339.016799] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3339.017804] __do_sys_fork+0x8a/0xc0 [ 3339.018564] ? kernel_thread+0xf0/0xf0 [ 3339.019390] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3339.020475] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3339.021545] ? trace_hardirqs_on+0x5b/0x180 [ 3339.022435] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3339.023487] do_syscall_64+0x33/0x40 [ 3339.024271] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3339.025325] RIP: 0033:0x7f04c97d0b19 [ 3339.026100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3339.029901] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3339.031476] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3339.032984] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3339.034489] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3339.036002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3339.037496] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:12:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x175}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1d8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1c0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1b7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x300}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1f0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1c8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:21 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:38 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x342}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:38 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/60, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:38 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:38 executing program 4: fork() (fail_nth: 93) 00:12:38 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x32a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:38 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x27e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:38 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x5, 0x13, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:38 executing program 7: ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x100}}, './file0\x00'}) r1 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000540), &(0x7f0000000040)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r1, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r3 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r3, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3356.395140] FAULT_INJECTION: forcing a failure. [ 3356.395140] name failslab, interval 1, probability 0, space 0, times 0 [ 3356.397829] CPU: 0 PID: 31051 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3356.399426] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3356.401276] Call Trace: [ 3356.401870] dump_stack+0x107/0x167 [ 3356.402679] should_fail.cold+0x5/0xa [ 3356.403524] ? vm_area_dup+0x78/0x290 [ 3356.404398] should_failslab+0x5/0x20 [ 3356.405244] kmem_cache_alloc+0x5b/0x310 [ 3356.406141] ? lock_downgrade+0x6d0/0x6d0 [ 3356.407042] vm_area_dup+0x78/0x290 [ 3356.407844] ? _cond_resched+0x12/0x80 [ 3356.408713] ? copy_page_range+0x24e9/0x3810 [ 3356.409712] ? vm_area_alloc+0x110/0x110 [ 3356.410604] ? vm_iomap_memory+0x190/0x190 [ 3356.411521] ? up_write+0x191/0x550 [ 3356.412326] ? downgrade_write+0x3a0/0x3a0 [ 3356.413246] ? down_write_killable+0x180/0x180 [ 3356.414243] ? __vma_link_rb+0x540/0x700 [ 3356.415132] copy_process+0x291b/0x7800 [ 3356.416031] ? __cleanup_sighand+0xb0/0xb0 [ 3356.417014] ? lock_acquire+0x197/0x470 [ 3356.418060] ? find_held_lock+0x2c/0x110 [ 3356.419116] kernel_clone+0xe7/0x980 [ 3356.420043] ? lock_downgrade+0x6d0/0x6d0 [ 3356.421150] ? find_held_lock+0x2c/0x110 [ 3356.422157] ? create_io_thread+0xf0/0xf0 [ 3356.423223] ? ksys_write+0x12d/0x260 [ 3356.424332] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3356.425580] __do_sys_fork+0x8a/0xc0 [ 3356.426497] ? kernel_thread+0xf0/0xf0 [ 3356.427491] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3356.428830] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3356.430142] ? trace_hardirqs_on+0x5b/0x180 [ 3356.431267] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3356.432544] do_syscall_64+0x33/0x40 [ 3356.433401] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3356.434714] RIP: 0033:0x7f04c97d0b19 [ 3356.435685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3356.440083] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3356.442120] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3356.443918] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3356.445612] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3356.447172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3356.448726] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:12:38 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2b5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:38 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3c7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:38 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x33b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:39 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x700}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:39 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x410}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:39 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x900}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:39 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_TIMEOUT={0xb, 0x5, 0x0, 0x0, 0x6, &(0x7f0000000000)={0x0, 0x3938700}, 0x1, 0x1, 0x1, {0x0, r4}}, 0x7) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r5, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:39 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:39 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xf00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:39 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xf00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:53 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:53 executing program 4: fork() (fail_nth: 94) 00:12:53 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xfa3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:53 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:53 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xf26}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:53 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) r2 = getpgrp(0xffffffffffffffff) r3 = pidfd_open(r2, 0x0) pidfd_getfd(r3, 0xffffffffffffffff, 0x0) dup(r3) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r4, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000800)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a000000000000051e04f3c1943e3d100000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000000000000000000000001ea601855d2b54fdbce90e1a8d63cb3d49254f0ebc484387a4e45388546a193248dc5741c4695ffff82d513ce909f3bdea51d38fdb5bef08ba74ac37177890c0fbbc96597293ea016fe3547f18ba26b3fdb5cec2db86bda03f75903843ebbb2bec57130fbf35b8f8294e89f7b444247d16b7298363dd280d91482941c3fb823b1dde321c4813c3b33f170255e0b64ff7c1073829d0baab2efb6157db2288239e47ed3f608e70923c3b5213f43e4cf8c6ee43cc2ab5a01f41543b8bd8d2b9179532e9"], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:12:53 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000c80)={0x0, 0x0}) recvmmsg$unix(r1, &(0x7f0000000c00)=[{{&(0x7f0000000500)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)=""/163, 0xa3}], 0x1}}, {{&(0x7f0000000800), 0x6e, &(0x7f0000000700)=[{&(0x7f0000000880)=""/167, 0xa7}, {&(0x7f0000000940)=""/245, 0xf5}, {&(0x7f0000000a40)=""/110, 0x6e}, {&(0x7f0000000ac0)=""/134, 0x86}], 0x4, &(0x7f0000000b80)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x48}}], 0x2, 0x40000000, &(0x7f0000000cc0)={r4, r5+60000000}) write$vga_arbiter(r6, &(0x7f0000000d00)=@target={'target ', {'PCI:', '2', ':', '4', ':', 'd', '.', '6'}}, 0x13) fork() 00:12:53 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000440)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac14140042411cfd196ba0d204a0e9c8643ee93fc7a5e333418688476278994472219bb45d3ea11eeda6ebc869fb3253d635b7c1d0c52fb38eca9a8abc2e2dca5c706e8dec1e536511164bef5c56f7edb6bcd86e4405df56566217425d1f548442275f782c62c935c2557dceeaf928414231dead36e8a925fb31292250a97d8856d8c737539ce89f435eb83a696719d62d0ea6275761dd854ac841052a141578d1d5469d64d0", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1114aa00000000000000001faacfbc0000000000000000000000000000000000000000000000000000e13b8386e33dd5a000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000045000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/182], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc010000000000000000000000000000cac50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ftruncate(r2, 0x1) fork() [ 3371.218502] FAULT_INJECTION: forcing a failure. [ 3371.218502] name failslab, interval 1, probability 0, space 0, times 0 [ 3371.220994] CPU: 0 PID: 31601 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3371.222488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3371.224274] Call Trace: [ 3371.224856] dump_stack+0x107/0x167 [ 3371.225645] should_fail.cold+0x5/0xa [ 3371.226473] ? ptlock_alloc+0x1d/0x70 [ 3371.227300] should_failslab+0x5/0x20 [ 3371.228125] kmem_cache_alloc+0x5b/0x310 [ 3371.229003] ptlock_alloc+0x1d/0x70 [ 3371.229788] pte_alloc_one+0x68/0x1a0 [ 3371.230608] __pte_alloc+0x1d/0x330 [ 3371.231390] copy_page_range+0x1b62/0x3810 [ 3371.232360] ? vm_iomap_memory+0x190/0x190 [ 3371.233268] ? up_write+0x191/0x550 [ 3371.234049] ? downgrade_write+0x3a0/0x3a0 [ 3371.234951] ? down_write_killable+0x180/0x180 [ 3371.235928] ? __vma_link_rb+0x540/0x700 [ 3371.236829] copy_process+0x759b/0x7800 [ 3371.237717] ? __cleanup_sighand+0xb0/0xb0 [ 3371.238629] ? lock_acquire+0x197/0x470 [ 3371.239494] ? find_held_lock+0x2c/0x110 [ 3371.240377] kernel_clone+0xe7/0x980 [ 3371.241173] ? lock_downgrade+0x6d0/0x6d0 [ 3371.242056] ? find_held_lock+0x2c/0x110 [ 3371.242922] ? create_io_thread+0xf0/0xf0 [ 3371.243816] ? ksys_write+0x12d/0x260 [ 3371.244651] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3371.245691] __do_sys_fork+0x8a/0xc0 [ 3371.246569] ? kernel_thread+0xf0/0xf0 [ 3371.247569] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3371.248895] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3371.250191] ? trace_hardirqs_on+0x5b/0x180 [ 3371.251275] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3371.252573] do_syscall_64+0x33/0x40 [ 3371.253507] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3371.254793] RIP: 0033:0x7f04c97d0b19 00:12:53 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x104f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3371.255728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3371.260537] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3371.262441] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3371.264208] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3371.265981] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3371.267750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3371.269530] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:12:53 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:53 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x15f3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:53 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xd6b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:53 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xf00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:12:53 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/62, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:10 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x174f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:10 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:10 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x8, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:10 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1a4b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:10 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1004}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:10 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = getpgrp(0xffffffffffffffff) r4 = pidfd_open(r3, 0x0) pidfd_getfd(r4, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r4, {0x3}}, './file0\x00'}) sendmsg$nl_xfrm(r2, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r2, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:10 executing program 4: fork() (fail_nth: 95) 00:13:10 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, &(0x7f00000002c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2600440}, 0xc, &(0x7f0000000280)={&(0x7f0000000d80)=ANY=[@ANYBLOB="64050000", @ANYRES16=0x0, @ANYBLOB="00002bbd7000ffdbdf250e0000006400018008000300030000000800030001000000140002007767300000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020067656e65766531000000000000000000fa7e8cd23eac4f3b2925040000", @ANYRES32=0x0, @ANYBLOB="08000300030000000c030280540003802800018008000100feffffff09000200b39d742e00000000080001000200000008000100060000000c00018008000100fd1800001c00018008000100e1000000040003000800010009000000040003000800020005000000b00103809c0001800800010009000000060002007d0000000800010000080000080001008100000008000100020000000400030005000200000000005f00020000272778e01c02006488c450b0010000000000000002000000f90a1760f155275c1409c2aa7c81913d3b68fe476daf88f701cedc2e666a578df9bfd3f1a1a2b0cfbb7cdf70d773498d797a1cb6e5b95461cfabc332d9ae6180c692000400030020000180080001000001000004000300040003000400030004000300040003001400018008000100c40000000400030004000300640001805f00020000272778e01c02006488c450b0010000000000000002000000f90a1760f155275c1409c2aa7c81913d3b68fe476daf88f701cedc2e666a578df9bfd3f1a1a2b0cfbb7cdf70d773498d797a1cb6e5b95461cfabc332d9ae6180c692004c00018008000100000001000800010004000000070002002d23000008000100000000000400030013000200875c5d7b7d5cb62b782a2a40e42e0000090002005c29402c00000000040003002c00018005000200000000000800010002000000080001000000000008000100090000000800010009000000fc00038008000180040003000c000180070002004d2d00001c0001800a0002002d2e407d240000000400030004000300040003000c0001800400030004000300b40001800500020000000000150002002f6465762f7667615f61726269746572000000000400030008000100030000005f00020000272778e01c02006488c450b0010000000000000002000000f90a1760f155275c1409c2aa7c81913d3b68fe476daf88f701cedc2e666a578df9bfd3f1a1a2b0cfbb7cdf70d773498d797a1cb6e5b95461cfabc332d9ae6180c692000400030004000300150002002f6465762f7667615f61726269746572000000000400030008000180040003002000018008000300000000001400020064756d6d7930000000000000000000004c0001800800030002000000140002006261746164765f736c6176655f3100001400020073797a5f74756e0000000000000000000800030002000000080003000100000008000100", @ANYRES32=r2, @ANYBLOB="040002806c000180140002006d6163766c616e30000000000000000008000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468305f746f5f626f6e6400000014000200726f73653000000000000000000000001400020076657468305f746f5f626f6e640000000800030004000000dc000280040001000800020003000000420005008af753b6140b7c026b87861f4084be718943d5c20270310d4a15295041866f27d59e59b9f3f5d583c06aaa2cb158d3d44b25b7918722974ebfb4ca552f6a000088000500fe1f278fa7bf9b0f0fe6ca9ff7606b7378fd7759662f61e0b7b61e2629a5770fd25ef6da68dd81c4fd21d572e318fa3ded2cb6d5008e5de75ad31ecd710298d6be6042408abb7f74d54905afbe3b02ee6e54062f1e546b2b226d0115cf33d4b4bde5e1ba532fd0456b06779f0d73e0b868b55393edce892d0d19be4fdc4a74931d0e03002800018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468305f746f5f68737200000000"], 0x564}, 0x1, 0x0, 0x0, 0x4000080}, 0x4040000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r6 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r6, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000800)=ANY=[@ANYBLOB="fc0000001a000100000000000000000054eec98e2c0000000000afe6000000ffffac141400e000000200000000000000000000000000fe4e00000000000000000000000000c846c67898981f193eea195f415030368c8214365d829fd3156e2fa058957c94a90a348907344f5c70948566ad6a54c1a256f0d2d88a2570dde2011c65886009b418cfd6c4aa11b78eec07b42437e69dc6ef7c93e55bb77f19a0866c35d61945d8214c1d75a0ca0f1498c81d0d254fe7526bd8c6b7c85db05d18e910c3ec72991a7e935fee28508e255061a4954eb38a912b229f092c6543f08e956e7a0d2fab0ca9845dc83769bc70197c46571e7d865c64b72e8f0a6f55b98c9364af19bd7c16c2077ae6c44a75aaa71f7633c0", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) flock(r1, 0x10) fork() [ 3388.578689] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3388.588161] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3388.588984] FAULT_INJECTION: forcing a failure. [ 3388.588984] name failslab, interval 1, probability 0, space 0, times 0 [ 3388.592700] CPU: 0 PID: 32042 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3388.594186] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3388.595967] Call Trace: [ 3388.596552] dump_stack+0x107/0x167 [ 3388.597343] should_fail.cold+0x5/0xa [ 3388.598170] ? create_object.isra.0+0x3a/0xa20 [ 3388.599158] should_failslab+0x5/0x20 [ 3388.599972] kmem_cache_alloc+0x5b/0x310 [ 3388.600849] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3388.602141] create_object.isra.0+0x3a/0xa20 [ 3388.603079] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3388.604199] kmem_cache_alloc+0x159/0x310 [ 3388.605111] ptlock_alloc+0x1d/0x70 [ 3388.605893] pte_alloc_one+0x68/0x1a0 [ 3388.606713] __pte_alloc+0x1d/0x330 [ 3388.607507] copy_page_range+0x1b62/0x3810 [ 3388.608467] ? vm_iomap_memory+0x190/0x190 [ 3388.609384] ? up_write+0x191/0x550 [ 3388.610164] ? downgrade_write+0x3a0/0x3a0 [ 3388.611067] ? down_write_killable+0x180/0x180 [ 3388.612043] ? __vma_link_rb+0x540/0x700 [ 3388.612929] copy_process+0x759b/0x7800 [ 3388.613818] ? __cleanup_sighand+0xb0/0xb0 [ 3388.614730] ? lock_acquire+0x197/0x470 [ 3388.615589] ? find_held_lock+0x2c/0x110 [ 3388.616473] kernel_clone+0xe7/0x980 [ 3388.617285] ? lock_downgrade+0x6d0/0x6d0 [ 3388.618174] ? find_held_lock+0x2c/0x110 [ 3388.619041] ? create_io_thread+0xf0/0xf0 [ 3388.619937] ? ksys_write+0x12d/0x260 [ 3388.620775] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3388.621831] __do_sys_fork+0x8a/0xc0 [ 3388.622632] ? kernel_thread+0xf0/0xf0 [ 3388.623493] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3388.624643] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3388.625764] ? trace_hardirqs_on+0x5b/0x180 [ 3388.626705] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3388.627828] do_syscall_64+0x33/0x40 [ 3388.628642] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3388.629754] RIP: 0033:0x7f04c97d0b19 [ 3388.630561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3388.634576] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3388.636234] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3388.637790] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3388.639340] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3388.640892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3388.642449] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:13:11 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x135b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:11 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:11 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:11 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:11 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x1800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:11 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x20d7}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:11 executing program 4: fork() (fail_nth: 96) 00:13:11 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3388.969960] FAULT_INJECTION: forcing a failure. [ 3388.969960] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3388.972564] CPU: 0 PID: 32282 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3388.974043] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3388.975811] Call Trace: [ 3388.976376] dump_stack+0x107/0x167 [ 3388.977165] should_fail.cold+0x5/0xa [ 3388.977985] __alloc_pages_nodemask+0x182/0x600 [ 3388.978981] ? percpu_ref_put_many.constprop.0+0x4e/0x110 [ 3388.980160] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3388.981474] alloc_pages_current+0x187/0x280 [ 3388.982418] pte_alloc_one+0x16/0x1a0 [ 3388.983230] __pte_alloc+0x1d/0x330 [ 3388.984018] copy_page_range+0x1b62/0x3810 [ 3388.984986] ? vm_iomap_memory+0x190/0x190 [ 3388.985893] ? up_write+0x191/0x550 [ 3388.986677] ? downgrade_write+0x3a0/0x3a0 [ 3388.987674] ? down_write_killable+0x180/0x180 [ 3388.988763] ? __vma_link_rb+0x540/0x700 [ 3388.989641] copy_process+0x759b/0x7800 [ 3388.990528] ? __cleanup_sighand+0xb0/0xb0 [ 3388.991436] ? lock_acquire+0x197/0x470 [ 3388.992292] ? find_held_lock+0x2c/0x110 [ 3388.993174] kernel_clone+0xe7/0x980 [ 3388.993969] ? lock_downgrade+0x6d0/0x6d0 [ 3388.994844] ? find_held_lock+0x2c/0x110 [ 3388.995712] ? create_io_thread+0xf0/0xf0 [ 3388.996610] ? ksys_write+0x12d/0x260 [ 3388.997430] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3388.998466] __do_sys_fork+0x8a/0xc0 [ 3388.999259] ? kernel_thread+0xf0/0xf0 [ 3389.000108] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3389.001232] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3389.002331] ? trace_hardirqs_on+0x5b/0x180 [ 3389.003254] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3389.004354] do_syscall_64+0x33/0x40 [ 3389.005163] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3389.006256] RIP: 0033:0x7f04c97d0b19 [ 3389.007054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3389.011001] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3389.012640] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3389.014167] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3389.015697] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3389.017232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3389.018770] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:13:11 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2b00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:26 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:26 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) io_uring_enter(r2, 0x1261, 0xe8f0, 0x3, &(0x7f0000000280)={[0x574c768b]}, 0x8) getpgrp(0x0) syz_io_uring_setup(0x644c, &(0x7f0000000500)={0x0, 0xc8e0, 0x20, 0x1, 0x206, 0x0, r2}, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000002c0), &(0x7f0000000840)) r3 = gettid() r4 = pidfd_open(r3, 0x0) pidfd_getfd(r4, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x0, r4) r5 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r5, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000880)=ANY=[@ANYBLOB="fc0000001a00010000000000b1e2f14fb0a3d799000000000000ffffac141400e00000020000000000000000000000000000000000000000000500000000000018f228b07cac317b53236144a54fbeeeb30570e4d1d4dc3bf15f6a9596b777b20afecf68375092e2fabdac03a6ca1358d5c624cdc94559410f42fade349aab6ea1457c79067bdf1eb6f6422eabfcfa1e01d30e4a4519", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:26 executing program 4: fork() (fail_nth: 97) 00:13:26 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/63, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:26 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x216b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:26 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2c6b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:26 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0xa139, 0x10, 0x5, 0x2f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r1 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r1, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8921, &(0x7f0000000a80)={'wlan1\x00'}) sendmsg$TIPC_CMD_SHOW_PORTS(r4, &(0x7f00000007c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) r5 = getpgrp(0xffffffffffffffff) r6 = pidfd_open(r5, 0x0) pidfd_getfd(r6, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000500)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRESDEC, @ANYRES16=r6], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() write$binfmt_elf64(r2, &(0x7f0000002e40)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x1, 0x47, 0x3, 0xffffffffffffff90, 0x3, 0x3, 0x6, 0x3d1, 0x40, 0x8e, 0x5, 0x80, 0x38, 0x1, 0xa39, 0xfffe, 0x1ff}, [{0x3, 0x7, 0x10001, 0x80, 0x4, 0x2, 0x3ff, 0x3f}], "31efa432f9142b405e40a3a2d461fde17213747f8370bd8f0cbfb4a5e7759b7a658fb76b2ac31d9e38cdb4cba685449477fb7afb345a65461dc6bbaad9b4c7c149aaf8c0af4dfdb7d3c72fbdc2ccd231194ca87fade63fcbdee6fcada84fb0907d881b53562a828137e36cf01b7c613e1312322e8230fab622ba10073f5715d86f759492288847cd0dc36ec4a3ad925eee2274bba193469237494a9e131431088162327903d3d31f9144c86992201062cf0604f6a7d7348c01054b128043cc63db9bf5247f8c6bcbdccc59287b36cc49dbdd865e4a53c51bb9094f9c060229070ff2ae1c46dc6e9a0886c0af20f2204ad711c3fc7ac2040ffb49df8380104c8842063a0fee434b02773c9cbb556f24344998da1c1cf8cd321468034ce03374eadf9b6cb2248c8eb8e16cd2e1ca353fe5ba9107e19e44484c7b2c571afbb2dbc9bd422ebec8c13132e3fa38ea721ffaefaf372b3f2708067beee18de3c2fa547b668cfeb66040cf2b697654656f6f53ba5a8a65fb7e49d3f6065318fd4f16107d5147cc268cc595ff7dc5b4856b2dcd87b203caf61b9c257402eee67981a92e67f7ecb154de335e6416d42e30ca3064fa2c6133c4d40aa3527a95a73efe25752e1fb7d37041a5a69630c05bfc327dd438e50e4f0bc7ce5fdf0375fa7476e5cc8604e983ecf07b056f229e759a67c9cdff5e05d7b8589a42008bfb48b1ee1a618e0a8ee1188627ea1416421d1df67420024b83cc1322751421a7d9101c918615fee6952916d7886483c5f69a68d62871b156c46a7b5c4f32c3d91f6cad3822b479261e2961da9538e27f943e5202e669ef3a2a9cf959a7c36b85083e4df0200e2cde536a2453524964bb91846244bfdcc68fda0c81261dd0dceb1e1c3bdb0beab84a11f68fbe9ce80cc3bb1ebe8293ab8778cb420180f20cb2c639708e3a33ef1632aac47a441954f93b31aba94653db48b49f6c5f3b1efe3d4a1382d6807bc0e28347b48aef578cda35e785c3bb6064894051e555a13c5cc85041c79b54485544ad7aa177940e9c6da3713a9d210843bba878a4257f360e3db96d3d88af99d24e61917fda8b2bbad3455365dbd1fe7c31950f8588efbab4ec1962559e60c2d7fb9d40a74ba08d40f0ee00018c535ed0f1dc6df4746a9ca31e8d1592a06b002f80a405e1b157cbe93b4a9ace8d9f586c8c8be91ba324dea5342c5f18bf624f6eabf6743a8a3ca5aa3aa821c394bd145458c5b86f861d21845dcdbfde6495b9aabb61fb8c300eb5d5b148bd00e6701af0a44a51f394d406e863381ad619705d5d68caa6890bc2b124efacff23e3ad35229e4e5deaec824a9542dac8146ea49ace41d5b355cca00a4968b49f78f246d3351b6ce84233d4c34d922e4de4d4d9ccddb5d00d78721b373bda8d05c633c921d008487771bc13b9839e5b8aebbb4750703ba75acd8358de9a2512e89e08b91493ffaf955553e42f7d3569ed926300472d9ce86880c62d9551e4ac755f881b35fabd0aed4c6e1aff6d4466e875777120e5d5da5f59e4f06f0cc6bd02aff96a38ff8e857bbd394c99cb7436934bbda800e7771b6c01a2cb0ef2bb764a7c0e338352ba2ec2885c0051c75114b93e551bd3133aedefcf470e81a54a536728b58c066a0180cc76e9804079afd1b56b3809259417c373b3cd2a0ce967f8776dd800da4d9793679fe3b2851daaf8eb4c1403bb6100f1b8813e3ecbaf50d45e2b592e81605d1be1357ce970e73587d0da53fd318b802d637801cfbccf114e4c0b676885535681130ef86427e90113fe930166b83802b20df1b5d668b2bed00733310f229825da13b908a1571be53894bf1e837af61646641f45aa700ab31deeb04dc465d06dedcebe22028a5da2257410b3d1717aa837ab64e07db66d10b5a1869780b5db8e4e7f85d91afeacc534fa8b5f923d87611f05554965066d11c79b6e1dbc25317c87a0f4f15d80fa0c1ecbe8dcd10b7eeffbd60e28ea4041b551154592b4ebc4efa8e16339e3b2a03260e60894b5bc870f06617dceb5697bc3499f420a9175b21f00de17d8abcf4116c61036cf286e85430ccef2dc885cc0c6ccbc7f0a28581327b9603f9e5fc3287c10b3c3c012d93cc259a8124331bf2230f387b74b6eeed5d6d220f74c07b720072c24667cc5c5ee1efd0b1ed0aa8917960036e140378856865f9dfa74006bab8d87e575d8cbdd646dd830e05913ebc0cf84b08606f1b99563ff8998f308f803380001c38a19a21ba07a6540da593e64eba7eca7dad4a179c21fa868789a0055c89aa05dcde7f1f083e81b03deb7b523beaed2034473263c37f675583a78e33bd6fe59ff6f64e9c11ae507672286ae64a7817d540411ccc889dd474428285784a89ec78db6b399c09f4f01c553a8f0795d3510df73cdb54a0d8ac49bc96780deb257955dea0b78edcd8b0281e3e79e8bb860431f69537a28b405942bf22d4faed57f0b119ade3b93011688a74e20040d7ce4396850c77ddabd8ed0929283aa6ff3e55ec0c0710205984985ed2159f11f187f99fc6656125c82859deed156c8330f814d4be4fb9888473fe1db383fafbc7febb23ea4592c3b804e0eacc9cafa2047a05f0483377d39c2c6778b67b0d80a51850c692c0f6df89cb4885ea402424077e93aee0d920da32cd0115e3ee04cbf25cfced26cf07f17cb97a223a435d39b5b526df186be693c839b16bb03ab839658c5aea7c4d53556aee8a4296aace4508a1b923025758b7400354128c2df95683a4a245e0e6c8e270f1fd4dae05155b6ad58c06f72b054166a12e00d00d0d591a64ec5b2190f3df5746e7ff3de63e2aaa984491ff075d26a238a13bd15336f0500ebc49dc685a32b3be379c28b00c1376d62eccd1e0d4e8ce11e0c9e47fcff6eb8932769513624210577615e99f09a07e629b56925d5dc5568507779772d178e00cb0058733d0fc042a87e803bfc682bcd33af73517d96ee95286151de89ec2a13cf57ab73710c530be3bdc4931fd0e03675eb882ef1fd8bf6a8d259092d19d841aecb7b2596e89402c9ca855eaa8cd9470b44a79d4a54ecf0fc77fc368ff5a2200cd973e33f53cc3c0d330ac4fcafbb965a8938c066f0d6d014287e82a810cff877c36c05c6ef4e94a99dbac3c2345d03dba7f245005c12102a22b29296751464805b04e298ec8b0de06b1b86e40cab90ff4d351702d157da7cd5a1798dc7892b26d84e31bc3d5b476bcf3ce66db817a3c7787b506046437a3ca9cc6b7b7a1e6c7d425f9ad3585c17a5bad606c8dab2c54df01274ca23f2ac08f94445377b52682a481fbc9ffd905afd7c69a7c7dcec0d0bdd9a36afd011d6cb4fcca03f0ae40f069bff3acf58537c66baf4d589f8e010728f181d7577a59d91d0df1d843fe85fd07252df404e80109396a3afd26128598ef9af77be1f30d3e4a403c40d660bc5f94ae901ca86d43bfea941c631af3d437f105daa60781692b4989bba9c060141a2c3b5482e5f8d8a5973cd81c5e888b93265d0ff13691b1fa507dc9b0f815a2dd2ad14e2c41728a9b24ec7e86531d066d171e2c34bd57027239b6ec6097a65703ea7120a4d5880407ea63f4d5ddd52a5be57fdc4bd303d908994911b7bd5f261c82587e7df8855624e17891ec03127772cecb410efe9c26ef8b3bba6db5980008b000922b2bf98602cfbd8a728e225d7b14938948e0a211a6eba929c16ccdcd7d2a9a320dada0bf44f8ddbcd62777747fcd3ba0d895c3972880502f0d5f7b17338dbe14f41977d1dffef6ad0b88c261215399827bc95b7d0880d0ed1c76062f45ae76ded867e61d85264dfff2d39333f746d9b6697b81cfc9d4f87cbb35cc30c9b2b83ceb7b484f950782bba8a7d3d762d2bf2a745b955355db27dfb9b9e293684ad8a67e8a76ce4e92a668727e9c86572794b5f36b1072421ae8556de0851dd404554211718117d5a2d5f6b76c511c0f9776778fb23299469fd29e75e2dd6c9682b5dc3b30cc4e62e43575350d9d8ce09bb6a8744f198808501aa1f94d496a8d231cf4cfd7bf7a2d913399fb387ea804ec0180bf30a991535cd74656fb10d4caf007bf5d2ea528de9aaa0ff552e70a3504dfa03671d54489d1cf8574780e3f5895c6e8d65e573df2c5e0ccacb87bdff634a50ab72334485174335a24b0bf4505a34f637254cf0b44df1b4d5adb46e6dd1f51e1cbd97542c281f051f0912483adb74a86bbfea3583b7912410c3936c369cb348f9465d5115ca2f95aff973dc0de97f0b32f5c6cae9cc01624f5dc4f7b83034254986187b5088edef74ed33afc2af5b7b15e60aed05cd6275b6061b4bd1ee9df0b59a2daac515f6e8fc717707b483afbf96d788ae8208367feed0e6e7082e392a702dcf2b6aee0bde67d5ab06ab7b1e9d2f9e6c9b4bce4ce90f51653b6819b5f41a216da21a3d48da431918f8282760cb6564734a18bb741bd243c257cca3adc438260f7bdb217bc61cd5479039c8d734d98bbc80a360273bb9896ff80fe23e6c5e7727546b93e705e7244c8748ff6d6d026b0b947080efeb5d8471e2a69993c9854247675e6fdf8ecba18a8c40167415f8f7c88ca4ba04ec67968159440e958131c7f95dbe88b982f9087506a5127d028a90c37a500535ff4e3c2085f14781a7c7c8ad9752f7dad22ab0bfb8529f9d21abc7e7f1ceb568ec1dad217223304bc112ce02078a54552e2813ca27e6fd726ca7691f27fb3d40b07279aeee34df7656054f2dbe0b3586321a8cfa1d6bb6b9a012189ab31595549205519e117824c77ed4e1a691bcf953a3c817a3427bad6ed70b3332ebfd489db350092bd8f29f8fd8c6898e08b316e45c7900198bbff700707744ebf6aa1e79ce16f6ad1699f4335f79cb243d06a50a47cf8d1f17ca40b18a69d96eca2d7fcd86b86f0ecdd6091879610c0520c93ef5545b0f92bd91a615889b7094d5510910dfe3f9122ddc8e11787d154c1029c1b25b34e87977e3a07c22e6173bd8891d94844e81c5746af0622975bed54892943ad74b593170df263db9cd14b862e444acb080de1f2d8947bebade431c141aedba87f62ff65b4d98d8b681fd0385bf1c7965f2bb8000c399466bb205bb34f22bd3f0aae555bbd7b4eba84bcb1a178a0c97d690de84b34da0db02262a93eb3c0285c880380061c1d39fdd64dfceab5f1f6f0aa9e3627530189d237239ddf800f3309925c710df5ca15f25b04e371011ea95d32d60e722baf921719e467055e4b5fce0a4c1fc5892b89262fee6676f0b538e1a9834c987318035ccacd77b8908765910a0d16736f436d57dddd4571ddb3e59c8971e665e603e6a4dafabeb6ff6cccf2db42b894bf6b4c3eb033a96ef7051fd6be4a4e0895a220dda9a0e6ba66b71227ca89a080e74d85d6594815245c98180985cbc3cd70a73efc3fb157b16d1c4d377520a6a5f44fd5db6b1a7d0c1ce1eda211e78893b69e21a0a7e7a5ac10e799e736d67c22512419cd0fc75800c39272a222dca6a4703595cb370f9626c0e65dfc1864f97d753eac187ca0e1c62a0a5efa276a1aa24910c95b2ab67e75800b44d971d740b4972a285458d9161d93641a3a212d3b645bfd2f76475dd0d4346971db060287d52d97499338938fa85ea3948023142d3757d59366643a47723695ef657313c774534a05741ffdfc278d1a52aa91acba959d6840f9b076cdd0a34c09bd3c8b1aa255661afe2929aa1958e709be6236141233f29143cb628779c947b98cdf903bbaaca0cac77b408d9992539f8dbebb667df178c51be729aa11c83", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x1978) [ 3404.572803] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. 00:13:26 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @ipv4, 0xffffffff}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a64485f108d23b76be1cc06a8682449c18157c739b4f25f709", 0x19}, {0x0}, {0x0}], 0x3}, 0x0, 0x4000000}, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x1, 0x0, r1, &(0x7f0000000440)=0x80, &(0x7f0000000480)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0, 0x80800, 0x0, {0x0, r4}}, 0x8) ioctl$BTRFS_IOC_SEND(r3, 0x40489426, &(0x7f0000000340)={{r0}, 0x2, &(0x7f0000000200)=[0xffffffffffffff73, 0x80], 0x2, 0x4, [0xfffffffffffffffa, 0x8, 0x3, 0xfffffffffffffff9]}) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r5, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="900200003a0000012dbd7000fbdbdf2505000000fe228bc54929e2f6342dc9f78254613bdca42e3fb41bfed7d41f2f12e3fc4dde9fc962311b697e1d2474ab25478713755c74d336ab714cfcc0f152d9ae8c2916c9b4631d07b82fe691ea5b6ba12a87001f8c72006680d154489bbd2bbc9b5be99181a2f3bdae4c6fc7903116049bc429283337880634e4cd1749ab00c7d942c6cc9034ce1bce9b63afae1ee543722300795d4736a63019baa7818279cd587d18a421f82d8cbfa7114f0753e54c6a99fe508d913eb70d0582b6d33b3b9f2b4bff0fb6c0590000b3012780c97fbe42d9675da46aceb4df10e93cd0925283c127f3b145449443542b3a4c3585b9b141a08b6df188a3644329c75ea5425f7aa17d122427973e8b8f20f957e527db4e842b52bfbf4ccb503ea80b5135b437eaefe0502e4fe0b3ecf1e8498ac42207c9aa5b891b58a0f6d21e12a16af021d83f4472ed421c8052f4925eda013f0ded553b38e2dae112996d1b0317843e1cf4d335fd14275fce5cd288abe9ed1c0b350b0d1b035b5cc724f977b434a53deee34edff17254a1160f92fa59c5950b3afde1f95bae199be5c4275f6e6de99e378c2191f6a2a0c290c04550a0df56282447cc4626f6ae9cf041e44f754cd2cc37086a4eb47893bbfb819423da36b137246745e80cba1e4adcc509ab048212e1e4601efe59fa8e88be6ca116d6dfe49cfd16adf152affd768c17d1da27661338e9a11e334b7eab59e0aa75817feebd6283dfe538f393e8007c88eceace0214df0902c212b3768e1185a3a32365f90391d835241318e40d91389f3c9389b2b836f176d05ad8ebca09bc162513b580be8ae12f637ae991847becfed9b9e6b89c2de60c001900090000000000000008008f00", @ANYRES32, @ANYBLOB='\x00\x00\x00'], 0x290}, 0x1, 0x0, 0x0, 0x40}, 0x4040) r6 = getpgrp(0xffffffffffffffff) r7 = pidfd_open(r6, 0x0) pidfd_getfd(r7, 0xffffffffffffffff, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r7, 0x82307201, &(0x7f0000000700)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) fork() 00:13:27 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2b00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3404.581463] FAULT_INJECTION: forcing a failure. [ 3404.581463] name failslab, interval 1, probability 0, space 0, times 0 [ 3404.584106] CPU: 0 PID: 32480 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3404.585686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3404.587454] Call Trace: [ 3404.588040] dump_stack+0x107/0x167 [ 3404.588848] should_fail.cold+0x5/0xa [ 3404.589676] ? create_object.isra.0+0x3a/0xa20 [ 3404.590671] should_failslab+0x5/0x20 [ 3404.591482] kmem_cache_alloc+0x5b/0x310 [ 3404.592381] create_object.isra.0+0x3a/0xa20 [ 3404.593348] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3404.594455] kmem_cache_alloc+0x159/0x310 [ 3404.595355] vm_area_dup+0x78/0x290 [ 3404.596148] ? _cond_resched+0x12/0x80 [ 3404.597019] ? copy_page_range+0x24e9/0x3810 [ 3404.598018] ? vm_area_alloc+0x110/0x110 [ 3404.598903] ? vm_iomap_memory+0x190/0x190 [ 3404.599829] ? up_write+0x191/0x550 [ 3404.600630] ? downgrade_write+0x3a0/0x3a0 [ 3404.601575] ? down_write_killable+0x180/0x180 [ 3404.602576] ? __vma_link_rb+0x540/0x700 [ 3404.603466] copy_process+0x291b/0x7800 [ 3404.604370] ? __cleanup_sighand+0xb0/0xb0 [ 3404.605316] ? lock_acquire+0x197/0x470 [ 3404.606195] ? find_held_lock+0x2c/0x110 [ 3404.607106] kernel_clone+0xe7/0x980 [ 3404.607918] ? lock_downgrade+0x6d0/0x6d0 [ 3404.608982] ? find_held_lock+0x2c/0x110 [ 3404.609892] ? create_io_thread+0xf0/0xf0 [ 3404.610825] ? ksys_write+0x12d/0x260 [ 3404.611713] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3404.612961] __do_sys_fork+0x8a/0xc0 [ 3404.613863] ? kernel_thread+0xf0/0xf0 [ 3404.614765] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3404.615937] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3404.617105] ? trace_hardirqs_on+0x5b/0x180 [ 3404.618097] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3404.619263] do_syscall_64+0x33/0x40 [ 3404.620114] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3404.621289] RIP: 0033:0x7f04c97d0b19 [ 3404.622145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3404.626346] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3404.628085] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3404.629740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3404.631375] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3404.633038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3404.634671] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:13:27 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3404.659646] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 00:13:27 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:27 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x316c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:27 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3300}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:27 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3400}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3300}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r1 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) memfd_create(&(0x7f0000000200)='unlock all\x00', 0x7) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r2, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = fork() rt_sigqueueinfo(r3, 0x32, &(0x7f0000000180)={0xc, 0x6, 0x404}) write$vga_arbiter(r1, &(0x7f0000000000)=@unlock_all, 0xb) 00:13:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 4: fork() (fail_nth: 98) [ 3419.910668] FAULT_INJECTION: forcing a failure. [ 3419.910668] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3419.913912] CPU: 0 PID: 32914 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3419.915756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3419.918024] Call Trace: [ 3419.918723] dump_stack+0x107/0x167 [ 3419.919683] should_fail.cold+0x5/0xa [ 3419.920690] __alloc_pages_nodemask+0x182/0x600 [ 3419.921967] ? percpu_ref_put_many.constprop.0+0x4e/0x110 [ 3419.923423] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3419.925105] alloc_pages_current+0x187/0x280 [ 3419.926291] pte_alloc_one+0x16/0x1a0 [ 3419.927305] __pte_alloc+0x1d/0x330 [ 3419.928282] copy_page_range+0x1b62/0x3810 [ 3419.929523] ? vm_iomap_memory+0x190/0x190 [ 3419.930656] ? up_write+0x191/0x550 [ 3419.931627] ? downgrade_write+0x3a0/0x3a0 [ 3419.932761] ? down_write_killable+0x180/0x180 [ 3419.934026] ? __vma_link_rb+0x540/0x700 [ 3419.935126] copy_process+0x759b/0x7800 [ 3419.936227] ? __cleanup_sighand+0xb0/0xb0 [ 3419.937403] ? lock_acquire+0x197/0x470 [ 3419.938454] ? find_held_lock+0x2c/0x110 [ 3419.939532] kernel_clone+0xe7/0x980 [ 3419.940525] ? lock_downgrade+0x6d0/0x6d0 [ 3419.941691] ? find_held_lock+0x2c/0x110 [ 3419.942771] ? create_io_thread+0xf0/0xf0 [ 3419.943873] ? ksys_write+0x12d/0x260 [ 3419.944915] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3419.946217] __do_sys_fork+0x8a/0xc0 [ 3419.947189] ? kernel_thread+0xf0/0xf0 [ 3419.948226] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3419.949663] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3419.951005] ? trace_hardirqs_on+0x5b/0x180 [ 3419.952145] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3419.953527] do_syscall_64+0x33/0x40 [ 3419.954423] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3419.955603] RIP: 0033:0x7f04c97d0b19 [ 3419.956467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3419.960743] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3419.962547] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3419.964189] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3419.965885] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3419.967534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3419.969195] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:13:42 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000600)=""/250, 0xfa}, {&(0x7f0000000500)=""/121, 0x79}, {&(0x7f0000000800)=""/152, 0x98}, {&(0x7f00000008c0)=""/4096, 0x1000}, {&(0x7f0000000700)=""/1, 0x1}, {&(0x7f00000018c0)=""/83, 0x53}, {&(0x7f0000001940)=""/162, 0xa2}, {&(0x7f0000001a00)=""/244, 0xf4}, {&(0x7f0000001b00)}], 0x9) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:42 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:42 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = fork() r5 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) ftruncate(r5, 0x1000003) write$eventfd(r5, &(0x7f0000000140)=0xfff, 0x8) readv(r5, &(0x7f0000000200)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1) openat$cgroup_procs(r5, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x80, 0x9, 0x7f, 0x1, 0x7f, 0x0, 0x8, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_config_ext={0xa254}, 0x140, 0xfffffffffffffffc, 0xffffff4c, 0x1, 0x7, 0x1, 0x7, 0x0, 0x1, 0x0, 0x10001}, r4, 0xf, r5, 0x10) 00:13:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x260f}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2a03}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3600}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3c00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3400}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 4: fork() (fail_nth: 99) 00:13:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2b00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3420.269472] FAULT_INJECTION: forcing a failure. [ 3420.269472] name failslab, interval 1, probability 0, space 0, times 0 [ 3420.271919] CPU: 1 PID: 33090 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3420.273383] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3420.275133] Call Trace: [ 3420.275695] dump_stack+0x107/0x167 [ 3420.276464] should_fail.cold+0x5/0xa [ 3420.277283] ? vm_area_dup+0x78/0x290 [ 3420.278091] should_failslab+0x5/0x20 [ 3420.278896] kmem_cache_alloc+0x5b/0x310 [ 3420.279750] ? lock_downgrade+0x6d0/0x6d0 [ 3420.280631] vm_area_dup+0x78/0x290 [ 3420.281423] ? _cond_resched+0x12/0x80 [ 3420.282210] ? copy_page_range+0x24e9/0x3810 [ 3420.283184] ? vm_area_alloc+0x110/0x110 [ 3420.284023] ? vm_iomap_memory+0x190/0x190 [ 3420.284932] ? up_write+0x191/0x550 [ 3420.285703] ? downgrade_write+0x3a0/0x3a0 [ 3420.286592] ? down_write_killable+0x180/0x180 [ 3420.287548] ? __vma_link_rb+0x540/0x700 [ 3420.288415] copy_process+0x291b/0x7800 [ 3420.289306] ? __cleanup_sighand+0xb0/0xb0 [ 3420.290201] ? lock_acquire+0x197/0x470 [ 3420.291061] ? find_held_lock+0x2c/0x110 [ 3420.291940] kernel_clone+0xe7/0x980 [ 3420.292707] ? lock_downgrade+0x6d0/0x6d0 [ 3420.293592] ? find_held_lock+0x2c/0x110 [ 3420.294445] ? create_io_thread+0xf0/0xf0 [ 3420.295323] ? ksys_write+0x12d/0x260 [ 3420.296131] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3420.297156] __do_sys_fork+0x8a/0xc0 [ 3420.297933] ? kernel_thread+0xf0/0xf0 [ 3420.298773] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3420.299869] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3420.300955] ? trace_hardirqs_on+0x5b/0x180 [ 3420.301856] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3420.302930] do_syscall_64+0x33/0x40 [ 3420.303695] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3420.304764] RIP: 0033:0x7f04c97d0b19 [ 3420.305528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3420.309384] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3420.310927] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3420.312412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3420.313910] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3420.315399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3420.316876] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:13:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3f00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3600}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:42 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002355462d2defc900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c000800"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:42 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x2e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3420.515681] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 00:13:43 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000800)=ANY=[@ANYBLOB="fc002c01fb00001a000100000000000000000000000000000000000000f7ffac141400e000000200"/67, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:43 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:43 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3c00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:43 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3300}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4101}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3436.931473] FAULT_INJECTION: forcing a failure. [ 3436.931473] name failslab, interval 1, probability 0, space 0, times 0 [ 3436.934621] CPU: 1 PID: 33476 Comm: syz-executor.4 Not tainted 5.10.234 #1 [ 3436.936073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3436.937797] Call Trace: [ 3436.938463] dump_stack+0x107/0x167 [ 3436.939549] should_fail.cold+0x5/0xa [ 3436.940687] ? create_object.isra.0+0x3a/0xa20 [ 3436.941943] should_failslab+0x5/0x20 [ 3436.942901] kmem_cache_alloc+0x5b/0x310 [ 3436.943920] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3436.945439] create_object.isra.0+0x3a/0xa20 [ 3436.946534] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3436.947978] kmem_cache_alloc+0x159/0x310 [ 3436.949024] ptlock_alloc+0x1d/0x70 00:13:59 executing program 4: fork() (fail_nth: 100) 00:13:59 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3df0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:59 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3400}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:59 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4203}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:59 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r3 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r3, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_expedited', 0x22902, 0x0) mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000008, 0x1010, r4, 0x6) io_uring_setup(0x6626, &(0x7f0000000500)={0x0, 0xde4e, 0x0, 0x1, 0x31a, 0x0, r4}) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x6, &(0x7f0000000680)={0x1000, 0x0, &(0x7f0000000640)=[r2]}, 0x1) getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f00000006c0)={'IDLETIMER\x00'}, &(0x7f0000000700)=0x1e) sendmsg$nl_xfrm(r5, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) signalfd4(r2, &(0x7f0000000600), 0x8, 0x80800) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:59 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:13:59 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x1a3}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) readv(0xffffffffffffffff, &(0x7f0000000200), 0x1) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) syz_io_uring_setup(0x7edd, &(0x7f0000000940)={0x0, 0x7dda, 0x1, 0x2, 0x21b}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000009c0), &(0x7f0000000a00)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r3 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r3, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {0x7}}, './file0\x00'}) sendmsg$NFNL_MSG_CTHELPER_DEL(r5, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000000209010200000000000000000200000001faaaa2d6276c7b5fd27958a7e76b08"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x8001) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000a40)={&(0x7f0000000780)={0x1c, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c000}, 0x44085) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x8, 0x10, r5, 0x0) syz_io_uring_setup(0x5558, &(0x7f0000000800)={0x0, 0x1193, 0x747c8f371339c9d9, 0x2, 0x160, 0x0, r0}, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff0000/0x2000)=nil, &(0x7f0000000880), &(0x7f00000008c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000900)=@IORING_OP_FALLOCATE={0x11, 0x5, 0x0, @fd_index=0x9, 0x9, 0x0, 0x4, 0x0, 0x1}, 0x0) fork() [ 3436.950222] pte_alloc_one+0x68/0x1a0 [ 3436.951336] __pte_alloc+0x1d/0x330 [ 3436.952338] copy_page_range+0x1b62/0x3810 00:13:59 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8921, &(0x7f0000000a80)={'wlan1\x00'}) r6 = syz_mount_image$tmpfs(&(0x7f0000000ac0), &(0x7f0000000b00)='./file0\x00', 0x100, 0x1, &(0x7f0000000b80)=[{&(0x7f0000000b40)="2b456933aa8de52d9c54082bf0f0609af9dbce914ac3a96bb984daaa443025cb81a46a1304ab29d48344fd2825f662", 0x2f, 0x2}], 0x1040031, &(0x7f0000000180)={[{@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x6d, 0x31, 0x35, 0x36, 0x78]}}], [{@obj_user={'obj_user', 0x3d, '\x03\x03\x03\x03\x03\x03'}}, {@dont_measure}, {@subj_role={'subj_role', 0x3d, '%['}}, {@obj_type={'obj_type', 0x3d, '#'}}, {@euid_eq={'euid', 0x3d, 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x61, 0x61, 0x64, 0x38, 0x35, 0x6e, 0x37, 0x65], 0x2d, [0x31, 0x65, 0x66, 0x64], 0x2d, [0x64, 0x63, 0x35, 0x38], 0x2d, [0x56, 0x63, 0x66, 0x34], 0x2d, [0x0, 0x61, 0x39, 0x36, 0x33, 0x33, 0x0, 0x66]}}}, {@permit_directio}, {@measure}]}) close_range(r6, r2, 0x0) [ 3436.953691] ? vm_iomap_memory+0x190/0x190 sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000a40)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20202000}, 0xc, &(0x7f0000000a00)={&(0x7f0000002e40)={0x1dd0, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x8001, 0x4f}}}}, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x64}, @NL80211_ATTR_CSA_IES={0x118, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x8, 0xffff]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xe, 0xba, [0x3, 0x3ff, 0x1, 0xfffd, 0x2]}, @beacon_params=[@NL80211_ATTR_IE_ASSOC_RESP={0x35, 0x80, [@gcr_ga={0xbd, 0x6}, @peer_mgmt={0x75, 0x18, {0x1, 0x8696, @val=0x81, @val=0x3b, @val="29100bd23252726edd67d2420e56d927"}}, @erp={0x2a, 0x1, {0x1, 0x1}}, @sec_chan_ofs={0x3e, 0x1, 0x3}, @mesh_config={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x3, 0x8}}]}, @NL80211_ATTR_IE_PROBE_RESP={0x3b, 0x7f, [@challenge={0x10, 0x1, 0xf6}, @erp={0x2a, 0x1, {0x1}}, @rann={0x7e, 0x15, {{0x0, 0x1}, 0x4e, 0xff, @device_b, 0x80000001, 0x5, 0x1}}, @chsw_timing={0x68, 0x4, {0x78ba, 0x2}}, @link_id={0x65, 0x12, {@initial, @device_b, @device_b}}]}, @NL80211_ATTR_IE_ASSOC_RESP={0xc, 0x80, [@mesh_chsw={0x76, 0x6, {0x40, 0x3, 0x40, 0x8}}]}, @NL80211_ATTR_IE_PROBE_RESP={0x28, 0x7f, [@dsss={0x3, 0x1, 0x1}, @prep={0x83, 0x1f, @not_ext={{}, 0x4, 0x72, @device_b, 0xd43, "", 0x2, 0x58e5, @broadcast, 0xc292}}]}, @NL80211_ATTR_IE_PROBE_RESP={0x1e, 0x7f, [@sec_chan_ofs={0x3e, 0x1, 0x2}, @link_id={0x65, 0x12, {@from_mac=@device_b, @device_a, @device_b}}, @sec_chan_ofs={0x3e, 0x1, 0x3}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x3c]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x6, 0xbb, [0xbd]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x4, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x8, 0xba, [0x2610, 0x20]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xa, 0xbb, [0x0, 0x8, 0x9]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x8, 0x6]}]}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xe9}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xf4}, @NL80211_ATTR_CSA_IES={0x2c, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x6, 0xba, [0xfff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x6, 0xbb, [0xff]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x1, 0x0]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x10, 0xbb, [0x59, 0x1ff, 0x6, 0x0, 0x3, 0x4]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xd}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_CSA_IES={0x68, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0xe, 0xbb, [0x8, 0x7fff, 0x9, 0x1, 0x2]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xe, 0xbb, [0x59fd, 0xf8cc, 0x7d, 0x9, 0x1]}, @beacon_params=[@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_IE={0x31, 0x2a, [@mesh_chsw={0x76, 0x6, {0x1, 0xad, 0xb, 0x1ff}}, @gcr_ga={0xbd, 0x6, @broadcast}, @mesh_config={0x71, 0x7, {0x0, 0x0, 0x1, 0x1, 0xffffffffffffffff, 0xc0, 0x40}}, @link_id={0x65, 0x12, {@from_mac=@device_b, @device_b, @broadcast}}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0xa, 0xbb, [0x401, 0x1, 0x400]}]}, @NL80211_ATTR_CSA_IES={0x1bbc, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x10, 0xba, [0x9, 0x6, 0x2, 0x7, 0x2, 0x7]}, @beacon_params=[@NL80211_ATTR_PROBE_RESP={0x7dd, 0x91, "76100c3bd133a87b0812a1390d21573374e6beb5348fc61228cca694896c4655bf2b79e7344939d25fafd5fca9d38eaf263c0b87656cd8772970f037ec8af74675fca7eeb0002e6c14afeda6adb8b0b1e052e0dec87ffb3fe7d91999e9bc42067084f3cea701bc01f01ebdfd93e77237df6de692ffe76c74209e5e86386fc2e5d485527917393b8debc11208d7919a7bb451ae845a33a5ef174e795db16b175c59dceb43d42912dc3069a1f93f08469ed06f7b9fcfc2f3c83f79bdf7f43c9ed68d1e67e972304ad25d11e2cb84af2ec6a1f213d7c91a91d9ea96ddf3d7736e4cb0db10da6608685a1623b694f96d6b3c2fc29bb51b47ecf83de7aa4eb2b061db07095f733ac1f77aebfe178906a6baa7ea707e7b75da4cf6c1b5ee15f8591b2b122197b8059e9b40e32e294ab18372133aecd7d8cdc8d28f46398ea0300da81aedfaeef04ee6c491503afde180295b697a6f53301522719f6d10356d2048fd0c27b5952ec0e2a386cae47a5bf2f28534a05f92c0614ddfd66f740ddaf0748a9e0fa22a7519fe4ffe589ddd5c24d0f37487dccbc6fc56acc1053a39e4bd5629dd24e8bdf9dd6dad8375b5b2869e4f38f6b20d40ded77bc9d03308f77f2022a655a0bebfab4e97edaf4213ea3180fce1f267072bda3cba1bbb43cec2e410455917f8b5340f128e289ad166683148c1e1f2d7ab002c4c3562df8cdcbfd644c97196153b78d9cd64ef1b0d03cd85e895e3368491304fe755ce1e92d7377ed764b1c91216b375bc090b10c2deb39a54d829303f2199d77a0b514820126489d6fa151658c2f4eec0a175bb639692c07d6f27e1089eb3b83d19a725040812a5bd15f8d27a86aa2464bd9e79b10f4a438e777c72f3e66bc9be86f5cc53717904c73848455f1946c6099a203f854571b7ad7f23b0da1b2a90e2f276796f48d5c9e71c1769702eca7bc62ac3c171f2e0e79c6d070a2f05c68678d9ac945d8f4e9b43e156a97aa5dce8e0937db9eff0068a67935986c28750bf92ba0b0d4ea19922a043e1b678ba8142137747067c56d69a75aac00d69a7398e43b87e40e94ac3199c5f1d3acec2efd5555f1292492dd6ffde8a68410691da489cc12d2e94cafac1c2876b7154ec7ba38031282c2f75a3bc2d052a52bc26ed7d8f4de2f6a6a0d28b0dc224da0c4ffcffdfe265686cd6a65df6423645d8f3781036ad99b2a30ee44470df4a2eea6812ed7a359493241c92194b78bde342f80120feb1b3602ea025439daaa28e938b9e71685ac7d8fb7dbb2a87394c823137f2148edc2a677813e5a1c4569a10abc90c7876a683c6b46c2a55f3428691d9c35fdf9e37c931d1a7600030997a2ec0c43387681c5f7679d7ea418ec815f6080c663d36c069ec2dfccaf7fff1326928edfc6abde2b964ab2bfdbef294b7689243807d99bf394d41b63a93f19e87e5f627a017fcf13cf4f59bd06269d556d0480fa1c6511e2f469a41adf72285e00800c63c28e089706f417efc7bbda379d37980c6b75d9bec6bfaf259b401871c2308f036000cb8e8b45c0ed11a4cefb4fb850d7b483541c2f2442caceb2768d94b8051cd457425c8a7b67094cdd95415cfc01bb7f9434853266a5c9a697dfd41cffaf66ebd290ac1763ee13a7a1bc6dbe1af2c62197cb9a2e7ea5f0692249d4fa4442526b2b503978efd0ad46311eb37a3af5e8149921ecc88cfc712e86aec14011783e8c39d3db17b401ceaee78ac0b6d152b8ef20e5de9b3e8f2dcb179d60d75104fd270d756ffee319eb3787722a20c85527ede5c345b28ad80f5e5db0afe28965cbf46a75c80aa3f229ed700f9a9b7eabdad19f0a885998344361443bf7ed07624f8825aced81f37a1cc148a7b0ca38f5185cfe3ec97be11dba19dbe9f5af28dfac2d92fa5a269c1d18cce5ec19485cb417f79b98af8d1fe20286e7a6a2a83be75e2d1a848d30b1f1b2b8b768faadfdd5b9a6906a1545c72b032565445c669bb3bbe372a6b74839c0e18c86ea850fdf6e773fd0b0c016716106d483d3fa0e730ac2c41fbe2210fbd91bdfdd45ae32898bc365c604fb63a9ce24f44425b1a210bc14cfb7f26b1f0a561e05e6027cf57f919a3e774519ddf1b665f87991a3a9ff8b39df64dd536e430a41d63eac6583ead0263614c01bd7802174078ce11334dd691caf585e0fb1095d7d5e927629bd7ebf63c5e7e718d5251a023ce717b28697c1e441536501fff716e86c5dc59b687dddc612e42c3bb051b0299cb06bce534918cbb42b19d5042ea0e9994327607ed350e775b9968f2e320fc657e6de6a78aac6c597b6af57fee6dcf829243d03a72935f3b33efd88e6e4dcd134d115698aaa51a847af2761196db6f2befface193fe981f21cd317d76f75f5c21a4f8bcc58ee2ce87fb5f3c05d76e82ab938f23b26f4acf46283bed4663b6a7ce465ada6647a6502ab8128f76caa31af2998572bda3dc2ba8f44d34c1c4d3fcb5e5ba1f7c94d67d6cdf235c7dbc156e07a4e74fceacc5bcd19b0efbc2043373741013a6a9d64d3b51964e48fbb83d67a516406b5e3ac58da5c135169cad7a8c040d53c63b35ad4bada9b2fedce6e3c8e9b7a7de83d950b1152731f0307f24d20009be9cfc6d6b04d398542b2eda4cf7a10eea8c96a870f6b18770dc5fec2dff4759e309e9e4af5541fb81a133206bed46677169e914759854a23f08e0333a4e3c652c2a1b0978be19602c7f7c51019e29dc91dfa28fb2be96867893522717c0cea8f55c0a73aac5b21c17581984102c320dce411989a6da6a10aaec5bf7e9e56a5236275f99bd77d9daa57c9f48267f5f2740f8d84c015cf084dd585691d"}, @NL80211_ATTR_PROBE_RESP={0x638, 0x91, "16fbfae5fbb856e82a66083907ab9feeb1c165e2daf39ddeeb2e9f1dbaef5b2c96f89cc9fbd2fe7ab100340b9ce563035a9b2f15691b1e2c9dd21bbcad7e28c0a4f8545a83c5420e2cb8062068a4935cccfebc2e2b380e0934cec427b6b41ce1f132025e28a90434ac0fb10ac6f4287cc93a11993a42bab504e548492221f5a0fb5204f0f8721d5bd698c81bd739078a958654d291466c65d2298c45e19f7f1baf8c6fbc9b42f0ff71b969bf1f08497f8df8ba245abdcd12c7a9e4e85aae528bb4b76d9a05b7cc1f310b113e609742f6b5b208f58ab459a195a6803107836ebe04f3e811978a9c328e00319a755dd40858d70b6d7539c516c295b507490cba339e4490c27f5f6b61d948cc83d3889eab680818cdfdd228ccdeec8158c5d4038d1a9a401bd59a5113c616e7d70ff51550d98b5b2087d0393ae42ee59ab94349de685c46b13e6088c95d4dfcb314d85965835f88982dcfe18f4ef71662c1606ee1c4a3ccaf64f214d0601548139cb29fe93cbe4bb24de4ca476be351b24531928d4f7e53767dcafe3d8b7f37ac4fd704a2f8d6ae1842623cf50396d99d573aed625f4f61f0027f15dba261c406c3cadc1526c0dee2db9e4ae24c91b905a9eece202fda313f660cab72e242b9d2902418d99a20d0e5a7cbb68fff2580af6fff368cec0ad1c00f9de65f5f6a0df847a614b6188a3e0c02258dcfd671c6845d170e6b943a6d0d356cfed630a4337e244334b65e87adf74cb482dddee5325bd8942fd858c42ad9437e6b69cea20d5d3cd66c9dfbc13c4bc99b59d0b21dbc0b3985efb1275628057751c4bba1da2059a947c709f338649387c4caa5a6e6526b12d6bf6f617e45835184b80cf656311e0d614e1fa22a85a6a302d000feff320202f7df35e1d98747854c5e7c489fefee97a834ed287f94bc929cf69c10a73ce42a7798a99b4c3031dd847068ad09b64242eb97b9611b7e8c29108849a966897abbe0abcd47281e068cdfd3f7f1fd9c7ffad26a985a41736c8221c1b0572a8bdbf486c4142c9e11c857c5268c28c74157e97789cb1341dc63077c03b988ecb0ef98c7c1c4428746d94ff224ff893f31e68ca6969b644e5ec8cb027fc67f148d8d2d77cee96ecc21b3af18d4b4e8ef2493f31a8be58a60b9b58d9c2001104fd315e1ab947091e4d2d3d565cde8d0e3b831690e8d478933c39e3e3d67875156e16a66647a654e84fae4f3f325a3ee736926f4b1812878794b4255795097f877aff6f211ee69bae3455b41f5159717e6d742f81848b8c13df90e17be8643aa2e39a931e1879d496f30d31c1a6654e90d5b51bd83dc1b0823e45e01bf13be60c46b78a2b0cc5c5c2dcbe37e3de1e95ff279252d5ac9e88c92db6ceb56273eda42b0e2b18c60ba16adb8f136805f4d2f8ed6dab3f829bceadab6532b94ba2a2301659992d6d9e91a7431dfe21c57a51a4df273b974dce785216a21789ad471914245dbd45bc7c575968ec4d47775610838e71db14651690a3eb1c97e65a7d3d9699e949329a778ef5c21c95374fb806b1d481bbbf661acfbcff0d5f86335a35a97671548777a2282f740f80a3d13982b84d506ad9b1ad9ecfc7b469875d0038921ce41ba2489d9eca3528fc1c1e31f3906d4ebcc5fafe92af62f0ff69bc5c7b5d3f210c7e7ca6f0fe942715fdc7a281dcb88e3f0f9ea7bd5ae03b797e6c00c3b3c796d277cf33d994da736e2bacb0a1591e279d9f1d06f86e2d46ee54f3de0e891f57c1c0c90abc113da60b94ad370ddc931488be5798839ab6a4a8e2d1c6ff56c7301514ba2c4081a0c94d79bfd6834d943a884298f3b0598005bef6b66000ca3c7ae5465422310a328f6014b91c56f2ec23fad3ff32107e90310e69627cd8c9314dba4765a7d081b07088ea5f2d09b1bc1880b1cf4bab9ccbf2845562d846c1b0ce0e37dbaa33441a940c71d62bee38b7df4bcde12df70e0bf0cfb8a0393acb811027e7c8588a50eaf2a5f6d29b9f2aeb4c15c4609143aa658e02be1c2f36e0d1bb59661d040cdfdc90475c38395ab6d055b1f552f53a2d28781aec764cb7eff35ef476b5e39ffcf92f6aabd8aae7fa4626d1fa9a56bb7e590fdaf3252c481c487d58ac85a8a53cc3e1563fae755c7c0d4ed9464c551e8bb22f21f408d7d9e177262291282c3f86a7e8765f482067d50bd30852e67aae8ed780e53eb5a5d2ca052e6595185ec69d07b7f98d154c5f286c8f5091d4dceb6ec1013"}, @NL80211_ATTR_IE={0x37, 0x2a, [@mesh_config={0x71, 0x7, {0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1a8d50fc32a90e24}}, @mic={0x8c, 0x18, {0x868, "db9b8ff30128", @long="a48775fea5948370ec0bcc94d6c349cf"}}, @mesh_id={0x72, 0x6}, @cf={0x4, 0x6, {0x7, 0xc1, 0x0, 0x1}}]}, @NL80211_ATTR_PROBE_RESP={0x519, 0x91, "abf70ecb10bed2c267aa67de2c13824ed29977b14be3cb92bec25f8f505306e38a62444b357a152b6b7bc013cf4ee61c92a882910e097451be93518bcb56b0543439b2848082db34b128c29c28b9d09bd55ed4d43b2b2c82cf9a68ab4926fb635b148d5772fb22166e2501bd42f6bee4ad786c01f88f235bc91ff56fee0f192cd729c10ccf3d3e60ced6b13d57e702e5019ac80ee2914dc95e2099673639679b58459634b5390a6867aeb5d9c3cf64c01476913b60655345cd9ab103ef15a9397dee200ba72f469b0daa9d08eb990de32a97e475e3ec95646d6c61fe21c368159244a4ac71780f8b2bab3e789fe1707a39a44ceeaace5f66d382d6dc1ee4194d64dfbe78c53084b50281aacd481d970c54669b420cb9fe9adfca694b6aaa083e2ce579e7920af0c61cc2550c486256845f10ebe959e5a575989434b3c1841043629cbdbd3867eaa0338086c099e70c46b6047a80824a8650f835bd6e092d15f0f004b277a7c3acda493366e7ab7e1643ceba4d8c2704f2cdd3f8d48061a564dd8d53e423e6888dd38d1be3763475e4a4f532b314d80d53a15bb52c78fd2bd5964ac6ebb1c904836c09ec9e377fa99c91addb098f9e34c06f5de9b432298000e9ee7b217a28d973a73027f7dea342fc038b02da89db22aedf6c6170908eb48e160178669a61f300e38df6d96a1e313734228c4e746b4bb2a0d110029adb0da945486ce9a5ad1800fdafa397a8ded33877326aedee6371d2c952fec97b2cd8e3ecccb9a55fe16fdbda356fbe6a73d1fc58c1d16deee6379f743709ce21a11e25a053459fb2403113357bd997584504ccfb4721952e18a8133ec695ae9777c2beb83ec4cf8a3e550ceefb6013ea818b7be88a68b6fd5b72566b9da9c3b63bb161a0a5120583073d305d48940ba3cf48c2f68510e5f32d5bda4b66dfa7afcde4c918dea7b63496b44205ca1d515431cec6aaf51f9b27dcf58653067297e75e7a0cf8a53b327b8ac04b2f955ea7f729e864ae625b7c1a0a4c343dc62697e5edbd6ed42c4c0faac71a837db61d9ec77890998fb0c986482caebd5e04265e0fa485cd907ab9c104ad75b41a4e86eac56a40cdbdbcdaa7490a015ecd9761a787be880db6665376951daa0cdf74ef07b4143abb0e84b02f894c77d44846976ddf2edbe68f9c667dde67f5c3cb1f75816e0211995f44a0344a81a097e7b852b5b63d5e5130da06995b5f9d5d15c07162f6b40fce131eda07dc443defecb965ab7d958ac9a8cd034f48084c39732ef2b60b189235c1b191fc5f68acb2c8f27d48cd28df8b259343cd1d5a17fb0eccec9f4196d92b7f1d5827397e1d053a3a888c5a8146bfb7afa79642eb89d0d0866d59436674bddbb2f3c759807c8d1f2769de099c8dc5f201477f63a3971fc159aa9dcb5bd1616406e061e7b71abbdf33e2959cf24d27e4569c7b504db01bc74aa35edeb840167b6b83485f396ee5110403b914456a2abc38dd54d0227ea88ff58e3f4bc9ba8b98b941dc52b7cc8a7840e4809569a350bc86ea4b917d4c5b613f20028b116610091cebdae92a199694db21105d7bac57e1cc2d45e263819d468b4ffb948a75d6849bc8f4fdcc3166b0148aed8fcf98fb9acdc43ae94b2017255b77d01f4e92e38b7a3bf23680a7c0717cfc1457293e32890750443d907ce12ea18ad58dd1f4dad3462872e6c66e56c2a37a84170355916a44ede3668e8b0c009b4d720ee6fd2e491f65a4f2b441f56d7a492395f4c71563edb877ce96b0dad6b3330dad515e844b02e63aacbf7de386a001596ab025ea3f0bbd14f79cfa1f86fd8537c76bb9f81c03f1c45746"}, @NL80211_ATTR_IE_PROBE_RESP={0x1c1, 0x7f, [@dsss={0x3, 0x1, 0xe}, @tim={0x5, 0xc2, {0x5, 0x14, 0x4, "b5f75e1c56bb6fb58c742c09378fb7e5c8eba36c3b494196dfabf826023201860d3377403aaa60889e2fa611dff68ac2ddf0885fde33e41bc5e67a9d496913bb737650e3c14f35a832d7ba1c972b3cd8125d12a7d910da9f1b3f02ca8aa67f4afd4d86611f695ebcc956fffa352180f2f719592c4372e0e6fd6a1769c39d76293b9bc5dd27639a80574012ec2325b5d9df83d1832483173406713826d168af444cc928a47d77c56646cb0898b0a5fc4c6faeac3eeeb4236030543b272a89c6"}}, @sec_chan_ofs={0x3e, 0x1}, @tim={0x5, 0xe3, {0x22, 0x5c, 0x9, "089833f69315a1345a0e89dfb90d2a71a7c49a33afe117a5898f9325f03216a0ecaf7ef87f4faea3c5e44eb4986fc19c1bd396189af53c18151a5358cffe6a9c959847afa3be281a7d242b7c9e464ee7899e015e80275b01f503e67ce8e7285a620e0a3c29f644f038e8d4d92ce5c705a2f0104399ce8c5045c4e77ea075a730e47db46415de325151be1fb1a8a51a472c6a968ecad2bc81a97ebe5568650b3e3d6bcde14473c2d84d01f75be6c3c0a46aa36f1dfe477b6eeeea7cebca88c3a8c07dcedd5002ead498a2219540d0216c36747e351448bba2d33c36651a9a7b3c"}}, @channel_switch={0x25, 0x3, {0x1, 0xb8, 0x80}}, @mesh_config={0x71, 0x7, {0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x9, 0x20}}]}, @NL80211_ATTR_PROBE_RESP={0x668, 0x91, "57f8f1fc06f7f40c9f010e43d818d9c2b81673bd08f4e8aaa752ad3f4b9ddeae17025bf3e7583e6bea7a6259a4552a7e3bd78da4d5ad20e410000ddd5dad94bf60e3e3b6d5d6fe541d58e86e5fef8afc06d1391387d8045f16ac6958d0502873e8316a18d8abd81cce3a9d0dce057d1c0947ae6567475b95001a5b554022a7a7f313e871f82f2dd360dd1abf01bf96b11721c1360862b40080d3dae0852913c473b4e12360cb77a1b733c2059634b21a5f9c9335604fbbfb2e175198d172c6de462e8b8cf14117cfddcbb2ff05d0c0f7f771973b76f64e1d8baac3d23aef8633b1359c307d17ae858a35bea33e0296e6081673892f765c39c000bb15cad6a6fae54f27ee4f44410e6f78bd06c8d8a8f6d854f9268ae47b0b9a7005a30793a48935f8596301e399f042db484054edd238bca0e2140111c9e62f84ae113bbbfab40dcefc7ed6eb4e0c948ef88d2d0b5159a3af987b2696731928b37182649b079f16592a0811f27499f75d5c0c17f86ba59813ad095e269261bacf981e342a06721ff0c4964c8fa1bea30b57854c8513df8fc7ec1456c035cfc47121b38e8e10dc75fea061abb092987d3537efbfb77b658393658ac97a12a40b4dc18dd853b55b981ef2fb9a6b8df967fbf9950b944a14e03d89724fb1e681734de9b147803fafe1745d61c33a9f0f9a598714d424c31fd5d3cbdc019f84e4f9096bd3ecfaa56a223e7c8d23abb27c70ffa6e96ac936d61a5ad7a667a9f7d126a99f6663254fc34d01decc4ff295454b9b26d0a62310d3b32d509fa9d72a83e6be75cd5f758fa2e03d38a8ca3d845af39811970311411a87c0f716371e66dcb1bbdb88bd5890a85294ac9f721aa3131b36f6499b3d5ec0b6891732fdfa9d1ceba59ca8a9f5a783a7f30795619d927ddc1c293d735fa9424aad9499446d74b2beb1e9b432e04474c2727dc2eb55145228ace081a3188a17adae11283ab00fa945e78e0840e72b6397eeab3e35a197e1dea85a90925670bfa346835943f6008e13c35039b8b23b3d27c9ae82a17c85475f8d0deb71de3256d0a2ab65c4773a20e2753a0c3de8e937d3b7f62ba878413b17bc0f01079f140506b574dcdddfa6e194c297785b30a87c05a6e7c8e87f78d59dd9a9a437231c4734e43d55c39e0f21ef0f6d61bf2d56c2084f5dcdb7575cb4b8a462b4d0f65c97b954c7671f2777455bafaedc6ea90b266aafae475a782dd5556fc2a360664f68fc4cbb3683ed253d8321d9fedc3fc694b910ed191697ebdff733e5f1957c2e63248a0708a62b84c2018b2e64f96e13b711462c6a85927a0940b73e17bf833ae8235beea4595f6f3d05992f441daab8a070d7b7231aae490706a2f3a501ac8dc37744f70a65c70351b076c68fbb99c88faf67ddd0e9e4b4a49a6a489dbecb91ca0514de0543d64c49b880409b7981baa755710457155610b8551965f9c4b94e6ccb3941c0a6bb1c4c88d949e755bdfaad23f9b10f486bd80edc8d57a20ca64589b98f18367ace00eb22878af12577d2febb9146018f62adaa7a77234286834c2c95d32c5e6d3b3b56be23774eae76607fd635e1ea12d2a3e744019818a6a4802681415516f0524a547ff5d525c9af299c69db190b29193370d9aaf17f22ec127ac109af96f0401ad19e6d014567251e0fa15c32d2462b86785b132331763a889b77085d6489eb6f2cc41c3ffb6f4f2c8d7dd0fa61befc738a73fce2ca827b6a6f2a880ab51eb7cb34aca34b9d9ba82f35b67eda59a7f744df6edab43aee64db133d4300213d5e967355841f7a7d033f543d83d7c95b582974f69801e3b30398685667993f072500569fe422a6e1ef1ce55a767776613d9cfaf5e369db3dc57c9df3a653f40549faebd12dc60f5447e46d526812bab3ff1560792f73fbcf58cea3a166f60a79c9828f20b483612b6fba20e38cfed5d7ae775212ce257feec27b67354a11bfc9b9b338aadb7af4494f2085cc680a3d956928e82d299a0c49e6f65d81a630dca9383a2280470bb1ac78ae1aca1ed666ee4cf5d3760021d23bc3bcd76368c351fabd70e2270aef91db8261f24a2650b8dcb6c1c49b86bf9f62bfb829d938067e4ee33af6ab4cfbbe0a490f247f18a1204c0a97c3689294e119ca0c53bfbe8680842cb9466b9c3fada8021bed596aae86b4b867d72a949cdffeb8eb63af2b273029ca952e0e25dd1e8e6ca409400e8bb4ed502d06f9928a23526eb3942a5281dd3e658e4d71bc73257406552b05d1773cd9baed945619ca85dbe612e981306e55910049cee0bacbec7d8a002315a5be0c"}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x10, 0xbb, [0x40, 0xa7, 0x81, 0x4, 0xfff, 0x800]}]}]}, 0x1dd0}}, 0x40044) sendfile(0xffffffffffffffff, r4, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') syz_io_uring_submit(r1, r3, &(0x7f0000000980)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r7}, 0x0) fork() [ 3436.954979] ? up_write+0x191/0x550 [ 3436.955929] ? downgrade_write+0x3a0/0x3a0 [ 3436.956999] ? down_write_killable+0x180/0x180 [ 3436.958157] ? __vma_link_rb+0x540/0x700 [ 3436.959185] copy_process+0x759b/0x7800 [ 3436.960231] ? __cleanup_sighand+0xb0/0xb0 [ 3436.961312] ? lock_acquire+0x197/0x470 [ 3436.962319] ? find_held_lock+0x2c/0x110 [ 3436.963346] kernel_clone+0xe7/0x980 [ 3436.964288] ? lock_downgrade+0x6d0/0x6d0 [ 3436.965342] ? find_held_lock+0x2c/0x110 [ 3436.966372] ? create_io_thread+0xf0/0xf0 [ 3436.967413] ? ksys_write+0x12d/0x260 [ 3436.968383] ? __mutex_unlock_slowpath+0xe1/0x600 [ 3436.969619] __do_sys_fork+0x8a/0xc0 [ 3436.970559] ? kernel_thread+0xf0/0xf0 [ 3436.971713] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3436.973274] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3436.974858] ? trace_hardirqs_on+0x5b/0x180 [ 3436.976178] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3436.977777] do_syscall_64+0x33/0x40 [ 3436.978829] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3436.980336] RIP: 0033:0x7f04c97d0b19 [ 3436.981467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3436.987057] RSP: 002b:00007f04c6d46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 [ 3436.989266] RAX: ffffffffffffffda RBX: 00007f04c98e3f60 RCX: 00007f04c97d0b19 [ 3436.991311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3436.993431] RBP: 00007f04c6d461d0 R08: 0000000000000000 R09: 0000000000000000 [ 3436.995555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 3436.997541] R13: 00007ffed38e028f R14: 00007f04c6d46300 R15: 0000000000022000 00:13:59 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4afa}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:13:59 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:16 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3500}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:16 executing program 4: fork() 00:14:16 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, 0xffffffffffffffff, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:16 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3f00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:16 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4ec9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:16 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000040)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) r5 = signalfd4(r3, &(0x7f0000000500), 0x8, 0x800) syz_io_uring_submit(r1, 0x0, &(0x7f0000000680)=@IORING_OP_ACCEPT={0xd, 0x5, 0x0, r5, &(0x7f0000000540)=0x80, &(0x7f0000000600)=@ethernet={0x0, @random}, 0x0, 0x800}, 0x6) read(r4, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) write$eventfd(0xffffffffffffffff, &(0x7f0000000140)=0xfff, 0x8) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r6, 0x50009417, &(0x7f0000000800)={{r6}, 0x0, 0xa, @inherit={0x60, &(0x7f00000006c0)={0x1, 0x3, 0x8, 0x1, {0xc, 0x3, 0x9}, [0x5ab1, 0x3, 0x1ff]}}, @subvolid=0x7}) sendmsg$nl_xfrm(r7, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:16 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x1, 0x10f}, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d[\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17\x03\x00\x00\x00\x00\x00\x00\x00\xaa|\x81\x91=;h\xfeGm\xaf\xa2\xb0\xcf\xbb|\xe5g\xaa\xef{\xb9Ta\x01\x00\x00\x00\xbe\xaea\x80\xc6\x92\x00'/81, 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e0000002000000f800"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a00000000000000019b74ea8fc8460466e20835a1d0000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000eaff00000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000"], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() [ 3454.555848] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 00:14:16 executing program 1: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_expedited', 0x22902, 0x0) mmap$perf(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000008, 0x1010, r0, 0x6) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x180, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) r3 = pidfd_open(0x0, 0x0) pidfd_getfd(r3, 0xffffffffffffffff, 0x0) writev(r3, &(0x7f0000000340)=[{&(0x7f0000000440)="778d834ea1e8dba1755388f80d1018f8de809850533f605fc1a1dce5e58c1000d157cc167a04661902b7462da0379d7f5110576be64f1409517caeeccc882e1d4f66cbfe226722e436664e3661b7c81a358393bf9541a46f2c3e5d47c985e641d9c56af2423fcb500775a8f8a0d77b0dbab377326fb9a0077f119e2a804a5c033ad7fe6c4590bde9d274df11744a076b239c0c50cb9d0fc5ab430eb6716b0ed5", 0xa0}, {&(0x7f0000000700)="a07ac4a48f288caa14f0bc8062bb6a53ee3310869f56dcf9c0d63bf34a8230ab8bdb71e8f920adc53f7ea03f4204ca964acfb9a7a7ddeaa0e1695b48f722fc13f07b99d7e4128b603ba9f4a13eba0af1fcdb1ed04577051a9c785174bf72e1128968d1bc96a6cd4376ab0fdd6aec1f59f4b45f36d36814c0ebd19861ea37e12f188bc77f439f9ce7e601705ef19567b6b0bf29fc5ee10d1f46e6de796a0689655f045ff17f28fba6ec31a5b30dfe87da8c9ea02b737f51b4d9d502b8c79c29cb3f689571964d26126e8a55545eb2c7f174e7bd8c9547e80ecc15e2f531347300b666ebf074b03c7c2d15cf406a8d64e804ffb95996250366adb52e9a349fe0f0a0094c374b2de942148283e5d2e7b63b7bad699254e0c46005b3efc19ee921934f7b3cec2fe8bab5c392f4dd6a67d6c9a2f2a892219a5c8666149a9a0259ccf253991929ae02d3abc048d182bef8467900fde82bab022eb7e16278c274cd4fd255f627c89b1a1503f92da3e8f87b086405183ffc89cfed35cc42dd1237252db969f4ae758f34042d035a7aee8ea6d1acacedb8c6169b8276e0161e443840e3932df463592d614f2834b8e7f869cea42a5d59fa28297cd111b01a0e462b9a82d57b757a41a0c60749c2e9eefa974734791f7ec8f433372a0cf8fb9a5625b67ede6c784ed78f4d8d16ae03b26246428bdee6067af441f05f2949b644ec90d158620b6c229e8ffd743ac7657e49d0b7339f85e2aebb648a8b310c9969c4be9851a87dba78b999ca89bd00dc2efc7c52605302091b436c4186e4360deef7184166430f32b09165957a6dfbb11c06be9f651cbdf1a9ded5f1118a1d2c57a7498b40e6f4c4a2775438ad43a79ee3db7dde203d06657dc71f7713d5da3420ee6a2827933f7600391d37942cb46c81201601bb7888239c55527ad4e5965ea372118abac22845c59cd9a1fcbe1fd4b75dff4332e06e4bc4a8d1327beca1862ca66a4ae02d932f1591cef6c047bdc0f779324af47689dbac4ea9b587f21b5b4ad83179774d04e6fe0c93d01f110d68598ceb8c6d2f9d9574acb89c6cd4fd8d7d1d68d0a8ebe346f7fa1d3d974b5bef6a52eb17abe501ab97961de1b24d0fc91e45e6f98372071a5345098b9cf9bc61edc876858ac5903a470e0081d855d2e3d26031ef5217b9eef990f4a9beb4fa054e58857c2a6b43c98c47b768fc28232a4b50a59e8f06260929f50cbf34250ca011298effc6bc945d56f6571898b3f6975f81c49e7270b94252acb0d92dd667ce128a5641f2c986e80822d379befb414f078479e2f30e11a24d4a572625952e68e0626b5704babf1071719e0759de2098972c2a4e1687d7961460c3e6367419456e252273aee646d22c9f61bb2c8c899bd22e9e60045e6b38503c82aee38a4c9649d87f0326233abcad14a81647ff272cac92cdcf1f9a2300efa10d08c5a18ce486e6eb0cfa0644de6e2176ee4e4865693595ec6ded265b7bed385d242b7436fdc3b58d1b73a2f0d00e877c339894f457b7127ef563f63ede11d75b8e978759854518a3bdcd391d34e33b8154d3076a3ff2de2addde35d866671c442ba2c38da1731c08d83d14e8d5c58d7f97f140be7664d0c2dfa744760d17f0c0e0d699902594dbd424f27479d586beee37be63e456c62acbbd8402fc36796db84de7b9ac5d55c523dfffb100bb80233c68b042c1850f29edac3ef87f6187c5a94c4b017c0473140a4a8c1cec545d33d7d6bc11a93a34d84e4907ee5c460c49d7f5e8e0f90bbbe93059d88d82088da3b656947ae8f0085b6339c54e69005986b6a5d466d4df89abd6ffaf8ee6e8a9c0d488f46727b98af030cc3a8e365a6f3d1736360c085de268e0e1e4770208c996eee41647cf81d6f52f04687789eedca2579b45a6fc4ee3a39feb24018bb28aca74c8639514d6a2aee84ba8b17f152e007818a02ef7d491ddf6d5c3e0e06ffc84fdf678b18cabe759158b4a452f3c1ace181b90ada2ac3edb564ca5377ebe1b18729936a87c6285c6cb263cab6373657a67acebb86932af4ba6f629c7cc887e30d5b4760be3f8aefa63b3e625bb29b08ce2708dbde2d2ae9d29b468d256d558dfdd42ff4298dc8537b37cbb455f3e010e0c04ad24dfbbc58a1a41138dd66569dfc395f0292f008f35cc2468ea2fcf52e5c9dcecc2e2c95273b367f4855fda71f88e0f83f5fe6c0bb4faec878724fa496ca60afd0eac96deac64dfb2806162fad0f943c3bfa7db8c81c9e43f50af53444c45d16e63dd195955f85528a234360385b89e9b6cd2a9e1b072bf8648017a5497d2396aef799abc8ebbe352ed8fee36a5efc76005972c6a7e4be4fc1f5ccda859a8296bafaf50617474882e3b153ec39602b1b0850459bfbcd1ba42e315909577a70a20902ec27b2983996059e046afe6ce3bb456f85b11d929852b012e33a4c25c787703ac5714b6d3a1c8cefb80b62f24d3b04c3347a3717dd1f8dee06dc519bfb3db8f682db8595ca5f1351be5fdef45ca68917aa6e591489e440fc450d3212daa4f9d8785c6b315cbd568a6b0f28e4e7a1ead47f1f3401ff16073e6e69f1b44d91000f9728016ff860973db822e2043631ba648e06f2df56bcd0fc76dabd1c6e224bdca63c4bddba272c2583df6fba3d94b5753e574bc8fbea491a28dbcb92a8c05704c5c55b7b0214d6c31ab3a2920c7a191a9038bed5af5728847ff2c4edc25d468637a954a60305bfe272664963dbf703b3085459179dc00b829f2e01a324757acd3e7fd5ea8f5bbce95a05b0a400a9f3466d17064752c4adf6e0f4727ff6e69ab2b8a3908afed650b712ab8a2b9d42a04af94b02a421de6f70a154fcf4bb58152f97222f9bd2209779dfb8537b2f65c58f2eef38380985154a88060659c3083d1c42af28c87716610984381a9d6a3b53396357f2966fbf19091563dd5ffdb370080f68e1cf487c4b6493fc57d5d441ca9dd7fa93493bacc68b2dc903a25f187fb620d6b896e08f9a375304d6e67b70c54be5a9990e1438da191ab22c0d78f9b2e20a65927248343036c14864ac8ae8204dc57104fa437a872677a18e1331dd54d2788afefcc0d75d3ea41d02592a0e47c44f0fb5e2fa0800b526c72a968ac234d548adb3ee6a27f35ee2d7898b9ceb42a56b5986f1d2e3ebd48ea382e43aafa18cf235f2b48c719d9cea5b436ef5f7400d8950985ecab0cc2d91a8361cb2584d954110924b27159fc35cdac5281fb3a85acb82ef3b3ff051f0833732c41d2868b1a6d17771de0f2319b57672fa050877b2dd5041c11b27394443c05dd214ea7628aabeb53cb2ecaec11488661a9b0286b4823670beded66a4230e58853139d484d695d806da84efe84eb0ccd5058e8302a2479fb327b218bef348527b19b65493d9840dae5cb6ac3352843a703af63ce31f14e6781984f72aea0b2fca24d9af7b765d6e0fd6adab84f5959b5b444fc41e2e97b5a55b991c3c4196139608b65dafdf08add601a162d84849671683b4037633c8466bfd8b3321c3abe6a225bf3e0087ab6c49916b9a7068831358f5e53ca31b5a10ba20ba5061d9faf3905bc3c8d87b6de069b547aa33e83db1c1213c60b45f9aa28201b32983ee15e8df9ad8a80e6da916d7e96ece9bbf643db436e007ed5c8ad18ca367c06040e27f669e09fcb20666deb30977bee5befcdfbfb24b5257f63ad52e70b126d4026118d1162a0221dd6a1c252ef76503a0a9460a7c8d91c672ca19599e2bd99868ae156806895f472d94d426258ec3b00174f1281fcee9ebc859ae74aa4d473e898f5a394c72f7bddaae30db00de3a4069af898d0f41828cfa209101caa3165e6185d0c14ccc4b262b9a2023ae543d916c8e057a4d140a1b0a79998e1a8e43f4846a093fa51fe2241d8cf06aee418ea03649f6af51a7c31b5898fb10803ade02eb80654776ca33642bcb4adcc7968e3aa2a9208531403f0cc876cc0f093553fca05be7196d4489b43f3ad9882480e818b066aea2ad4e03fec306193405282c1686f792815e31f9d610bcb51954bd418e05f5186fc6130ad5480febca5e153997ff425eaae43625a768ff5f889fcaad5ca2aeb499cd51b0afda0c5ed02533166e3714d588dd0219ab3489423639905d74f0d0ddb6b98d048c1d31b0e5d8992207ed07521376c6317396b4ac79a3743a598710f103e974dd3fe041ba1ec966835d4fc235bac6e3c55922d3266b85ba8b650e2d5bd54fcfceed6ecb4e48d6c61331dabf091e30a2a7e49f1828f545c6c19579beda4435e2020238040509efe56c79ac65141a8800233a78c6a7d2be2cbed39787dca9973ae861fbe070a576e3d2cfd1b640283b8ef01f15754ccdb16b0e9b4607716ace71bbbd7d86a6d71458a2abc39609d361ec4f8aa9304faaa0a098959a994f88669ad414312176d6d4a41e1a88f88673328feb85422878a012094922d5b0037fe744eb84420a82603cc94d9c718b8d4e72765f1e59f1e3483ff3ced5d274c80c69e5f076360616e69ef9f19e576f377bbfb5400af3fbe4b95d967ee104ccc7045ec91d27ae6ce31d2bc9493cbb9fe1082eec96bbaafd66e8152e6a230796ccb14857aa38243b2cc5975f52f4132396615eaf17fb8142f173d69a7714a6cbe728ed1a8e703d4e8cd2438d044a25d3f727b62d9fdcb169df05e72926d62835f3235b0a8d1e5a0ac77275d58a1f5868482876e26114fb1b041efab3753f5dd6308e3c46a9fa99ae04665bf46092064f471689b195d8496df19418a3f9d8f4b9465b7b2507a722a540d0e47ea28416ffe1c65299ffffdf7bfd3d6c62dfc1c4a87eb7b3729bb4fb0f3882d66506e97dbcca71c370f92abf1c93a7e124e1fd03202e3b9d767423247226e9706b0a54cc64f5273d62bc0032ec206aa3e087f7946fdefd8eca8a881adec543cf962e7d246277ab3a847185270ef583e7d925ebeb6f39af59de9c70c808ce8b1c2b9ca138dc1eaab46103dec266726656f5d442c5f1d950ef633b342d3228ca0cf9a1641bf8de5eef1e8e2525e9c72f467de78b5b17d7e19c946c801e6c87a96c6a8775985eefb9072163b0f181754d2c013a984db43d98f844cfcfdf4963dbe50ee44ffe67f46130e42a4912c1a3492d1d8ad950e0947df88cb4cedc4e77e07a851ca53e08d4ce5c9f5f7f6dca77fffca2513a0bf2a978013bfbfae0502173213f31b07704d0b945a392b02948dde9eee5004cf1ee2799e37e2e76b065f3a70083d0a4940df48f27ec001e53741dc6890901a4ee1ced5cc21277ed22a9c2f40ec1fb10f01ae3118c7a4fcdb0927fd84d19b8032e28e25ef02508b490aa6e314c3475977778beab25b9fdf562ac510d7eeb016f1600e98890a4d739e5d84d105f47932bb2fc6d99062f6e2f3011ec85618adba630e2fc3d280d463c910907f2f990baa22b3c2006ce3250167e84559dd7d78e8e0b650f3811b15a88eb1e460dac7ef64ebce4159c470f405112d1bd39755c228a1be690e27cbf5567979e94e6d63168b0ac48074baa98696537bc545e09a05b45da312c30d9e9bdba89353cedd587c2aaa2541b1f5a6250f716e56f1c27977e8f86a7920d00ef9e2c5f2daf39dd4e77069c3904b14a795777e4a1fa0c4af95cc55eda686fb52e9423c3944501452c8d17a4d0e33ff5c112566920e72f56ed82bfb86ed19684282e4bdde914563d530236c0f89aa5cfea50c8d0235250562d3179b7a5b35b219add21688895c2798840ced40c2826eb4ca50a250543f0f0e73f279a91fafc6391b7880df655bc1b8f08ff", 0x1000}, {&(0x7f0000000500)="37c199936e4a878ceecb1f7ba51264ec7ae56aa3181f4c1071c97478c76b290fc49915901cee5e849d0281c1bb409634050083446d833a9bca3317c03e82fa447f010ae47a515fcedb63bebdc3c7842aa3df171987d2bf65c0c99015f3a3caeb33523d99af3bff8269ee101f105ee0ec13642a32304179c0542a0be67df67b09c3f22a39b0ed0277dd566827c8e7", 0x8e}, {&(0x7f0000002e40)="3efe4733c65b817591669f9acd32a8c40f14ad02ee3b9442a4966699094e48e47bf1bbf2a78b93086e889efac48928173a17d95894bbd2023b3e9ff424e7917d24fd61002dc4cb53d326d1c587ab35da4822b93196854e1ecb7a2d2eeac168ea39623ac7b3e8f952b2ebf72f427da28777b35f681b8dcea3d5d4923628eb067f5cca4e2319b9b8d82341b7f31ed1101234e26005c4715a8f5dcae38fc854b2a068714e75f53c6fe4e496ac74b8ae2f3a346fb2757f70bffc550ebef1217e376d8c474675835852c86b1e60e900e78af8d62f2d970c275d3d97581f2058b302fde5acc585cd820d2fe7e55edcf5747d3423a57b4401feb336b14d950163875d85824792d14f81e94e0fbe18d411ef7b6196a7647ff01aba8b15ecac79ccfa6281aeccce37372b2869c9674109ed256da347cbe8d2d816a8bb9fec1724a256972807d843388644f4b051b3453b2d2999dcf67b7545a228d0154d30eb30a0ef1bea09dc467cc6db87934a5992d1fecd015eab4bb9a4e79a17504035abb09d131427afa5ff3c512fe30cf6d70a532ec291d56aad921e466c090e0554bb6e98d22c32ac1103c98d5933d4189d98b79bf07b9dec0d7b747a392d60cb23be4705b2ab93ccecf8c06bd52cdb8c5d0ec799b0b5f9071fb691fd0f471de7e6c3734dec616f637a484de41d9926b1101f8a4a68779c1275c9b4e3511f10b0a9a09f722a797eb76813ff7f9dc8e74e728c18fba8065e9067c2e4301e5c4d0ccc81df593c935b78af2f373f55da841b2be04f44b72db4be487b0a37b9941779e978a0e9da39d2cd79fc294b996bd2c6866a0e9fab1a89534089303bfd214b18787b2d6ce427d7da3daf3ba0239d627ceccab96248b42affb7de35b85a1d2b2ab0f29b1f47b27c4f673d602f7ba385d9de2f6f39c62b4f3e89fd94f724321f4a96cc2f3ac03fb5d3cbaec0e211bfdd35d71a421acead755565429a4fdc78fe4f45cc837804dab40027d52e5c748bdf4cc35300c5a83922472b55134e397801b01f9337b39f3012c45543cf4bb5e86a5f9edae1445eff9551c4800dbe3facf6f1959fe8defd08df0d61ebbff0533604a65d1d594ea265aeed6add92703e991df50c63ad97331593a6d6dc463c82e6c76b6db582c7e3346a8ba6463b5e9c9272dd3b4c380247b4126183ce488d44e97cfcd8c56d14670e5c7749befd27ffcf1d205c87ce96fd319dd0e512d9b2244b3109304d8d1ce745bd7e3fbd9f555baeb34f296596b3c5ca63f7ceee1660e0c4e6936cb9e0c08deaf94837391577d7364372f102d1c6d1ee322881c184d8ecd483d28fd2f959d39c3631481050e8b3270c0d2007ba3236b9b6529be20975d670c258e117cb517a6286ffbacbbcc974c5cb15f774f114d9cfe9c84668a64332456fd9bb72c2f944759ac05674893c55c4edbf1b0d73b47190aba7558d0e66f113c4948a4d3bd8599bf5ed88d566f81db3022864a5230bf935319ae52b48689c19267b04d4fd5e4d2d1db35d68d95683a0ceae2ee0036e295398e4d3f42b58f8c34483fdc597a17ae3c6882a38b29aad549a259d7838978ee5c6c58b493d9af0e61e8fac7483769c5cc10492ca42f70e7158fe8b10a6c9b042bd6dad76fcf430dfcadf2f78aa4ee07a88ac72d825d0f4f73dcf0b0ca3bbf960b873446085aee3aafdc9dc00a27de15a4273b1b2fd81fa37ecfc4ebc3edd80ab7774e083b1748616a4f8d8da6a03e761b86d30d09a6392029b734b7c371203f6b1ed3d1bfb386cf99eaa4567aeb740290e72c6da5fcb76519005a5eaad8339fa49656e17579bfb32fac4da5e284161e6e511eaefddeadef0620a600ec63fb20e9b1cc2b632db84fdffc57b656acb451b7d5ceff97982e09ec9450f3b879d8e60f172f62db38f3eed006d881025616ebfa55c64e0b36a05efb4d923e5a495aa59f02873e92805d0b1faf843f6c6dafc3cd331a21db97c340edc2af35a0cb68c300298e1d806c5ddd6dcc6b40dd88afe1acd64b3e9d59887a3bd062c687bf102f3db0c7abb666ab971f3169578200ac956d802314288857e00ca5951aa96a0ae7e2a28858a6421cd2b411c4adcd925223e29b7317fd90d223a65cd5e6f8d2fcd4b58865b46317b277995072d2c3dc5fdfd3fe9275392d36eb06c8fac172d7fa6725190344ab34c9ffa2420d79f43801f6f2b9176be000ac307401bcc94915ffa173881f4f364b35ba14943212b5f40a1390d55e87f7fa6a04f13f6396d7a449b2ee3c3c4963cabc8507884b7d134cc13282047e6806908542bac1c7bfcc496f21966faea7347a57dc9833f265ebdfe309f4679fedae146b8d2da5f9d6602bf102ed7b95ceb8656965b89e0fef0b859e3a9e45f00bb2f8a66ac850ba6b77c01dd97ffa158df41ce5bcb26bacbc40af5d4c97b06442c5513be5497908fcd10afef901b634c6fdd796b9c8f77ced52133fc7083bdf2c88273932629cc2df1a68a68e0abd72e2d730aeced19954608bd6eaa56f7ca5f811626726549a113d0e73725b670834aad02757d6c7a488f4f950fd9e8e6034231cbae838bf673dd167cc42b97e30c1528328621680019f5369878c0b38469518f57f7b6f61494c0593e633653274a71e3b7eca03ff9585de824ba6daaa0a99e2461b3fc59551e6f65556ec75c8e8e5f3e1c643b4ef0867aa43d257dd82b50eac75d2695e0d4e34dec9e700cccbc093030b56643b79856c5073247db8d8ac7b2d56d67f560a0991b868d47b9d41cdb8cb44b6d7866190d1ccc19eac083f464810c4946bd10a4499f7059b44fc5f2eff06d3125c5b94cdb8755a70decc2c2be8106ec128748c782d1db8cae63ff086496f88e60496fecddda057ca4a536455fc004c5fbadaaf345fec1fac06286627186c5ebd097667cde1a34dbb08efdb8a2c6d232807648c5cbf326f0438d04106c8da65299d9c4a8414fb63c9f02554e158bee3555c087365e88826665c3193ae0b0830a7f704cfd42c0fe1e3b61753c4e9d03b7269c0ccea6708b67cb2cbe3ad4f4517001ad20792dbdb3e575def3ed054d5f48e06c7c69bc1b0b03383db65920444f7bb9c7de24f60fad2c40a91922a588b0d755b556aed2c33f4bce76bf504f5eef8036b76de5586a5052a070d91c035bf6bc9f982482950ae1630c04277dded7c9b1c710404fcba85c6e8953953ef0c9d2b3eaf89f19e9418915b73bc47b1ea9075c826d1128c6738a346f58485f091fc583f40cce7b939557075a3ca4d79e3e02d221c6d364bf0908b7cf8ade8ca79ddbd9aa242ef70bab2ae3cb41a9610412a34b9e1d05c094a11559ecb410c10334101ae6bf0391d533f541a480ad2c7c42fff82243da1c7c6746f110bbbae49962c7a97de4b9ed1113a73644f1d1f986fc9f79359216555ef6059b40b313c17c06bffff38ca49356433a77110cc2ff022d7fe56a486c955ef3b484c4ebc220abaf9b4631afdc73e54f4d106394d06493883f9c7894afaf0cbae8f9b9781769ee73c0a27d8f0d8b54bdc0bf1afdfe687b41785af8ed89abfd394707e0e4307868a635ef46a7e4249db746cc7a56109f6e217e38f7a190f6def174d1f144c68b2ef4176e52e20eaa444d00d1ee447523ecbd6a32fb5b26dc975faf42c7dd300959aa87498f326b1d032f63bd06947ccd7c14cf019e6371097e615338d08e0367e20bfeb5d3e6e588916f2dc4bcecbc7558fcc2706455abe16bdbaf9ae6dac50ced8008faa5cc37201b3e620653961e2c6a5f4e9840e361980745ee58c441aa74c0592f20ef7d58e24984e6492844c47f4f235959d9b835e5e30d7fd979675bd78af162d5a6f17ecb1ee1591a48dd25a3d02eba1ab77dad1f34e36e8972d9d11f0297406539846356209821b32677b2ec5d40e4c14f9e093a4807a3359d0dea03b5da8a58c6745746c7093c8044973e50bcb721eeb725ccda344ae487769478b5271ff9d4ed4d4f62ba1e3d4247b09515ea1d744e26bfc7661595a0a141c861787fe27a0acb20debbe678c2bb47ef5a0ee1225b4f59d08236c6609eed119cd36c974ec7b9f93e7d5b4b08760a73940a2211e9678023e50facfb1ba49d1c054bc5951e7fb67c32d03e77c3e209d68bb2644aef532ac07930f72a24f531903123c5ca4539f8bc6fda6c433229ba9a6ea3af8764a5cd3ef53dec835eded3fd3906c7b45f3d3f19dd490b18d84e245a2694d7198ae98418800efb3364d36ad503c1bf0698d737ff716bbe32db1ab27b43d2571ba21075f850dac24d2533616739392ff21d40d84ef3325f7d837fb5415f0ced3135c0f4a1330ab5397b8d016b07b7e90058fe539e9499b12a815b471b46f90c3e67bb71699dfd5b1da218f6ba5f1a8489aac0f1dd334a1c24d554ba9e3f30ddbaf73c73f855cbdbf42e7fa3a07867c3b51612a2f73ef51fee0d2d1843213b428e1686be5b8a355c4cc0d9674f392038162858ba63318f54f9fbec92e291283783ff507a12a30f689e2706aae606940b0ed238e25c2b9733268de1fbc50dff9fda9947d85c2e7959cd966af9489dd685ba851979b4247dcf5cb1239abfbaaf5ec476cfa194c4bfb5e6c77335fe2032815821848f5150a12a3a956b2601f42f2c1f5430181b600972032134def426b893b14ac200f250322347336f5ca62bb988524b761a9083d9156dfd5cf81c9c3697df930b67e620ff29979396d5de91aa8818ba73b6d04bb3cd95980bcd20ec65fba37ecdf5f6ccf41df33e553e6e6d4b77c56d6b1090e76d9324c80bf2c78943e6b8455003e84f9b93e431aec43adec8247ad605c9c7c318296ad294a3adbcd6626187ea740caaedef7a8a022118e54f0a568b767e792b97a5e9999d2d5b430aa81afd0a1c9af05ef6e160e24d994115752e692292b3de625d94c47af297997996eea1534116da89c56144a1de8e52c0e76f22063d5ec3d078ea014e3fa00b80447c432d4cd465033778c9d149c0b1847d71ab4c45098147cb4e2fc7fb5824baf972584ded87f6cd4da42ddbce4c97d53ff7571701f5303cb68225076d95adf36de8908a8ff8d98ef2eebc21b71fb0745021c91823e8f41b328d6afe6cd8a051b020f0f272273b0ae5a8af4a8611f344809eb4f3c545d08f414326a0bc78a79c3d950545b903c246eb16a37d4c52d377741c793af137f205d50f72321acbf1c8c97d7929a45e607542abc619b0e9a6c815ca1df853120a060a919380bd80326ad8b4167d54b1c447bc7b3e533c6d8b21c5a05670027266cb5325600383c50104ca8c400c19d0a8fe506ac1ddbe14d2db07ad7560aecb4c36d6853bacf117ae8bd60fc7dc696eee17ca74d79330d1c9430344cdbe3ff0e4cea25e7e73b74f54bc9350aa8ea871a1b56e58302b8d0858c49493b930aa1c014f9be40f27246c231c90c511d0cc2572ff9967a5c0c727440bb7e4b8311f54b78e75ba61f120d75232cd72a5596974891e56c8f891ff6008cc700551080dd331ae0d07dd8e3eadca86f6cb61b4e61578f4d775b28247e83230ee890c20d53dddd7b4e8739c9ae9886a560827e02012361c9c69a54711ac757ae083f02ffaef112d0bdab6933a9c4ea26c939712ef200628fa49e7d2ee2bccaa2f451f260d3b1f576c8486311bc5b172d90af05a59510efab085d3243e618e267fa1910ad3dde9d26922ff648b7aea353d8e97ea6d58b83bb160885dc4d766b8e16186465595069301631105ee74db715d014eea582f4edaaf0341cc0df865caeafd723c4287d3fe4933d322c22682efb236e7fa4784a5c6b1df86edb5772c0a8c", 0x1000}, {&(0x7f00000001c0)="2e8ff5ebea9ab6e560d2a78888fb1205068558ee063f8baab1d15bcfa479beeb62ebbb546d858ff4ea231a023ec8523f8f04a07e533be2abdbd582097d4de262aa17522f77fc7d1f18f4dc9f197f", 0x4e}], 0x5) r4 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r4) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r4, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x135080, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386c33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000001700)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c0000e1b001000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e4ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000a7c05fc22ee6b62915abcc56b952f5ea54fa4d85b342fa068eee204e08665c03a129ad9db01cfd42e7ae95f8f8fd5b90533b6262620718fef212cf8e1daf871d17eb971cbd44475d009384d1b134f0cf3d418a27612b020d7e2b4b31798bbf52348431a2996771287e6d2becd9833588e507fdb34963ea6fb4d79aa1d56d72d1b486be1fa3308d7dc6b6934b55601608a636f3e2ac9cbc0c59942eb53366f4c768f34daf69c99a65a90bdb9327c52579625d0634c2764c9cd4ae93976d770b03a0590cb516cf71aaa170848c1feb16177249479471d3"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r5, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x405e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x9}, 0x0, 0x1, 0x461, 0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x13) fork() 00:14:17 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x5867}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:17 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:17 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3600}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:17 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3b03}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:17 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x5b13}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4101}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 4: r0 = getpgrp(0xffffffffffffffff) pidfd_open(r0, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)=r0) syz_io_uring_setup(0x3675, &(0x7f0000002d40), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000002dc0), &(0x7f0000002e00)) fork() 00:14:32 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) fsetxattr$security_ima(r1, &(0x7f0000000540), &(0x7f0000000600)=@sha1={0x1, "a34fb0b4a8de91f448a5958a5f6a998e124a3de1"}, 0x15, 0x3) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) poll(&(0x7f0000000500)=[{r3, 0x94}, {r3, 0x2000}], 0x2, 0x800) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:32 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x5e63}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3c00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, 0xffffffffffffffff, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:32 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') r6 = syz_open_dev$vcsn(&(0x7f0000000040), 0xfff, 0x0) syz_io_uring_setup(0x47aa, &(0x7f0000000280)={0x0, 0x15b6, 0x8, 0x1, 0x67, 0x0, r6}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000300)=0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000600)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r5, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)="39e5bda0f9f16bee888be44c4d9fe6513d9b8fed3d06e28c1f988b267452f6736c78cccf27e6b7344062915c8300cfd6e7f6dd0bfc796253b04f794573f8559152fba2ba26532fd133af8687f9d0aba72da47ccd4f724e44fb589efbe4b098aca3f3903c432b0b78a6c3b1caebbbfe97c05552aef37b32a147cdab42c9e9657c32f07de808888f6013584ec40bbee57948ac3cecf25e16be44fead15dfc09c758e73c17b9540e0888d6e411345ad7a41ead429aac95d6803a2cf4bca75258f071d4ac11c5b955b0df67d95b57f4a3b51c70f8a25397d28", 0xd7}], 0x1, &(0x7f0000000500)=[{0x40, 0x102, 0x0, "8046229553bdcba8f1883a43859f07cf728d965ae7ed76d96d889b10d46567b22da56c8585849c3d264e3bc723"}], 0x40}, 0x0, 0x4004, 0x0, {0x0, r8}}, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_ACCEPT={0xd, 0x1, 0x0, r3, &(0x7f0000000240)=0x80, &(0x7f0000000280)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x0, 0x80800, 0x1, {0x0, r8}}, 0xfffffa44) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:32 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast1, @multicast2}, &(0x7f00000001c0)=0xc) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000ac0)={'syztnl1\x00', &(0x7f0000000a00)={'syztnl0\x00', 0x0, 0x10, 0x10, 0x6, 0x8, {{0x1d, 0x4, 0x0, 0x9, 0x74, 0x64, 0x0, 0x3, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@timestamp={0x44, 0xc, 0x2a, 0x0, 0x1, [0xffffff81, 0x1]}, @cipso={0x86, 0x1e, 0x3, [{0x0, 0x12, 'T!\x00'/16}, {0x6, 0x6, "ca3458cc"}]}, @timestamp_prespec={0x44, 0xc, 0xee, 0x3, 0x8, [{@loopback, 0x8}]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4}, @lsrr={0x83, 0x1f, 0xb8, [@broadcast, @rand_addr=0x64010101, @local, @dev={0xac, 0x14, 0x14, 0x16}, @loopback, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}) r4 = socket$packet(0x11, 0x2, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000c00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x84000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b00)={0xc0, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x40008d1}, 0x20) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd500000000000000000000000000000000000000000000006e9b982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r7, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x1}, 0x2) 00:14:32 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4b1a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3e00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x635e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x63a0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3e63}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4f10}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:32 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, 0xffffffffffffffff, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:49 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x3f00}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:49 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x5ab5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:49 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:49 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x6758}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:49 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, 0x0, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:49 executing program 7: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x10) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c080000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:49 executing program 4: r0 = socket$inet(0x2, 0x3, 0x6) r1 = open(&(0x7f0000000180)='./file0\x00', 0x202040, 0x28) dup3(r0, r1, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000000), 0x0, 0xff03000000000000) setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f0000000000)={0x37, {{0x2, 0x4e22, @multicast1}}, {{0x2, 0x4e21, @loopback}}}, 0x108) fork() 00:14:49 executing program 6: r0 = syz_io_uring_setup(0x710f, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x204}, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000240)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r3 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r3, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000800)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000600000000000000000000000000000000000000000003000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000000000000000000000005db18649bee0a039fb27a382ee041d9e0695cbc29c69386ae44685233f86a7437e7151097a2343b4cc6f10f0c57937e94945f754b894a8d977c5a588d01518ba4b90cf5802c790f7189c26b902713f4d5b77fb4d54b6f16bb31d5aae0d487354e7e89575277e25855e4f576d8d10c06b877e7f2e56e2f7031e84c7449b667d6ab1320cd2bbb63fb711a8e2ac36c8af4f4c618da4147b41d0e48d3705bdca48cbf68a97052aa5df5965c9460d6e2b302c943ce4b20bd62ad5c0f234282cf419ef95197beee2033384bb2f86a86c6d5c0f7094a28dbd578b4591057833f2d4540af4f01dbb87722c8dcea6"], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='maps\x00') r7 = syz_open_dev$vcsn(&(0x7f0000000040), 0xfff, 0x0) syz_io_uring_setup(0x47aa, &(0x7f0000000280)={0x0, 0x15b6, 0x8, 0x1, 0x67, 0x0, r7}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000300)=0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r8, &(0x7f0000000600)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r6, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)="39e5bda0f9f16bee888be44c4d9fe6513d9b8fed3d06e28c1f988b267452f6736c78cccf27e6b7344062915c8300cfd6e7f6dd0bfc796253b04f794573f8559152fba2ba26532fd133af8687f9d0aba72da47ccd4f724e44fb589efbe4b098aca3f3903c432b0b78a6c3b1caebbbfe97c05552aef37b32a147cdab42c9e9657c32f07de808888f6013584ec40bbee57948ac3cecf25e16be44fead15dfc09c758e73c17b9540e0888d6e411345ad7a41ead429aac95d6803a2cf4bca75258f071d4ac11c5b955b0df67d95b57f4a3b51c70f8a25397d28", 0xd7}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="400020001500000007010000000000008046229553bdcba8f1883a43859f07cf728db65ae7ed76d96d889b10d46567b22da56c85b33e5639a32de34ed385849c3d064e3bc723000000"], 0x40}, 0x0, 0x4004, 0x0, {0x0, r9}}, 0x5) syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r9}}, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:50 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4000}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:50 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x63d8}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:50 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x6800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:50 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x63f2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:50 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4101}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:50 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x6b0d}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:50 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x6771}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:14:50 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, 0x0, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:14:50 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4ae5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:13 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x6800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:13 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x4f17}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:13 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x6b9c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001880), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x34, r2, 0x1, 0x0, 0x0, {0x3}, [@NLBL_UNLABEL_A_SECCTX={0x1f, 0x7, 'system_u:object_r:var_t:s0\x00'}]}, 0x34}, 0x1, 0x500000000000000}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x94, r2, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:inetd_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010102}, @NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:chfn_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_batadv\x00'}]}, 0x94}, 0x1, 0x0, 0x0, 0x1}, 0x10) fork() 00:15:14 executing program 3: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400e000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/188], 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) sendmsg$nl_xfrm(r4, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c0008000800080000000000"], 0xfc}}, 0x0) sendfile(r3, r4, 0x0, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:15:26 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x9c6b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:27 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x6b2c}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:43 executing program 1: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10, r0, 0x10000000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000000000000ffffac141400", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa00000000000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a0000000000000000000000000000000000000000000000000982909eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800"/187], 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = getpgrp(0xffffffffffffffff) r4 = pidfd_open(r3, 0x0) pidfd_getfd(r4, 0xffffffffffffffff, 0x0) dup3(r1, r4, 0x80000) sendmsg$nl_xfrm(r2, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000001a000100000000000000000000000000000002000000ffffac141400e000000200000000000000000000c05500"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000000000000000000000000003c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000c00080008000800000000"], 0xfc}}, 0x0) sendfile(0xffffffffffffffff, r2, &(0x7f0000000240)=0x4, 0x9) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:15:43 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xa063}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:45 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x5ae5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:47 executing program 6: r0 = syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x867e, 0x10, 0x0, 0x2d9}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) mmap$IORING_OFF_SQES(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x40010, r0, 0x10000000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\x02\x00d\x88\xc4P\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xf9\n\x17`\xf1U\'\\\x14\t\xc2\xaa|\x81\x91=;h\xfeGm\xaf\x88\xf7\x01\xce\xdc.fjW\x8d\xf9\xbf\xd3\xf1\xa1\xa2\xb0\xcf\xbb|\xdfp\xd7sI\x8dyz\x1c\xb6\xe5\xb9Ta\xcf\xab\xc32\xd9\xaea\x80\xc6\x92', 0x6) read(r2, 0x0, 0x2e) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000440)=""/181, 0xb5}, {&(0x7f0000000300)=""/67, 0x43}], 0x4) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x10060, 0x0, {0x1}}, 0x1) r4 = getpgrp(0xffffffffffffffff) r5 = pidfd_open(r4, 0x0) pidfd_getfd(r5, 0xffffffffffffffff, 0x0) r6 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000280)=0x29, 0x0) copy_file_range(r5, &(0x7f0000000240)=0x73f, r6, &(0x7f00000002c0)=0xe5, 0x47, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000980)=ANY=[@ANYBLOB="fc0002000000010000000000000000cccd8443fd9a81cb100000000000004b1e687ce91a4510baf17fc83b5268690000000000ffffac1414a6dfa7e02f9fe48c9f602f8a84eca7e251d42945147ff266e357b8b22fae29888119a48c18411b036f7d250a18d1137aacff538a4eedc8ea8f2984493a23c6dbeb58121d9ad6ba5738dfd3add76706", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa000000000947de3c6875a76b000000001faacfbc000000003c000000fc01000000000000000000000000000000000000000000000000000000e13b8386e33dd5a00000000000000000000000000000000000eb00fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000006f2926dc2bdbd52e000800080008000000000000000000000000000000c6ae10b5c2a0"], 0xfc}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000041}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c010}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x460, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() 00:15:54 executing program 5: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x633e}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:54 executing program 0: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0x6c31}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) 00:15:54 executing program 2: syz_io_uring_setup(0x68d4, &(0x7f0000000100)={0x0, 0x0, 0xa401}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000040)) [ 3565.765142] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 3565.766872] CPU: 0 PID: 6461 Comm: syz-fuzzer Not tainted 5.10.234 #1 [ 3565.767774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3565.768661] Call Trace: [ 3565.769030] dump_stack+0x107/0x167 [ 3565.769536] dump_header+0x106/0x655 [ 3565.770050] oom_kill_process.cold+0x10/0x15 [ 3565.770666] out_of_memory+0x1149/0x1440 [ 3565.771238] ? oom_killer_disable+0x280/0x280 [ 3565.771873] ? mutex_trylock+0x237/0x2b0 [ 3565.772435] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 3565.773261] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 3565.774096] ? lock_acquire+0x167/0x470 [ 3565.774648] ? warn_alloc+0x190/0x190 [ 3565.775200] __alloc_pages_nodemask+0x51d/0x600 [ 3565.775855] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3565.776690] ? find_get_entry+0x2c8/0x740 [ 3565.777275] alloc_pages_current+0x187/0x280 [ 3565.777890] __page_cache_alloc+0x2d2/0x360 [ 3565.778494] pagecache_get_page+0x2c7/0xc80 [ 3565.779099] filemap_fault+0x177d/0x2210 [ 3565.779675] ? read_cache_page_gfp+0x30/0x30 [ 3565.780285] ? replace_page_cache_page+0x1200/0x1200 [ 3565.780993] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 3565.781720] ext4_filemap_fault+0x87/0xc0 [ 3565.782300] __do_fault+0x113/0x410 [ 3565.782807] handle_mm_fault+0x1e53/0x3500 [ 3565.783400] ? finish_task_switch+0x126/0x5d0 [ 3565.784015] ? find_held_lock+0x2c/0x110 [ 3565.784578] ? __pmd_alloc+0x5e0/0x5e0 [ 3565.785128] ? vmacache_find+0x55/0x2a0 [ 3565.785686] do_user_addr_fault+0x56e/0xc60 [ 3565.786290] exc_page_fault+0xa2/0x1a0 [ 3565.786841] ? asm_exc_page_fault+0x8/0x30 [ 3565.787426] asm_exc_page_fault+0x1e/0x30 [ 3565.787993] RIP: 0033:0x8a316f [ 3565.788439] Code: Unable to access opcode bytes at RIP 0x8a3145. [ 3565.789277] RSP: 002b:000000c017861ad0 EFLAGS: 00010202 [ 3565.790026] RAX: 0000000000000000 RBX: 000000c001f60000 RCX: 0000000000000caf [ 3565.790799] RDX: 00000000000012c0 RSI: 000000c001f60000 RDI: 000000c00b50b140 [ 3565.791797] RBP: 000000c017861c18 R08: 0000000000000001 R09: 0000000000000001 [ 3565.792788] R10: 0000000000000001 R11: 000000c0036c8000 R12: 0000000000005500 [ 3565.793778] R13: 0000000000000135 R14: 0000000000000200 R15: 0000000000000200 [ 3565.795049] Mem-Info: [ 3565.795711] active_anon:1442 inactive_anon:75677 isolated_anon:0 [ 3565.795711] active_file:352 inactive_file:382 isolated_file:1 [ 3565.795711] unevictable:0 dirty:0 writeback:0 [ 3565.795711] slab_reclaimable:6993 slab_unreclaimable:70656 [ 3565.795711] mapped:70102 shmem:115 pagetables:7973 bounce:0 [ 3565.795711] free:3728 free_pcp:89 free_cma:0 [ 3565.804054] Node 0 active_anon:5768kB inactive_anon:302708kB active_file:1408kB inactive_file:1528kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:280324kB dirty:0kB writeback:0kB shmem:460kB writeback_tmp:0kB kernel_stack:10944kB all_unreclaimable? no [ 3565.809325] Node 0 DMA free:6508kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:1136kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3565.815147] lowmem_reserve[]: 0 1616 1616 1616 [ 3565.816253] Node 0 DMA32 free:8404kB min:5116kB low:6768kB high:8420kB reserved_highatomic:0KB active_anon:5768kB inactive_anon:301572kB active_file:1756kB inactive_file:2124kB unevictable:0kB writepending:0kB present:2080640kB managed:1660460kB mlocked:0kB pagetables:31892kB bounce:0kB free_pcp:500kB local_pcp:88kB free_cma:0kB [ 3565.822586] lowmem_reserve[]: 0 0 0 0 [ 3565.823550] Node 0 DMA: 5*4kB (UM) 5*8kB (UM) 1*16kB (M) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 2*256kB (UM) 1*512kB (M) 1*1024kB (U) 0*2048kB 1*4096kB (M) = 6508kB [ 3565.827062] Node 0 DMA32: 748*4kB (UME) 202*8kB (UME) 84*16kB (UME) 85*32kB (UME) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8736kB [ 3565.830285] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3565.832219] 758 total pagecache pages [ 3565.833094] 0 pages in swap cache [ 3565.833894] Swap cache stats: add 0, delete 0, find 0/0 [ 3565.835124] Free swap = 0kB [ 3565.835802] Total swap = 0kB [ 3565.836542] 524158 pages RAM [ 3565.837419] 0 pages HighMem/MovableOnly [ 3565.838552] 105066 pages reserved [ 3565.839594] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/ssh.service,task=syz-fuzzer,pid=6461,uid=0 [ 3565.844535] Out of memory (oom_kill_allocating_task): Killed process 254 (syz-fuzzer) total-vm:1238804kB, anon-rss:248404kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:984kB oom_score_adj:0 [ 3567.880215] oom_reaper: reaped process 254 (syz-fuzzer), now anon-rss:0kB, file-rss:488kB, shmem-rss:0kB VM DIAGNOSIS: 00:16:10 Registers: info registers vcpu 0 RAX=0000000000000050 RBX=ffff88800f4a0000 RCX=ffffffff81f465f4 RDX=00000000000001f7 RSI=ffffffff81f46602 RDI=0000000000000007 RBP=00000000000101f7 RSP=ffff88803b4bebe0 R8 =0000000000000000 R9 =0000000000006d2c R10=0000000000010000 R11=0000000000000001 R12=ffffed1001e94001 R13=dffffc0000000000 R14=ffffffff853a0200 R15=ffff88800f4a0008 RIP=ffffffff81f46606 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc4222f2260 CR3=000000003d198000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=732e64696b6c6262696c2f756e672d78 XMM02=00312e6f732e64696b6c6262696c2f75 XMM03=6e672d78756e696c2d34365f3638782f XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff8880181d79c2 RCX=ffffffff820064c2 RDX=ffff88800e7ccec0 RSI=ffffffff820065f3 RDI=0000000000000007 RBP=0000000000000002 RSP=ffff8880181d7948 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000063 R11=0000000000000001 R12=0000000000000002 R13=0000000000000001 R14=00000000000000f8 R15=ffff8880181d79c0 RIP=ffffffff8140b814 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc29471a900 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc293b71110 CR3=000000000eae2000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=25252525252525252525252525252525 XMM01=0000000000ff000000000000000000ff XMM02=0000000000ff000000000000000000ff XMM03=00000000003d089851d2df4f690a2f7f XMM04=15c32259ea58804300000000000ae6a8 XMM05=9046e601f50f9f1500000000003d09a8 XMM06=ebb6b995688ff40700000000003d0898 XMM07=deecdf2e880c3dc700000000003d07e8 XMM08=636f72702f0064696e6f697373657300 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000