ff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1180.486087] loop3: detected capacity change from 0 to 2048 [ 1180.501897] FAULT_INJECTION: forcing a failure. [ 1180.501897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1180.503251] CPU: 0 PID: 8089 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1180.504013] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1180.504928] Call Trace: [ 1180.505223] dump_stack+0x107/0x167 [ 1180.505627] should_fail.cold+0x5/0xa [ 1180.506053] _copy_from_user+0x2e/0x1b0 [ 1180.506506] __copy_msghdr_from_user+0x91/0x4b0 [ 1180.507017] ? __ia32_sys_shutdown+0x80/0x80 [ 1180.507522] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1180.508098] sendmsg_copy_msghdr+0xa1/0x160 [ 1180.508576] ? do_recvmmsg+0x6d0/0x6d0 [ 1180.509007] ? find_held_lock+0x2c/0x110 [ 1180.509452] ? finish_task_switch+0x126/0x5d0 [ 1180.509950] ___sys_sendmsg+0xc6/0x170 [ 1180.510377] ? sendmsg_copy_msghdr+0x160/0x160 [ 1180.510876] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1180.511457] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1180.511948] ? trace_hardirqs_on+0x5b/0x180 [ 1180.512420] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1180.512911] ? finish_task_switch+0x126/0x5d0 [ 1180.513400] ? finish_task_switch+0xef/0x5d0 [ 1180.513877] ? __switch_to+0x572/0xf70 [ 1180.514302] ? __switch_to_asm+0x3a/0x60 [ 1180.514742] ? __switch_to_asm+0x34/0x60 [ 1180.515190] ? __schedule+0x82c/0x1ea0 [ 1180.515628] ? io_schedule_timeout+0x140/0x140 [ 1180.516138] __sys_sendmmsg+0x195/0x470 [ 1180.516578] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1180.517051] ? lock_downgrade+0x6d0/0x6d0 [ 1180.517510] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1180.518040] ? wait_for_completion_io+0x270/0x270 [ 1180.518570] ? rcu_read_lock_any_held+0x75/0xa0 [ 1180.519082] ? vfs_write+0x354/0xb10 [ 1180.519505] ? fput_many+0x2f/0x1a0 [ 1180.519906] ? ksys_write+0x1a9/0x260 [ 1180.520326] ? __ia32_sys_read+0xb0/0xb0 [ 1180.520780] __x64_sys_sendmmsg+0x99/0x100 [ 1180.521246] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1180.521814] do_syscall_64+0x33/0x40 [ 1180.522225] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1180.522787] RIP: 0033:0x7fb74c37db19 [ 1180.523196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1180.525234] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1180.526070] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1180.526854] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1180.527644] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1180.528427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1180.529203] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1180.534728] EXT4-fs (loop3): unsupported inode size: 0 [ 1180.535319] EXT4-fs (loop3): blocksize: 2048 07:03:20 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:20 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0x0, 0x0}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:03:20 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 39) 07:03:20 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:20 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b000000", 0x58, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:03:20 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:20 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1195.953152] loop3: detected capacity change from 0 to 2048 [ 1195.959776] EXT4-fs (loop3): unsupported inode size: 0 [ 1195.960496] EXT4-fs (loop3): blocksize: 2048 07:03:20 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1195.981121] FAULT_INJECTION: forcing a failure. [ 1195.981121] name failslab, interval 1, probability 0, space 0, times 0 [ 1195.982849] CPU: 1 PID: 8107 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1195.983776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1195.984892] Call Trace: [ 1195.985253] dump_stack+0x107/0x167 [ 1195.985747] should_fail.cold+0x5/0xa [ 1195.986259] ? ip6_setup_cork+0x1e4/0x1740 [ 1195.986825] should_failslab+0x5/0x20 [ 1195.987335] kmem_cache_alloc_trace+0x55/0x320 [ 1195.987956] ip6_setup_cork+0x1e4/0x1740 [ 1195.988513] ip6_make_skb+0x22c/0x4e0 [ 1195.989043] ? ip_frag_init+0x350/0x350 [ 1195.989599] ? ip6_push_pending_frames+0xf0/0xf0 [ 1195.990253] ? ip6_dst_hoplimit+0x199/0x440 [ 1195.990852] ? lock_downgrade+0x6d0/0x6d0 [ 1195.991440] udpv6_sendmsg+0x2128/0x2b40 [ 1195.992020] ? ip_frag_init+0x350/0x350 [ 1195.992579] ? udp_v6_push_pending_frames+0x360/0x360 [ 1195.993297] ? perf_event_task_disable+0x390/0x390 [ 1195.993985] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1195.994649] ? lock_acquire+0x197/0x470 [ 1195.995200] ? find_held_lock+0x2c/0x110 [ 1195.995784] ? sock_has_perm+0x1ea/0x280 [ 1195.996366] ? __import_iovec+0x458/0x590 [ 1195.996944] ? udp_v6_push_pending_frames+0x360/0x360 [ 1195.997660] inet6_sendmsg+0x105/0x140 [ 1195.998201] ? inet6_compat_ioctl+0x320/0x320 [ 1195.998823] __sock_sendmsg+0xf2/0x190 [ 1195.999365] ____sys_sendmsg+0x334/0x870 [ 1195.999944] ? sock_write_iter+0x3d0/0x3d0 [ 1196.000526] ? do_recvmmsg+0x6d0/0x6d0 [ 1196.001071] ? find_held_lock+0x2c/0x110 [ 1196.001644] ___sys_sendmsg+0xf3/0x170 [ 1196.002188] ? sendmsg_copy_msghdr+0x160/0x160 [ 1196.002823] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1196.003564] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1196.004185] ? trace_hardirqs_on+0x5b/0x180 [ 1196.004780] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1196.005400] ? finish_task_switch+0x126/0x5d0 [ 1196.006020] ? finish_task_switch+0xef/0x5d0 [ 1196.006593] ? __switch_to+0x572/0xf70 [ 1196.007131] ? __switch_to_asm+0x3a/0x60 [ 1196.007693] ? __switch_to_asm+0x34/0x60 [ 1196.008241] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1196.008967] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1196.009711] ? trace_hardirqs_on+0x5b/0x180 [ 1196.010303] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1196.011050] ? preempt_schedule_common+0x44/0x70 [ 1196.011768] __sys_sendmmsg+0x195/0x470 [ 1196.012312] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1196.012903] ? lock_downgrade+0x6d0/0x6d0 [ 1196.013479] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1196.014145] ? wait_for_completion_io+0x270/0x270 [ 1196.014808] ? rcu_read_lock_any_held+0x75/0xa0 [ 1196.015446] ? vfs_write+0x354/0xb10 [ 1196.015961] ? fput_many+0x2f/0x1a0 [ 1196.016459] ? ksys_write+0x1a9/0x260 [ 1196.016982] ? __ia32_sys_read+0xb0/0xb0 [ 1196.017540] __x64_sys_sendmmsg+0x99/0x100 [ 1196.018120] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1196.018826] do_syscall_64+0x33/0x40 [ 1196.019330] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1196.020030] RIP: 0033:0x7fb74c37db19 [ 1196.020539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1196.023070] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1196.024115] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1196.025087] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1196.026069] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1196.027040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1196.028019] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:03:20 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b000000", 0x58, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) [ 1196.073740] loop3: detected capacity change from 0 to 2048 [ 1196.083378] EXT4-fs (loop3): unsupported inode size: 0 [ 1196.084193] EXT4-fs (loop3): blocksize: 2048 07:03:20 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:20 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 40) [ 1196.167262] FAULT_INJECTION: forcing a failure. [ 1196.167262] name failslab, interval 1, probability 0, space 0, times 0 [ 1196.168707] CPU: 1 PID: 8121 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1196.169529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1196.170530] Call Trace: [ 1196.170855] dump_stack+0x107/0x167 [ 1196.171297] should_fail.cold+0x5/0xa [ 1196.171766] ? create_object.isra.0+0x3a/0xa20 [ 1196.172319] should_failslab+0x5/0x20 [ 1196.172778] kmem_cache_alloc+0x5b/0x310 [ 1196.173270] create_object.isra.0+0x3a/0xa20 [ 1196.173798] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1196.174411] kmem_cache_alloc_trace+0x151/0x320 [ 1196.174982] ip6_setup_cork+0x1e4/0x1740 [ 1196.175476] ip6_make_skb+0x22c/0x4e0 [ 1196.175947] ? ip_frag_init+0x350/0x350 [ 1196.176426] ? ip6_push_pending_frames+0xf0/0xf0 [ 1196.177007] ? ip6_dst_hoplimit+0x199/0x440 [ 1196.177531] ? lock_downgrade+0x6d0/0x6d0 [ 1196.178039] udpv6_sendmsg+0x2128/0x2b40 [ 1196.178531] ? ip_frag_init+0x350/0x350 [ 1196.179017] ? udp_v6_push_pending_frames+0x360/0x360 [ 1196.179650] ? lock_acquire+0x197/0x470 [ 1196.180133] ? find_held_lock+0x2c/0x110 [ 1196.180628] ? lock_acquire+0x197/0x470 [ 1196.181106] ? find_held_lock+0x2c/0x110 [ 1196.181603] ? sock_has_perm+0x1ea/0x280 [ 1196.182107] ? __import_iovec+0x458/0x590 [ 1196.182609] ? udp_v6_push_pending_frames+0x360/0x360 [ 1196.183232] inet6_sendmsg+0x105/0x140 [ 1196.183712] ? inet6_compat_ioctl+0x320/0x320 [ 1196.184249] __sock_sendmsg+0xf2/0x190 [ 1196.184718] ____sys_sendmsg+0x334/0x870 [ 1196.185205] ? sock_write_iter+0x3d0/0x3d0 [ 1196.185709] ? do_recvmmsg+0x6d0/0x6d0 [ 1196.186175] ? __lock_acquire+0x1657/0x5b00 [ 1196.186699] ___sys_sendmsg+0xf3/0x170 [ 1196.187167] ? sendmsg_copy_msghdr+0x160/0x160 [ 1196.187717] ? vmacache_find+0x55/0x2a0 [ 1196.188201] ? lock_acquire+0x197/0x470 [ 1196.188676] ? find_held_lock+0x2c/0x110 [ 1196.189169] ? __might_fault+0xd3/0x180 [ 1196.189644] ? lock_downgrade+0x6d0/0x6d0 [ 1196.190141] ? asm_exc_page_fault+0x1e/0x30 [ 1196.190673] __sys_sendmmsg+0x195/0x470 [ 1196.191154] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1196.191674] ? lock_downgrade+0x6d0/0x6d0 [ 1196.192181] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1196.192759] ? wait_for_completion_io+0x270/0x270 [ 1196.193337] ? rcu_read_lock_any_held+0x75/0xa0 [ 1196.193896] ? vfs_write+0x354/0xb10 [ 1196.194343] ? fput_many+0x2f/0x1a0 [ 1196.194780] ? ksys_write+0x1a9/0x260 [ 1196.195236] ? __ia32_sys_read+0xb0/0xb0 [ 1196.195734] __x64_sys_sendmmsg+0x99/0x100 [ 1196.196239] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1196.196852] do_syscall_64+0x33/0x40 [ 1196.197297] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1196.197908] RIP: 0033:0x7fb74c37db19 [ 1196.198353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1196.200541] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1196.201443] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1196.202289] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1196.203137] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1196.203989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1196.204838] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:03:35 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0x0, 0x0}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:03:35 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a7", 0x61, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:03:35 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 41) 07:03:35 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:35 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:35 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:35 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:35 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1211.498180] FAULT_INJECTION: forcing a failure. [ 1211.498180] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.500854] CPU: 0 PID: 8130 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1211.502396] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1211.504284] Call Trace: [ 1211.504888] dump_stack+0x107/0x167 [ 1211.505715] should_fail.cold+0x5/0xa [ 1211.506468] loop3: detected capacity change from 0 to 2048 [ 1211.506584] ? create_object.isra.0+0x3a/0xa20 [ 1211.506604] should_failslab+0x5/0x20 [ 1211.506633] kmem_cache_alloc+0x5b/0x310 [ 1211.510644] create_object.isra.0+0x3a/0xa20 [ 1211.511642] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1211.512802] kmem_cache_alloc_trace+0x151/0x320 [ 1211.513857] ip6_setup_cork+0x1e4/0x1740 [ 1211.514788] ip6_make_skb+0x22c/0x4e0 [ 1211.515654] ? ip_frag_init+0x350/0x350 [ 1211.516570] ? ip6_push_pending_frames+0xf0/0xf0 [ 1211.517654] ? ip6_dst_hoplimit+0x199/0x440 [ 1211.518628] ? lock_downgrade+0x6d0/0x6d0 [ 1211.519584] udpv6_sendmsg+0x2128/0x2b40 [ 1211.520513] ? ip_frag_init+0x350/0x350 [ 1211.521424] ? udp_v6_push_pending_frames+0x360/0x360 [ 1211.522591] ? perf_event_task_disable+0x390/0x390 [ 1211.523720] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1211.524651] EXT4-fs (loop3): Unrecognized mount option "À" or missing value [ 1211.524817] ? lock_acquire+0x197/0x470 [ 1211.527229] ? find_held_lock+0x2c/0x110 [ 1211.528164] ? sock_has_perm+0x1ea/0x280 [ 1211.529103] ? __import_iovec+0x458/0x590 [ 1211.530037] ? udp_v6_push_pending_frames+0x360/0x360 [ 1211.531199] inet6_sendmsg+0x105/0x140 [ 1211.532085] ? inet6_compat_ioctl+0x320/0x320 [ 1211.533095] __sock_sendmsg+0xf2/0x190 [ 1211.533979] ____sys_sendmsg+0x334/0x870 [ 1211.534896] ? sock_write_iter+0x3d0/0x3d0 [ 1211.535862] ? do_recvmmsg+0x6d0/0x6d0 [ 1211.536745] ? __lock_acquire+0x1657/0x5b00 [ 1211.537737] ___sys_sendmsg+0xf3/0x170 [ 1211.538623] ? sendmsg_copy_msghdr+0x160/0x160 [ 1211.539656] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1211.540673] ? _raw_spin_unlock_irq+0x27/0x30 [ 1211.541697] ? lock_acquire+0x197/0x470 [ 1211.542598] ? find_held_lock+0x2c/0x110 [ 1211.543520] ? __might_fault+0xd3/0x180 [ 1211.544422] ? lock_downgrade+0x6d0/0x6d0 [ 1211.545377] __sys_sendmmsg+0x195/0x470 [ 1211.546282] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1211.547258] ? lock_downgrade+0x6d0/0x6d0 [ 1211.548220] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1211.549279] ? wait_for_completion_io+0x270/0x270 [ 1211.550369] ? rcu_read_lock_any_held+0x75/0xa0 [ 1211.551419] ? vfs_write+0x354/0xb10 [ 1211.552259] ? fput_many+0x2f/0x1a0 [ 1211.553073] ? ksys_write+0x1a9/0x260 [ 1211.553927] ? __ia32_sys_read+0xb0/0xb0 [ 1211.554853] __x64_sys_sendmmsg+0x99/0x100 [ 1211.555825] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1211.556981] do_syscall_64+0x33/0x40 [ 1211.557827] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1211.558979] RIP: 0033:0x7fb74c37db19 [ 1211.559823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1211.563987] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1211.565701] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1211.567297] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1211.568900] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1211.570498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1211.572107] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:03:35 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:35 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:36 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:36 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:36 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:36 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a7", 0x61, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:03:36 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1211.819081] loop3: detected capacity change from 0 to 2048 [ 1211.836278] EXT4-fs (loop3): Unrecognized mount option "À" or missing value 07:03:36 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, 0x0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:03:51 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 42) 07:03:51 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a7", 0x61, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) [ 1227.545117] FAULT_INJECTION: forcing a failure. [ 1227.545117] name failslab, interval 1, probability 0, space 0, times 0 [ 1227.547883] CPU: 0 PID: 8182 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1227.549346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1227.551115] Call Trace: [ 1227.551681] dump_stack+0x107/0x167 [ 1227.552469] should_fail.cold+0x5/0xa [ 1227.553280] ? create_object.isra.0+0x3a/0xa20 [ 1227.554229] should_failslab+0x5/0x20 [ 1227.555031] kmem_cache_alloc+0x5b/0x310 [ 1227.555897] ? lock_downgrade+0x6d0/0x6d0 [ 1227.556781] create_object.isra.0+0x3a/0xa20 [ 1227.557713] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1227.558793] __kmalloc_track_caller+0x177/0x370 [ 1227.559770] ? ip6_setup_cork+0x518/0x1740 [ 1227.560674] kmemdup+0x23/0x50 [ 1227.561349] ip6_setup_cork+0x518/0x1740 [ 1227.562215] ip6_make_skb+0x22c/0x4e0 [ 1227.563020] ? ip_frag_init+0x350/0x350 [ 1227.563858] ? ip6_push_pending_frames+0xf0/0xf0 [ 1227.564863] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1227.566008] ? trace_hardirqs_on+0x5b/0x180 [ 1227.566907] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1227.568070] udpv6_sendmsg+0x2128/0x2b40 [ 1227.568929] ? ip_frag_init+0x350/0x350 [ 1227.569781] ? udp_v6_push_pending_frames+0x360/0x360 [ 1227.570871] ? perf_event_task_disable+0x390/0x390 [ 1227.571908] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1227.572929] ? lock_acquire+0x197/0x470 [ 1227.573744] ? find_held_lock+0x2c/0x110 [ 1227.574610] ? sock_has_perm+0x1ea/0x280 [ 1227.575480] ? __import_iovec+0x458/0x590 [ 1227.576387] ? udp_v6_push_pending_frames+0x360/0x360 [ 1227.577474] inet6_sendmsg+0x105/0x140 [ 1227.578279] ? inet6_compat_ioctl+0x320/0x320 [ 1227.579221] __sock_sendmsg+0xf2/0x190 [ 1227.580051] ____sys_sendmsg+0x334/0x870 [ 1227.580905] ? sock_write_iter+0x3d0/0x3d0 [ 1227.581797] ? do_recvmmsg+0x6d0/0x6d0 [ 1227.582627] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1227.583754] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1227.584906] ? trace_hardirqs_on+0x5b/0x180 [ 1227.585815] ___sys_sendmsg+0xf3/0x170 [ 1227.586635] ? sendmsg_copy_msghdr+0x160/0x160 [ 1227.587602] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1227.588550] ? _raw_spin_unlock_irq+0x27/0x30 [ 1227.589494] ? finish_task_switch+0x126/0x5d0 [ 1227.590438] ? finish_task_switch+0xef/0x5d0 [ 1227.591365] ? __switch_to+0x572/0xf70 [ 1227.592190] ? __switch_to_asm+0x3a/0x60 [ 1227.593040] ? __switch_to_asm+0x34/0x60 [ 1227.593885] ? __schedule+0x82c/0x1ea0 [ 1227.594709] ? io_schedule_timeout+0x140/0x140 [ 1227.595693] __sys_sendmmsg+0x195/0x470 [ 1227.596563] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1227.597478] ? lock_downgrade+0x6d0/0x6d0 [ 1227.598364] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1227.599386] ? wait_for_completion_io+0x270/0x270 [ 1227.600406] ? rcu_read_lock_any_held+0x75/0xa0 [ 1227.601373] ? vfs_write+0x354/0xb10 [ 1227.602156] ? fput_many+0x2f/0x1a0 [ 1227.602918] ? ksys_write+0x1a9/0x260 [ 1227.603724] ? __ia32_sys_read+0xb0/0xb0 [ 1227.604596] __x64_sys_sendmmsg+0x99/0x100 [ 1227.605491] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1227.606580] do_syscall_64+0x33/0x40 [ 1227.607364] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1227.608450] RIP: 0033:0x7fb74c37db19 [ 1227.609229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1227.613148] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1227.614761] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1227.616295] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1227.617805] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1227.619308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1227.620819] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:03:51 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1227.647940] loop3: detected capacity change from 0 to 2048 [ 1227.666924] EXT4-fs (loop3): Unrecognized mount option "À" or missing value 07:03:51 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:51 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:52 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:52 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:03:52 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) [ 1227.833334] loop3: detected capacity change from 0 to 2048 [ 1227.865186] EXT4-fs (loop3): Unrecognized mount option "À" or missing value 07:04:06 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, 0x0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:04:06 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:06 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 43) [ 1241.894267] loop3: detected capacity change from 0 to 2048 [ 1241.909866] FAULT_INJECTION: forcing a failure. [ 1241.909866] name failslab, interval 1, probability 0, space 0, times 0 [ 1241.912849] CPU: 1 PID: 8224 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1241.914615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1241.915654] EXT4-fs (loop3): Unrecognized mount option "À" or missing value [ 1241.916776] Call Trace: [ 1241.916807] dump_stack+0x107/0x167 [ 1241.916833] should_fail.cold+0x5/0xa [ 1241.920211] ? __alloc_skb+0x6d/0x5b0 [ 1241.921202] should_failslab+0x5/0x20 [ 1241.922199] kmem_cache_alloc_node+0x55/0x330 [ 1241.923385] __alloc_skb+0x6d/0x5b0 [ 1241.924357] alloc_skb_with_frags+0x92/0x570 [ 1241.925454] sock_alloc_send_pskb+0x7af/0x930 [ 1241.926511] ? sk_alloc+0x350/0x350 [ 1241.927362] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1241.928585] ? SOFTIRQ_verbose+0x10/0x10 [ 1241.929529] ? lock_release+0x680/0x680 [ 1241.930453] ? find_held_lock+0x2c/0x110 [ 1241.931407] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1241.932599] ? ip_frag_init+0x350/0x350 [ 1241.933534] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1241.934652] ? ip6_mtu+0x1e9/0x3d0 [ 1241.935483] ? ip6_setup_cork+0xfb7/0x1740 [ 1241.936481] ip6_make_skb+0x2df/0x4e0 [ 1241.937376] ? ip_frag_init+0x350/0x350 [ 1241.938309] ? ip_frag_init+0x350/0x350 [ 1241.939238] ? ip6_push_pending_frames+0xf0/0xf0 [ 1241.940365] ? ip6_dst_hoplimit+0x199/0x440 [ 1241.941358] ? lock_downgrade+0x6d0/0x6d0 [ 1241.942336] udpv6_sendmsg+0x2128/0x2b40 [ 1241.943277] ? ip_frag_init+0x350/0x350 [ 1241.944212] ? udp_v6_push_pending_frames+0x360/0x360 [ 1241.945407] ? lock_acquire+0x197/0x470 [ 1241.946330] ? find_held_lock+0x2c/0x110 [ 1241.947284] ? lock_acquire+0x197/0x470 [ 1241.948211] ? find_held_lock+0x2c/0x110 [ 1241.949165] ? sock_has_perm+0x1ea/0x280 [ 1241.950135] ? __import_iovec+0x458/0x590 [ 1241.951098] ? udp_v6_push_pending_frames+0x360/0x360 [ 1241.952302] inet6_sendmsg+0x105/0x140 [ 1241.953201] ? inet6_compat_ioctl+0x320/0x320 [ 1241.954239] __sock_sendmsg+0xf2/0x190 [ 1241.955149] ____sys_sendmsg+0x334/0x870 [ 1241.956105] ? sock_write_iter+0x3d0/0x3d0 [ 1241.957085] ? do_recvmmsg+0x6d0/0x6d0 [ 1241.957995] ? __lock_acquire+0x1657/0x5b00 [ 1241.959006] ___sys_sendmsg+0xf3/0x170 [ 1241.959910] ? sendmsg_copy_msghdr+0x160/0x160 [ 1241.960972] ? vmacache_find+0x55/0x2a0 [ 1241.961912] ? lock_acquire+0x197/0x470 [ 1241.962840] ? find_held_lock+0x2c/0x110 [ 1241.963796] ? __might_fault+0xd3/0x180 [ 1241.964734] ? lock_downgrade+0x6d0/0x6d0 [ 1241.965696] ? asm_exc_page_fault+0x1e/0x30 [ 1241.966720] __sys_sendmmsg+0x195/0x470 [ 1241.967652] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1241.968658] ? lock_downgrade+0x6d0/0x6d0 [ 1241.969642] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1241.970765] ? wait_for_completion_io+0x270/0x270 [ 1241.971887] ? rcu_read_lock_any_held+0x75/0xa0 [ 1241.972973] ? vfs_write+0x354/0xb10 [ 1241.973835] ? fput_many+0x2f/0x1a0 [ 1241.974678] ? ksys_write+0x1a9/0x260 [ 1241.975562] ? __ia32_sys_read+0xb0/0xb0 [ 1241.976519] __x64_sys_sendmmsg+0x99/0x100 [ 1241.977505] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1241.978698] do_syscall_64+0x33/0x40 [ 1241.979561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1241.980751] RIP: 0033:0x7fb74c37db19 [ 1241.981621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1241.985867] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1241.987631] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1241.989280] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1241.990925] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1241.992585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1241.994217] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:04:06 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:06 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:06 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1242.133307] loop3: detected capacity change from 0 to 2048 [ 1242.142470] EXT4-fs (loop3): Unrecognized mount option "À" or missing value 07:04:06 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:20 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:20 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, 0x0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:04:20 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6c2", 0x67, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:20 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:20 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:20 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 44) 07:04:20 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:20 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1256.644718] loop3: detected capacity change from 0 to 2048 [ 1256.664621] EXT4-fs warning (device loop3): ext4_fill_super:4104: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 1256.667190] EXT4-fs (loop3): VFS: Found ext4 filesystem with unknown checksum algorithm. 07:04:21 executing program 5: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1256.734051] FAULT_INJECTION: forcing a failure. [ 1256.734051] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1256.736798] CPU: 0 PID: 8268 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1256.738243] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1256.739986] Call Trace: [ 1256.740562] dump_stack+0x107/0x167 [ 1256.741337] should_fail.cold+0x5/0xa [ 1256.742156] _copy_from_user+0x2e/0x1b0 [ 1256.743010] __copy_msghdr_from_user+0x91/0x4b0 [ 1256.744000] ? __ia32_sys_shutdown+0x80/0x80 [ 1256.744945] ? udp_v6_push_pending_frames+0x360/0x360 [ 1256.746013] ? inet6_sendmsg+0xbd/0x140 [ 1256.746821] ? inet6_compat_ioctl+0x320/0x320 [ 1256.747769] ? __sock_sendmsg+0x55/0x190 [ 1256.748646] sendmsg_copy_msghdr+0xa1/0x160 [ 1256.749556] ? do_recvmmsg+0x6d0/0x6d0 [ 1256.750389] ? __lock_acquire+0x1657/0x5b00 [ 1256.751314] ___sys_sendmsg+0xc6/0x170 [ 1256.752142] ? sendmsg_copy_msghdr+0x160/0x160 [ 1256.753108] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1256.754042] ? _raw_spin_unlock_irq+0x27/0x30 [ 1256.754994] ? lock_acquire+0x197/0x470 [ 1256.755836] ? find_held_lock+0x2c/0x110 [ 1256.756712] ? __might_fault+0xd3/0x180 [ 1256.757556] ? lock_downgrade+0x6d0/0x6d0 [ 1256.758442] __sys_sendmmsg+0x195/0x470 [ 1256.759283] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1256.760210] ? lock_downgrade+0x6d0/0x6d0 [ 1256.761101] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1256.762122] ? wait_for_completion_io+0x270/0x270 [ 1256.763145] ? rcu_read_lock_any_held+0x75/0xa0 [ 1256.764130] ? vfs_write+0x354/0xb10 [ 1256.764918] ? fput_many+0x2f/0x1a0 [ 1256.765688] ? ksys_write+0x1a9/0x260 [ 1256.766493] ? __ia32_sys_read+0xb0/0xb0 [ 1256.767359] __x64_sys_sendmmsg+0x99/0x100 [ 1256.768264] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1256.769353] do_syscall_64+0x33/0x40 [ 1256.770138] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1256.771219] RIP: 0033:0x7fb74c37db19 [ 1256.772001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1256.775902] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1256.777518] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1256.779028] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1256.780557] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1256.782072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1256.783594] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:04:21 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:21 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1256.835275] loop3: detected capacity change from 0 to 2048 [ 1256.844600] EXT4-fs (loop3): Unrecognized mount option "À" or missing value 07:04:21 executing program 5: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:21 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:21 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:21 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 45) 07:04:21 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1257.000683] loop3: detected capacity change from 0 to 2048 [ 1257.046400] FAULT_INJECTION: forcing a failure. [ 1257.046400] name failslab, interval 1, probability 0, space 0, times 0 [ 1257.048913] CPU: 0 PID: 8287 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1257.050356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1257.052118] Call Trace: [ 1257.052689] dump_stack+0x107/0x167 [ 1257.053454] should_fail.cold+0x5/0xa [ 1257.054267] should_failslab+0x5/0x20 [ 1257.055098] __kmalloc_node_track_caller+0x74/0x3b0 [ 1257.056173] ? alloc_skb_with_frags+0x92/0x570 [ 1257.057169] __alloc_skb+0xb1/0x5b0 [ 1257.057955] alloc_skb_with_frags+0x92/0x570 [ 1257.058921] sock_alloc_send_pskb+0x7af/0x930 [ 1257.059900] ? sk_alloc+0x350/0x350 [ 1257.060705] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1257.061829] ? SOFTIRQ_verbose+0x10/0x10 [ 1257.062704] ? lock_release+0x680/0x680 [ 1257.063556] ? find_held_lock+0x2c/0x110 [ 1257.064448] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1257.065541] ? ip_frag_init+0x350/0x350 [ 1257.066409] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1257.067446] ? ip6_mtu+0x1e9/0x3d0 [ 1257.068231] ? ip6_setup_cork+0xfb7/0x1740 [ 1257.069154] ip6_make_skb+0x2df/0x4e0 [ 1257.069984] ? ip_frag_init+0x350/0x350 [ 1257.070854] ? ip_frag_init+0x350/0x350 [ 1257.071724] ? ip6_push_pending_frames+0xf0/0xf0 [ 1257.072781] ? ip6_dst_hoplimit+0x199/0x440 [ 1257.073717] ? lock_downgrade+0x6d0/0x6d0 [ 1257.074635] udpv6_sendmsg+0x2128/0x2b40 [ 1257.075525] ? ip_frag_init+0x350/0x350 [ 1257.076406] ? udp_v6_push_pending_frames+0x360/0x360 [ 1257.077551] ? lock_acquire+0x197/0x470 [ 1257.078414] ? find_held_lock+0x2c/0x110 [ 1257.079312] ? lock_acquire+0x197/0x470 [ 1257.080186] ? find_held_lock+0x2c/0x110 [ 1257.081085] ? sock_has_perm+0x1ea/0x280 [ 1257.082001] ? __import_iovec+0x458/0x590 [ 1257.082908] ? udp_v6_push_pending_frames+0x360/0x360 [ 1257.084037] inet6_sendmsg+0x105/0x140 [ 1257.084895] ? inet6_compat_ioctl+0x320/0x320 [ 1257.085879] __sock_sendmsg+0xf2/0x190 [ 1257.086734] ____sys_sendmsg+0x334/0x870 [ 1257.087611] ? sock_write_iter+0x3d0/0x3d0 [ 1257.088500] ? do_recvmmsg+0x6d0/0x6d0 [ 1257.089301] ? __lock_acquire+0x1657/0x5b00 [ 1257.090244] ___sys_sendmsg+0xf3/0x170 [ 1257.091045] ? sendmsg_copy_msghdr+0x160/0x160 [ 1257.092014] ? vmacache_find+0x55/0x2a0 [ 1257.092860] ? lock_acquire+0x197/0x470 [ 1257.093685] ? find_held_lock+0x2c/0x110 [ 1257.094525] ? __might_fault+0xd3/0x180 [ 1257.095339] ? lock_downgrade+0x6d0/0x6d0 [ 1257.096208] ? asm_exc_page_fault+0x1e/0x30 [ 1257.097110] __sys_sendmmsg+0x195/0x470 [ 1257.097931] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1257.098820] ? lock_downgrade+0x6d0/0x6d0 [ 1257.099688] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1257.100680] ? wait_for_completion_io+0x270/0x270 [ 1257.101671] ? rcu_read_lock_any_held+0x75/0xa0 [ 1257.102622] ? vfs_write+0x354/0xb10 [ 1257.103384] ? fput_many+0x2f/0x1a0 [ 1257.104133] ? ksys_write+0x1a9/0x260 [ 1257.104925] ? __ia32_sys_read+0xb0/0xb0 [ 1257.105776] __x64_sys_sendmmsg+0x99/0x100 [ 1257.106644] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1257.107708] do_syscall_64+0x33/0x40 [ 1257.108490] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1257.109541] RIP: 0033:0x7fb74c37db19 [ 1257.110297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1257.114045] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1257.115592] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1257.117065] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1257.118520] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1257.119989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1257.121443] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1257.127082] EXT4-fs (loop3): Unrecognized mount option "À" or missing value 07:04:35 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:04:35 executing program 5: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:35 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 46) 07:04:35 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:35 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:35 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:35 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:35 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1271.271490] FAULT_INJECTION: forcing a failure. [ 1271.271490] name failslab, interval 1, probability 0, space 0, times 0 [ 1271.272979] CPU: 0 PID: 8297 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1271.273797] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1271.274841] Call Trace: [ 1271.275180] dump_stack+0x107/0x167 [ 1271.275651] should_fail.cold+0x5/0xa [ 1271.276140] ? create_object.isra.0+0x3a/0xa20 [ 1271.276727] should_failslab+0x5/0x20 [ 1271.277215] kmem_cache_alloc+0x5b/0x310 [ 1271.277734] create_object.isra.0+0x3a/0xa20 [ 1271.278288] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1271.278942] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1271.279591] ? alloc_skb_with_frags+0x92/0x570 [ 1271.280173] __alloc_skb+0xb1/0x5b0 [ 1271.280660] alloc_skb_with_frags+0x92/0x570 [ 1271.281197] sock_alloc_send_pskb+0x7af/0x930 [ 1271.281768] ? sk_alloc+0x350/0x350 [ 1271.282254] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1271.282910] ? SOFTIRQ_verbose+0x10/0x10 [ 1271.283430] ? lock_release+0x680/0x680 [ 1271.283934] ? find_held_lock+0x2c/0x110 [ 1271.284462] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1271.285099] ? ip_frag_init+0x350/0x350 [ 1271.285614] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1271.286218] ? ip6_mtu+0x1e9/0x3d0 [ 1271.286665] ? ip6_setup_cork+0xfb7/0x1740 [ 1271.287210] ip6_make_skb+0x2df/0x4e0 [ 1271.287692] ? ip_frag_init+0x350/0x350 [ 1271.288193] ? ip_frag_init+0x350/0x350 [ 1271.288710] ? ip6_push_pending_frames+0xf0/0xf0 [ 1271.289313] ? ip6_dst_hoplimit+0x199/0x440 [ 1271.289861] ? lock_downgrade+0x6d0/0x6d0 [ 1271.290404] udpv6_sendmsg+0x2128/0x2b40 [ 1271.290924] ? ip_frag_init+0x350/0x350 [ 1271.291429] ? udp_v6_push_pending_frames+0x360/0x360 [ 1271.292082] ? lock_acquire+0x197/0x470 [ 1271.292592] ? find_held_lock+0x2c/0x110 [ 1271.293110] ? lock_acquire+0x197/0x470 [ 1271.293604] ? find_held_lock+0x2c/0x110 [ 1271.294125] ? sock_has_perm+0x1ea/0x280 [ 1271.294653] ? __import_iovec+0x458/0x590 [ 1271.295170] ? udp_v6_push_pending_frames+0x360/0x360 [ 1271.295814] inet6_sendmsg+0x105/0x140 [ 1271.296282] ? inet6_compat_ioctl+0x320/0x320 [ 1271.296853] __sock_sendmsg+0xf2/0x190 [ 1271.297340] ____sys_sendmsg+0x334/0x870 [ 1271.297849] ? sock_write_iter+0x3d0/0x3d0 [ 1271.298359] ? do_recvmmsg+0x6d0/0x6d0 [ 1271.298847] ? __lock_acquire+0x1657/0x5b00 [ 1271.299392] ___sys_sendmsg+0xf3/0x170 [ 1271.299887] ? sendmsg_copy_msghdr+0x160/0x160 [ 1271.300472] ? vmacache_find+0x55/0x2a0 [ 1271.300959] ? lock_acquire+0x197/0x470 [ 1271.301460] ? find_held_lock+0x2c/0x110 [ 1271.301968] ? __might_fault+0xd3/0x180 [ 1271.302448] ? lock_downgrade+0x6d0/0x6d0 [ 1271.302971] ? asm_exc_page_fault+0x1e/0x30 [ 1271.303518] __sys_sendmmsg+0x195/0x470 [ 1271.304028] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1271.304574] ? lock_downgrade+0x6d0/0x6d0 [ 1271.305081] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1271.305694] ? wait_for_completion_io+0x270/0x270 [ 1271.306274] ? rcu_read_lock_any_held+0x75/0xa0 [ 1271.306857] ? vfs_write+0x354/0xb10 [ 1271.307306] ? fput_many+0x2f/0x1a0 [ 1271.307760] ? ksys_write+0x1a9/0x260 [ 1271.308244] ? __ia32_sys_read+0xb0/0xb0 [ 1271.308768] __x64_sys_sendmmsg+0x99/0x100 [ 1271.309296] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1271.309939] do_syscall_64+0x33/0x40 [ 1271.310402] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1271.311057] RIP: 0033:0x7fb74c37db19 [ 1271.311506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1271.313787] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1271.314727] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1271.315614] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1271.316493] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1271.317378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1271.318256] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1271.320604] loop3: detected capacity change from 0 to 2048 [ 1271.349644] EXT4-fs (loop3): Unrecognized mount option "À" or missing value 07:04:35 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:35 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:35 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:35 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:35 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6", 0x66, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:35 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1271.505063] loop3: detected capacity change from 0 to 2048 [ 1271.524871] EXT4-fs warning (device loop3): ext4_fill_super:4104: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 1271.526299] EXT4-fs (loop3): VFS: Found ext4 filesystem with unknown checksum algorithm. 07:04:50 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:04:50 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:50 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 47) [ 1285.801505] FAULT_INJECTION: forcing a failure. [ 1285.801505] name failslab, interval 1, probability 0, space 0, times 0 [ 1285.802260] loop3: detected capacity change from 0 to 2048 [ 1285.804231] CPU: 1 PID: 8341 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1285.806772] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1285.808523] Call Trace: [ 1285.809079] dump_stack+0x107/0x167 [ 1285.809844] should_fail.cold+0x5/0xa [ 1285.810640] ? ip6_setup_cork+0x1e4/0x1740 [ 1285.811531] should_failslab+0x5/0x20 [ 1285.812320] kmem_cache_alloc_trace+0x55/0x320 [ 1285.813306] ip6_setup_cork+0x1e4/0x1740 [ 1285.814160] ip6_make_skb+0x22c/0x4e0 [ 1285.814951] ? ip_frag_init+0x350/0x350 [ 1285.815779] ? ip6_push_pending_frames+0xf0/0xf0 [ 1285.816770] ? ip6_dst_hoplimit+0x199/0x440 [ 1285.817654] ? lock_downgrade+0x6d0/0x6d0 [ 1285.818559] udpv6_sendmsg+0x2128/0x2b40 [ 1285.819385] EXT4-fs (loop3): Unrecognized mount option "À" or missing value [ 1285.819403] ? ip_frag_init+0x350/0x350 [ 1285.819435] ? udp_v6_push_pending_frames+0x360/0x360 [ 1285.822824] ? perf_event_task_disable+0x390/0x390 [ 1285.823870] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1285.824908] ? lock_acquire+0x197/0x470 [ 1285.825751] ? find_held_lock+0x2c/0x110 [ 1285.826623] ? sock_has_perm+0x1ea/0x280 [ 1285.827506] ? __import_iovec+0x458/0x590 [ 1285.828385] ? udp_v6_push_pending_frames+0x360/0x360 [ 1285.829490] inet6_sendmsg+0x105/0x140 [ 1285.830311] ? inet6_compat_ioctl+0x320/0x320 [ 1285.831264] __sock_sendmsg+0xf2/0x190 [ 1285.832090] ____sys_sendmsg+0x334/0x870 [ 1285.832970] ? sock_write_iter+0x3d0/0x3d0 [ 1285.833866] ? do_recvmmsg+0x6d0/0x6d0 [ 1285.834700] ? __lock_acquire+0x1657/0x5b00 [ 1285.835638] ___sys_sendmsg+0xf3/0x170 [ 1285.836485] ? sendmsg_copy_msghdr+0x160/0x160 [ 1285.837454] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1285.838405] ? _raw_spin_unlock_irq+0x27/0x30 [ 1285.839358] ? lock_acquire+0x197/0x470 [ 1285.840204] ? find_held_lock+0x2c/0x110 [ 1285.841094] ? __might_fault+0xd3/0x180 [ 1285.841940] ? lock_downgrade+0x6d0/0x6d0 [ 1285.842838] __sys_sendmmsg+0x195/0x470 [ 1285.843688] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1285.844614] ? lock_downgrade+0x6d0/0x6d0 [ 1285.845517] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1285.846543] ? wait_for_completion_io+0x270/0x270 [ 1285.847567] ? rcu_read_lock_any_held+0x75/0xa0 [ 1285.848567] ? vfs_write+0x354/0xb10 [ 1285.849353] ? fput_many+0x2f/0x1a0 [ 1285.850124] ? ksys_write+0x1a9/0x260 [ 1285.850934] ? __ia32_sys_read+0xb0/0xb0 [ 1285.851799] __x64_sys_sendmmsg+0x99/0x100 [ 1285.852704] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1285.853792] do_syscall_64+0x33/0x40 [ 1285.854591] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1285.855682] RIP: 0033:0x7fb74c37db19 [ 1285.856490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1285.860389] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1285.862027] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1285.863537] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1285.865061] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1285.866570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1285.868076] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:04:50 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 48) 07:04:50 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:04:50 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:04:50 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1286.045061] FAULT_INJECTION: forcing a failure. [ 1286.045061] name failslab, interval 1, probability 0, space 0, times 0 [ 1286.047591] CPU: 0 PID: 8357 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1286.049032] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1286.050781] Call Trace: [ 1286.051343] dump_stack+0x107/0x167 [ 1286.052111] should_fail.cold+0x5/0xa [ 1286.052926] ? create_object.isra.0+0x3a/0xa20 [ 1286.053884] should_failslab+0x5/0x20 [ 1286.054687] kmem_cache_alloc+0x5b/0x310 [ 1286.055549] create_object.isra.0+0x3a/0xa20 [ 1286.056475] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1286.057555] kmem_cache_alloc_trace+0x151/0x320 [ 1286.058540] ip6_setup_cork+0x1e4/0x1740 [ 1286.059399] ip6_make_skb+0x22c/0x4e0 [ 1286.060203] ? ip_frag_init+0x350/0x350 [ 1286.061050] ? ip6_push_pending_frames+0xf0/0xf0 [ 1286.062055] ? ip6_dst_hoplimit+0x199/0x440 [ 1286.062964] ? lock_downgrade+0x6d0/0x6d0 [ 1286.063852] udpv6_sendmsg+0x2128/0x2b40 [ 1286.064002] loop3: detected capacity change from 0 to 2048 [ 1286.064716] ? ip_frag_init+0x350/0x350 [ 1286.064747] ? udp_v6_push_pending_frames+0x360/0x360 [ 1286.064774] ? perf_event_task_disable+0x390/0x390 [ 1286.064797] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1286.064825] ? lock_acquire+0x197/0x470 [ 1286.070964] ? find_held_lock+0x2c/0x110 [ 1286.071836] ? sock_has_perm+0x1ea/0x280 [ 1286.072723] ? __import_iovec+0x458/0x590 [ 1286.073594] ? udp_v6_push_pending_frames+0x360/0x360 [ 1286.074673] inet6_sendmsg+0x105/0x140 [ 1286.075501] ? inet6_compat_ioctl+0x320/0x320 [ 1286.075735] EXT4-fs (loop3): Unrecognized mount option "À" or missing value [ 1286.076443] __sock_sendmsg+0xf2/0x190 [ 1286.076478] ____sys_sendmsg+0x334/0x870 [ 1286.076506] ? sock_write_iter+0x3d0/0x3d0 [ 1286.080525] ? do_recvmmsg+0x6d0/0x6d0 [ 1286.081346] ? __lock_acquire+0x1657/0x5b00 [ 1286.082265] ___sys_sendmsg+0xf3/0x170 [ 1286.083090] ? sendmsg_copy_msghdr+0x160/0x160 [ 1286.084048] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1286.084993] ? _raw_spin_unlock_irq+0x27/0x30 [ 1286.085941] ? lock_acquire+0x197/0x470 [ 1286.086767] ? find_held_lock+0x2c/0x110 [ 1286.087620] ? __might_fault+0xd3/0x180 [ 1286.088471] ? lock_downgrade+0x6d0/0x6d0 [ 1286.089361] __sys_sendmmsg+0x195/0x470 [ 1286.090199] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1286.091145] ? lock_downgrade+0x6d0/0x6d0 [ 1286.092089] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1286.093114] ? wait_for_completion_io+0x270/0x270 [ 1286.094131] ? rcu_read_lock_any_held+0x75/0xa0 [ 1286.095104] ? vfs_write+0x354/0xb10 [ 1286.095934] ? fput_many+0x2f/0x1a0 [ 1286.096756] ? ksys_write+0x1a9/0x260 [ 1286.097560] ? __ia32_sys_read+0xb0/0xb0 [ 1286.098428] __x64_sys_sendmmsg+0x99/0x100 [ 1286.099318] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1286.100397] do_syscall_64+0x33/0x40 [ 1286.101189] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1286.102260] RIP: 0033:0x7fb74c37db19 [ 1286.103037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1286.107045] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1286.108690] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1286.110247] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1286.111746] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1286.113308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1286.114861] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:04:50 executing program 0: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:05:07 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 49) 07:05:07 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618", 0x65, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:05:07 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 0: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1303.050587] loop3: detected capacity change from 0 to 2048 [ 1303.062940] FAULT_INJECTION: forcing a failure. [ 1303.062940] name failslab, interval 1, probability 0, space 0, times 0 [ 1303.065862] CPU: 0 PID: 8388 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1303.067361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1303.069192] Call Trace: [ 1303.069772] dump_stack+0x107/0x167 [ 1303.070573] should_fail.cold+0x5/0xa [ 1303.071413] should_failslab+0x5/0x20 [ 1303.072249] __kmalloc_track_caller+0x79/0x370 [ 1303.073256] ? ip6_setup_cork+0x518/0x1740 [ 1303.074187] kmemdup+0x23/0x50 [ 1303.074893] ip6_setup_cork+0x518/0x1740 [ 1303.075792] ip6_make_skb+0x22c/0x4e0 [ 1303.076628] ? ip_frag_init+0x350/0x350 [ 1303.077514] ? ip6_push_pending_frames+0xf0/0xf0 [ 1303.078563] ? ip6_dst_hoplimit+0x199/0x440 [ 1303.079511] ? lock_downgrade+0x6d0/0x6d0 [ 1303.080419] udpv6_sendmsg+0x2128/0x2b40 [ 1303.081319] ? ip_frag_init+0x350/0x350 [ 1303.082200] ? udp_v6_push_pending_frames+0x360/0x360 [ 1303.083339] ? lock_acquire+0x197/0x470 [ 1303.084188] ? find_held_lock+0x2c/0x110 [ 1303.085067] ? lock_acquire+0x197/0x470 [ 1303.085921] ? find_held_lock+0x2c/0x110 [ 1303.086788] ? sock_has_perm+0x1ea/0x280 [ 1303.087674] ? __import_iovec+0x458/0x590 [ 1303.088551] ? udp_v6_push_pending_frames+0x360/0x360 [ 1303.089648] inet6_sendmsg+0x105/0x140 [ 1303.090469] ? inet6_compat_ioctl+0x320/0x320 [ 1303.091423] __sock_sendmsg+0xf2/0x190 [ 1303.092242] ____sys_sendmsg+0x334/0x870 [ 1303.093112] ? sock_write_iter+0x3d0/0x3d0 [ 1303.093991] ? do_recvmmsg+0x6d0/0x6d0 [ 1303.094806] ? __lock_acquire+0x1657/0x5b00 [ 1303.095733] ___sys_sendmsg+0xf3/0x170 [ 1303.096568] ? sendmsg_copy_msghdr+0x160/0x160 [ 1303.097526] ? vmacache_find+0x55/0x2a0 [ 1303.098367] ? lock_acquire+0x197/0x470 [ 1303.099205] ? find_held_lock+0x2c/0x110 [ 1303.100059] ? __might_fault+0xd3/0x180 [ 1303.100916] ? lock_downgrade+0x6d0/0x6d0 [ 1303.101795] ? asm_exc_page_fault+0x1e/0x30 [ 1303.102724] __sys_sendmmsg+0x195/0x470 [ 1303.103559] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1303.104465] ? lock_downgrade+0x6d0/0x6d0 [ 1303.105360] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1303.106375] ? wait_for_completion_io+0x270/0x270 [ 1303.107390] ? rcu_read_lock_any_held+0x75/0xa0 [ 1303.108364] ? vfs_write+0x354/0xb10 [ 1303.109166] ? fput_many+0x2f/0x1a0 [ 1303.109926] EXT4-fs (loop3): Unrecognized mount option "À" or missing value [ 1303.111406] ? ksys_write+0x1a9/0x260 [ 1303.112206] ? __ia32_sys_read+0xb0/0xb0 [ 1303.113070] __x64_sys_sendmmsg+0x99/0x100 [ 1303.113963] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1303.115047] do_syscall_64+0x33/0x40 [ 1303.115826] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1303.116930] RIP: 0033:0x7fb74c37db19 [ 1303.117707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1303.121593] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1303.123175] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1303.124684] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1303.126184] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1303.127691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1303.129228] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:05:07 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 0: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 50) 07:05:07 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 0: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:07 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6", 0x66}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:05:07 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1303.366099] FAULT_INJECTION: forcing a failure. [ 1303.366099] name failslab, interval 1, probability 0, space 0, times 0 [ 1303.368833] CPU: 1 PID: 8400 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1303.370284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1303.372055] Call Trace: [ 1303.372621] dump_stack+0x107/0x167 [ 1303.373388] should_fail.cold+0x5/0xa [ 1303.374186] ? create_object.isra.0+0x3a/0xa20 [ 1303.375123] should_failslab+0x5/0x20 [ 1303.375928] kmem_cache_alloc+0x5b/0x310 [ 1303.376797] ? lock_downgrade+0x6d0/0x6d0 [ 1303.377680] create_object.isra.0+0x3a/0xa20 [ 1303.378585] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1303.379640] __kmalloc_track_caller+0x177/0x370 [ 1303.380610] ? ip6_setup_cork+0x518/0x1740 [ 1303.381501] kmemdup+0x23/0x50 [ 1303.382186] ip6_setup_cork+0x518/0x1740 [ 1303.383032] ip6_make_skb+0x22c/0x4e0 [ 1303.383847] ? ip_frag_init+0x350/0x350 [ 1303.384700] ? ip6_push_pending_frames+0xf0/0xf0 [ 1303.385697] ? ip6_dst_hoplimit+0x199/0x440 [ 1303.386621] ? lock_downgrade+0x6d0/0x6d0 [ 1303.387534] udpv6_sendmsg+0x2128/0x2b40 [ 1303.388393] ? ip_frag_init+0x350/0x350 [ 1303.389259] ? udp_v6_push_pending_frames+0x360/0x360 [ 1303.390346] ? perf_event_task_disable+0x390/0x390 [ 1303.391406] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1303.392459] ? lock_acquire+0x197/0x470 [ 1303.393292] ? find_held_lock+0x2c/0x110 [ 1303.394127] ? sock_has_perm+0x1ea/0x280 [ 1303.394992] ? __import_iovec+0x458/0x590 [ 1303.395878] ? udp_v6_push_pending_frames+0x360/0x360 [ 1303.397007] inet6_sendmsg+0x105/0x140 [ 1303.397849] ? inet6_compat_ioctl+0x320/0x320 [ 1303.398804] __sock_sendmsg+0xf2/0x190 [ 1303.399654] ____sys_sendmsg+0x334/0x870 [ 1303.400481] ? sock_write_iter+0x3d0/0x3d0 [ 1303.401369] ? do_recvmmsg+0x6d0/0x6d0 [ 1303.402169] ? __lock_acquire+0x1657/0x5b00 [ 1303.403057] ___sys_sendmsg+0xf3/0x170 [ 1303.403874] ? sendmsg_copy_msghdr+0x160/0x160 [ 1303.404853] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1303.405781] ? _raw_spin_unlock_irq+0x27/0x30 [ 1303.406733] ? lock_acquire+0x197/0x470 [ 1303.407581] ? find_held_lock+0x2c/0x110 [ 1303.408427] ? __might_fault+0xd3/0x180 [ 1303.409261] ? lock_downgrade+0x6d0/0x6d0 [ 1303.410131] __sys_sendmmsg+0x195/0x470 [ 1303.410961] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1303.411853] ? lock_downgrade+0x6d0/0x6d0 [ 1303.412707] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1303.413697] ? wait_for_completion_io+0x270/0x270 [ 1303.414683] ? rcu_read_lock_any_held+0x75/0xa0 [ 1303.415638] ? vfs_write+0x354/0xb10 [ 1303.416421] ? fput_many+0x2f/0x1a0 [ 1303.417198] ? ksys_write+0x1a9/0x260 [ 1303.417986] ? __ia32_sys_read+0xb0/0xb0 [ 1303.418836] __x64_sys_sendmmsg+0x99/0x100 [ 1303.419732] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1303.420840] do_syscall_64+0x33/0x40 [ 1303.421655] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1303.422767] RIP: 0033:0x7fb74c37db19 [ 1303.423575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1303.427440] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1303.429083] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1303.430563] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1303.432041] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1303.433549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1303.435037] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1303.467054] EXT4-fs (loop3): VFS: Can't find ext4 filesystem 07:05:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:26 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:05:26 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 51) 07:05:26 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:26 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, 0x0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:26 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:26 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6", 0x66}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:05:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1322.206412] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [ 1322.213290] FAULT_INJECTION: forcing a failure. [ 1322.213290] name failslab, interval 1, probability 0, space 0, times 0 [ 1322.214657] CPU: 1 PID: 8421 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1322.215467] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1322.216433] Call Trace: [ 1322.216749] dump_stack+0x107/0x167 [ 1322.217179] should_fail.cold+0x5/0xa [ 1322.217633] ? create_object.isra.0+0x3a/0xa20 [ 1322.218171] should_failslab+0x5/0x20 [ 1322.218626] kmem_cache_alloc+0x5b/0x310 [ 1322.219098] ? lock_downgrade+0x6d0/0x6d0 [ 1322.219584] create_object.isra.0+0x3a/0xa20 [ 1322.220093] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1322.220685] __kmalloc_track_caller+0x177/0x370 [ 1322.221246] ? ip6_setup_cork+0x518/0x1740 [ 1322.221743] kmemdup+0x23/0x50 [ 1322.222115] ip6_setup_cork+0x518/0x1740 [ 1322.222592] ip6_make_skb+0x22c/0x4e0 [ 1322.223036] ? ip_frag_init+0x350/0x350 [ 1322.223500] ? ip6_push_pending_frames+0xf0/0xf0 [ 1322.224057] ? ip6_dst_hoplimit+0x199/0x440 [ 1322.224560] ? lock_downgrade+0x6d0/0x6d0 [ 1322.225059] udpv6_sendmsg+0x2128/0x2b40 [ 1322.225534] ? ip_frag_init+0x350/0x350 [ 1322.226005] ? udp_v6_push_pending_frames+0x360/0x360 [ 1322.226611] ? perf_event_task_disable+0x390/0x390 [ 1322.227184] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1322.227750] ? lock_acquire+0x197/0x470 [ 1322.228213] ? find_held_lock+0x2c/0x110 [ 1322.228693] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1322.229330] ? sock_has_perm+0x1ea/0x280 [ 1322.229816] ? __import_iovec+0x458/0x590 [ 1322.230301] ? udp_v6_push_pending_frames+0x360/0x360 [ 1322.230904] inet6_sendmsg+0x105/0x140 [ 1322.231352] ? inet6_compat_ioctl+0x320/0x320 [ 1322.231876] __sock_sendmsg+0xf2/0x190 [ 1322.232329] ____sys_sendmsg+0x334/0x870 [ 1322.232807] ? sock_write_iter+0x3d0/0x3d0 [ 1322.233300] ? do_recvmmsg+0x6d0/0x6d0 [ 1322.233752] ? __lock_acquire+0x1657/0x5b00 [ 1322.234258] ___sys_sendmsg+0xf3/0x170 [ 1322.234708] ? sendmsg_copy_msghdr+0x160/0x160 [ 1322.235234] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1322.235838] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1322.236352] ? trace_hardirqs_on+0x5b/0x180 [ 1322.236865] ? lock_acquire+0x197/0x470 [ 1322.237322] ? find_held_lock+0x2c/0x110 [ 1322.237795] ? __might_fault+0xd3/0x180 [ 1322.238255] ? lock_downgrade+0x6d0/0x6d0 [ 1322.238748] __sys_sendmmsg+0x195/0x470 [ 1322.239211] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1322.239714] ? lock_downgrade+0x6d0/0x6d0 [ 1322.240203] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1322.240761] ? wait_for_completion_io+0x270/0x270 [ 1322.241329] ? rcu_read_lock_any_held+0x75/0xa0 [ 1322.241864] ? vfs_write+0x354/0xb10 [ 1322.242294] ? fput_many+0x2f/0x1a0 [ 1322.242715] ? ksys_write+0x1a9/0x260 [ 1322.243156] ? __ia32_sys_read+0xb0/0xb0 [ 1322.243629] __x64_sys_sendmmsg+0x99/0x100 [ 1322.244122] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1322.244724] do_syscall_64+0x33/0x40 [ 1322.245163] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1322.245754] RIP: 0033:0x7fb74c37db19 [ 1322.246181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1322.248313] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1322.249206] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1322.250038] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1322.250859] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1322.251675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1322.252497] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:05:26 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6", 0x66}], 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="c000"/15]) 07:05:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1322.326102] EXT4-fs (loop3): VFS: Can't find ext4 filesystem 07:05:26 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 52) 07:05:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:26 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:26 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:26 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6", 0x66, 0x400}], 0x0, 0x0) [ 1322.435777] FAULT_INJECTION: forcing a failure. [ 1322.435777] name failslab, interval 1, probability 0, space 0, times 0 [ 1322.438299] CPU: 0 PID: 8443 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1322.439764] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1322.441549] Call Trace: [ 1322.442121] dump_stack+0x107/0x167 [ 1322.442904] should_fail.cold+0x5/0xa [ 1322.443722] ? create_object.isra.0+0x3a/0xa20 [ 1322.444702] should_failslab+0x5/0x20 [ 1322.445532] kmem_cache_alloc+0x5b/0x310 [ 1322.446400] create_object.isra.0+0x3a/0xa20 [ 1322.447336] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1322.448422] kmem_cache_alloc_node+0x169/0x330 [ 1322.449413] __alloc_skb+0x6d/0x5b0 [ 1322.450198] alloc_skb_with_frags+0x92/0x570 [ 1322.451149] sock_alloc_send_pskb+0x7af/0x930 [ 1322.452122] ? sk_alloc+0x350/0x350 [ 1322.452926] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1322.454047] ? SOFTIRQ_verbose+0x10/0x10 [ 1322.454914] ? lock_release+0x680/0x680 [ 1322.455762] ? find_held_lock+0x2c/0x110 [ 1322.456639] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1322.457734] ? ip_frag_init+0x350/0x350 [ 1322.458603] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1322.459639] ? ip6_mtu+0x1e9/0x3d0 [ 1322.460403] ? ip6_setup_cork+0xfb7/0x1740 [ 1322.461322] ip6_make_skb+0x2df/0x4e0 [ 1322.462141] ? ip_frag_init+0x350/0x350 [ 1322.462996] ? ip_frag_init+0x350/0x350 [ 1322.463853] ? ip6_push_pending_frames+0xf0/0xf0 [ 1322.464884] ? ip6_dst_hoplimit+0x199/0x440 [ 1322.465806] ? lock_downgrade+0x6d0/0x6d0 [ 1322.466715] udpv6_sendmsg+0x2128/0x2b40 [ 1322.467595] ? ip_frag_init+0x350/0x350 [ 1322.468460] ? udp_v6_push_pending_frames+0x360/0x360 [ 1322.469586] ? lock_acquire+0x197/0x470 [ 1322.470442] ? find_held_lock+0x2c/0x110 [ 1322.471312] ? lock_acquire+0x197/0x470 [ 1322.472165] ? find_held_lock+0x2c/0x110 [ 1322.473048] ? sock_has_perm+0x1ea/0x280 [ 1322.473946] ? __import_iovec+0x458/0x590 [ 1322.474843] ? udp_v6_push_pending_frames+0x360/0x360 [ 1322.475947] inet6_sendmsg+0x105/0x140 [ 1322.476779] ? inet6_compat_ioctl+0x320/0x320 [ 1322.477734] __sock_sendmsg+0xf2/0x190 [ 1322.478572] ____sys_sendmsg+0x334/0x870 [ 1322.479430] ? sock_write_iter+0x3d0/0x3d0 [ 1322.480337] ? do_recvmmsg+0x6d0/0x6d0 [ 1322.481181] ? __lock_acquire+0x1657/0x5b00 [ 1322.482115] ___sys_sendmsg+0xf3/0x170 [ 1322.482952] ? sendmsg_copy_msghdr+0x160/0x160 [ 1322.483927] ? vmacache_find+0x55/0x2a0 [ 1322.484777] ? lock_acquire+0x197/0x470 [ 1322.485632] ? find_held_lock+0x2c/0x110 [ 1322.486502] ? __might_fault+0xd3/0x180 [ 1322.487344] ? lock_downgrade+0x6d0/0x6d0 [ 1322.488231] ? asm_exc_page_fault+0x1e/0x30 [ 1322.489164] __sys_sendmmsg+0x195/0x470 [ 1322.490026] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1322.490949] ? lock_downgrade+0x6d0/0x6d0 [ 1322.491853] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1322.492898] ? wait_for_completion_io+0x270/0x270 [ 1322.493938] ? rcu_read_lock_any_held+0x75/0xa0 [ 1322.494941] ? vfs_write+0x354/0xb10 [ 1322.495729] ? fput_many+0x2f/0x1a0 [ 1322.496516] ? ksys_write+0x1a9/0x260 [ 1322.497339] ? __ia32_sys_read+0xb0/0xb0 [ 1322.498223] __x64_sys_sendmmsg+0x99/0x100 [ 1322.499142] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1322.500255] do_syscall_64+0x33/0x40 [ 1322.501067] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1322.502177] RIP: 0033:0x7fb74c37db19 [ 1322.502976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1322.506948] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1322.508597] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1322.510153] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1322.511697] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1322.513253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1322.514795] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1322.538342] loop3: detected capacity change from 0 to 2048 07:05:40 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:05:40 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 53) 07:05:40 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, 0x0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6", 0x66, 0x400}], 0x0, 0x0) [ 1335.796170] FAULT_INJECTION: forcing a failure. [ 1335.796170] name failslab, interval 1, probability 0, space 0, times 0 [ 1335.799081] CPU: 1 PID: 8468 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1335.800597] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1335.802472] Call Trace: [ 1335.803084] dump_stack+0x107/0x167 [ 1335.803909] should_fail.cold+0x5/0xa [ 1335.804773] ? lock_release+0x680/0x680 [ 1335.805683] ? skb_clone+0x14f/0x3d0 [ 1335.806523] should_failslab+0x5/0x20 [ 1335.807375] kmem_cache_alloc+0x5b/0x310 [ 1335.808278] skb_clone+0x14f/0x3d0 [ 1335.809096] dev_queue_xmit_nit+0x3a7/0xb00 [ 1335.810084] dev_hard_start_xmit+0xab/0x6f0 [ 1335.811056] __dev_queue_xmit+0x179a/0x2690 [ 1335.812031] ? find_held_lock+0x2c/0x110 [ 1335.812953] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1335.814006] ? lock_downgrade+0x6d0/0x6d0 [ 1335.814927] ? find_held_lock+0x2c/0x110 [ 1335.815858] ? lockdep_hardirqs_on_prepare+0x129/0x3e0 [ 1335.817040] ip6_finish_output2+0x158f/0x1cf0 [ 1335.818077] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1335.819199] ip6_output+0x302/0x9e0 [ 1335.820013] ? __ip6_finish_output.part.0+0xbc0/0xbc0 [ 1335.821177] ip6_local_out+0xd2/0x4c0 [ 1335.822048] ip6_send_skb+0x117/0x460 [ 1335.822903] udp_v6_send_skb+0x7b7/0x1620 [ 1335.823837] udpv6_sendmsg+0x216b/0x2b40 [ 1335.824754] ? ip_frag_init+0x350/0x350 [ 1335.825693] ? udp_v6_push_pending_frames+0x360/0x360 [ 1335.826875] ? lock_acquire+0x197/0x470 [ 1335.827774] ? find_held_lock+0x2c/0x110 [ 1335.828691] ? lock_acquire+0x197/0x470 [ 1335.829589] ? find_held_lock+0x2c/0x110 [ 1335.830523] ? sock_has_perm+0x1ea/0x280 [ 1335.831457] ? __import_iovec+0x458/0x590 [ 1335.832399] ? udp_v6_push_pending_frames+0x360/0x360 [ 1335.833585] inet6_sendmsg+0x105/0x140 [ 1335.834451] ? inet6_compat_ioctl+0x320/0x320 [ 1335.835451] __sock_sendmsg+0xf2/0x190 [ 1335.836321] ____sys_sendmsg+0x334/0x870 [ 1335.837229] ? sock_write_iter+0x3d0/0x3d0 [ 1335.838174] ? do_recvmmsg+0x6d0/0x6d0 [ 1335.839053] ? __lock_acquire+0x1657/0x5b00 [ 1335.840027] ___sys_sendmsg+0xf3/0x170 [ 1335.840909] ? sendmsg_copy_msghdr+0x160/0x160 [ 1335.841937] ? vmacache_find+0x55/0x2a0 [ 1335.842856] ? lock_acquire+0x197/0x470 [ 1335.843748] ? find_held_lock+0x2c/0x110 [ 1335.844674] ? __might_fault+0xd3/0x180 [ 1335.845567] ? lock_downgrade+0x6d0/0x6d0 [ 1335.846495] ? asm_exc_page_fault+0x1e/0x30 [ 1335.847488] __sys_sendmmsg+0x195/0x470 [ 1335.848398] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1335.849384] ? lock_downgrade+0x6d0/0x6d0 [ 1335.850329] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1335.851401] ? wait_for_completion_io+0x270/0x270 [ 1335.852485] ? rcu_read_lock_any_held+0x75/0xa0 [ 1335.853523] ? vfs_write+0x354/0xb10 [ 1335.854348] ? fput_many+0x2f/0x1a0 [ 1335.855187] ? ksys_write+0x1a9/0x260 [ 1335.856044] ? __ia32_sys_read+0xb0/0xb0 [ 1335.856973] __x64_sys_sendmmsg+0x99/0x100 [ 1335.857934] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1335.859085] do_syscall_64+0x33/0x40 [ 1335.859919] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1335.861083] RIP: 0033:0x7fb74c37db19 [ 1335.861910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1335.866126] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1335.867841] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1335.869438] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1335.871013] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1335.872610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1335.874222] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1335.884449] loop3: detected capacity change from 0 to 2048 07:05:40 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6", 0x66, 0x400}], 0x0, 0x0) 07:05:40 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, 0x0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f00000014c0)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f43ea3e0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b00000000016522a2edf375a756ab8618f6", 0x66, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[]) 07:05:40 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:40 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 54) [ 1336.188778] loop3: detected capacity change from 0 to 2048 [ 1336.203959] EXT4-fs warning (device loop3): ext4_fill_super:4104: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 1336.206658] FAULT_INJECTION: forcing a failure. [ 1336.206658] name failslab, interval 1, probability 0, space 0, times 0 [ 1336.206688] CPU: 0 PID: 8491 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1336.206695] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.206700] Call Trace: [ 1336.206718] dump_stack+0x107/0x167 [ 1336.206732] should_fail.cold+0x5/0xa [ 1336.206748] should_failslab+0x5/0x20 [ 1336.206762] __kmalloc_node_track_caller+0x74/0x3b0 [ 1336.206775] ? alloc_skb_with_frags+0x92/0x570 [ 1336.206797] __alloc_skb+0xb1/0x5b0 [ 1336.209201] EXT4-fs (loop3): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 1336.210124] alloc_skb_with_frags+0x92/0x570 [ 1336.210148] sock_alloc_send_pskb+0x7af/0x930 [ 1336.210168] ? sk_alloc+0x350/0x350 [ 1336.218183] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1336.218882] ? SOFTIRQ_verbose+0x10/0x10 [ 1336.219421] ? lock_release+0x680/0x680 [ 1336.219954] ? find_held_lock+0x2c/0x110 [ 1336.220487] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1336.221159] ? ip_frag_init+0x350/0x350 [ 1336.221690] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1336.222327] ? ip6_mtu+0x1e9/0x3d0 [ 1336.222804] ? ip6_setup_cork+0xfb7/0x1740 [ 1336.223361] ip6_make_skb+0x2df/0x4e0 [ 1336.223859] ? ip_frag_init+0x350/0x350 [ 1336.224389] ? ip_frag_init+0x350/0x350 [ 1336.224912] ? ip6_push_pending_frames+0xf0/0xf0 [ 1336.225559] ? ip6_dst_hoplimit+0x199/0x440 [ 1336.226131] ? lock_downgrade+0x6d0/0x6d0 [ 1336.226698] udpv6_sendmsg+0x2128/0x2b40 [ 1336.227240] ? ip_frag_init+0x350/0x350 [ 1336.227764] ? udp_v6_push_pending_frames+0x360/0x360 [ 1336.228442] ? perf_event_task_disable+0x390/0x390 [ 1336.229103] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1336.229745] ? lock_acquire+0x197/0x470 [ 1336.230262] ? find_held_lock+0x2c/0x110 [ 1336.230805] ? sock_has_perm+0x1ea/0x280 [ 1336.231353] ? __import_iovec+0x458/0x590 [ 1336.231893] ? udp_v6_push_pending_frames+0x360/0x360 [ 1336.232571] inet6_sendmsg+0x105/0x140 [ 1336.233080] ? inet6_compat_ioctl+0x320/0x320 [ 1336.233684] __sock_sendmsg+0xf2/0x190 [ 1336.234198] ____sys_sendmsg+0x334/0x870 [ 1336.234736] ? sock_write_iter+0x3d0/0x3d0 [ 1336.235294] ? do_recvmmsg+0x6d0/0x6d0 [ 1336.235825] ? __lock_acquire+0x1657/0x5b00 [ 1336.236395] ___sys_sendmsg+0xf3/0x170 [ 1336.236911] ? sendmsg_copy_msghdr+0x160/0x160 [ 1336.237523] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1336.238100] ? _raw_spin_unlock_irq+0x27/0x30 [ 1336.238693] ? lock_acquire+0x197/0x470 [ 1336.239213] ? find_held_lock+0x2c/0x110 [ 1336.239753] ? __might_fault+0xd3/0x180 [ 1336.240264] ? lock_downgrade+0x6d0/0x6d0 [ 1336.240818] __sys_sendmmsg+0x195/0x470 [ 1336.241357] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1336.241924] ? lock_downgrade+0x6d0/0x6d0 [ 1336.242465] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1336.243093] ? wait_for_completion_io+0x270/0x270 [ 1336.243723] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.244334] ? vfs_write+0x354/0xb10 [ 1336.244820] ? fput_many+0x2f/0x1a0 [ 1336.245296] ? ksys_write+0x1a9/0x260 [ 1336.245793] ? __ia32_sys_read+0xb0/0xb0 [ 1336.246316] __x64_sys_sendmmsg+0x99/0x100 [ 1336.246874] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.247548] do_syscall_64+0x33/0x40 [ 1336.248033] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.248702] RIP: 0033:0x7fb74c37db19 [ 1336.249194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.251577] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1336.252553] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1336.253484] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1336.254424] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.255330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1336.256243] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:05:54 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:54 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200), 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:54 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:54 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:54 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:54 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 55) 07:05:54 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:05:54 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1350.548232] FAULT_INJECTION: forcing a failure. [ 1350.548232] name failslab, interval 1, probability 0, space 0, times 0 [ 1350.550848] CPU: 0 PID: 8508 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1350.552319] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1350.554132] Call Trace: [ 1350.554702] dump_stack+0x107/0x167 [ 1350.555490] should_fail.cold+0x5/0xa [ 1350.556310] ? lock_release+0x680/0x680 [ 1350.557178] ? skb_clone+0x14f/0x3d0 [ 1350.557991] should_failslab+0x5/0x20 [ 1350.558816] kmem_cache_alloc+0x5b/0x310 [ 1350.559701] skb_clone+0x14f/0x3d0 [ 1350.560472] dev_queue_xmit_nit+0x3a7/0xb00 [ 1350.561438] dev_hard_start_xmit+0xab/0x6f0 [ 1350.562399] __dev_queue_xmit+0x179a/0x2690 [ 1350.563331] ? find_held_lock+0x2c/0x110 [ 1350.564210] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1350.565231] ? lock_downgrade+0x6d0/0x6d0 [ 1350.566100] ? find_held_lock+0x2c/0x110 [ 1350.566989] ? lockdep_hardirqs_on_prepare+0x129/0x3e0 [ 1350.568134] ip6_finish_output2+0x158f/0x1cf0 [ 1350.569119] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1350.570230] ip6_output+0x302/0x9e0 [ 1350.571028] ? __ip6_finish_output.part.0+0xbc0/0xbc0 [ 1350.572149] ip6_local_out+0xd2/0x4c0 [ 1350.572979] ip6_send_skb+0x117/0x460 [ 1350.573849] udp_v6_send_skb+0x7b7/0x1620 [ 1350.574761] udpv6_sendmsg+0x216b/0x2b40 [ 1350.575643] ? ip_frag_init+0x350/0x350 [ 1350.576513] ? udp_v6_push_pending_frames+0x360/0x360 [ 1350.577665] ? perf_event_task_disable+0x390/0x390 [ 1350.578685] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1350.579704] ? lock_acquire+0x197/0x470 [ 1350.580542] ? find_held_lock+0x2c/0x110 [ 1350.581445] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1350.582591] ? sock_has_perm+0x1ea/0x280 [ 1350.583483] ? __import_iovec+0x458/0x590 [ 1350.584362] ? udp_v6_push_pending_frames+0x360/0x360 [ 1350.585490] inet6_sendmsg+0x105/0x140 [ 1350.586321] ? inet6_compat_ioctl+0x320/0x320 [ 1350.587274] __sock_sendmsg+0xf2/0x190 [ 1350.588097] ____sys_sendmsg+0x334/0x870 [ 1350.588958] ? sock_write_iter+0x3d0/0x3d0 [ 1350.589884] ? do_recvmmsg+0x6d0/0x6d0 [ 1350.590711] ? __lock_acquire+0x1657/0x5b00 [ 1350.591646] ___sys_sendmsg+0xf3/0x170 [ 1350.592477] ? sendmsg_copy_msghdr+0x160/0x160 [ 1350.593488] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1350.594435] ? _raw_spin_unlock_irq+0x27/0x30 [ 1350.595385] ? lock_acquire+0x197/0x470 [ 1350.596225] ? find_held_lock+0x2c/0x110 [ 1350.597090] ? __might_fault+0xd3/0x180 [ 1350.597957] ? lock_downgrade+0x6d0/0x6d0 [ 1350.598862] __sys_sendmmsg+0x195/0x470 [ 1350.599713] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1350.600629] ? lock_downgrade+0x6d0/0x6d0 [ 1350.601556] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1350.602583] ? wait_for_completion_io+0x270/0x270 [ 1350.603607] ? rcu_read_lock_any_held+0x75/0xa0 [ 1350.604594] ? vfs_write+0x354/0xb10 [ 1350.605408] ? fput_many+0x2f/0x1a0 [ 1350.606184] ? ksys_write+0x1a9/0x260 [ 1350.606988] ? __ia32_sys_read+0xb0/0xb0 [ 1350.607855] __x64_sys_sendmmsg+0x99/0x100 [ 1350.608779] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1350.609896] do_syscall_64+0x33/0x40 [ 1350.610681] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1350.611775] RIP: 0033:0x7fb74c37db19 [ 1350.612565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1350.616482] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1350.618118] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1350.619621] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1350.621133] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1350.622667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1350.624189] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:05:54 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:55 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:55 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:55 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:55 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:55 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:05:55 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, 0x0, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:06:09 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 56) 07:06:09 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200), 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1365.116342] FAULT_INJECTION: forcing a failure. [ 1365.116342] name failslab, interval 1, probability 0, space 0, times 0 [ 1365.118867] CPU: 1 PID: 8544 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1365.120318] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1365.122075] Call Trace: [ 1365.122653] dump_stack+0x107/0x167 [ 1365.123446] should_fail.cold+0x5/0xa [ 1365.124273] ? create_object.isra.0+0x3a/0xa20 [ 1365.125265] should_failslab+0x5/0x20 [ 1365.126101] kmem_cache_alloc+0x5b/0x310 [ 1365.126990] create_object.isra.0+0x3a/0xa20 [ 1365.127948] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1365.129058] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1365.130175] ? alloc_skb_with_frags+0x92/0x570 [ 1365.131172] __alloc_skb+0xb1/0x5b0 [ 1365.131973] alloc_skb_with_frags+0x92/0x570 [ 1365.132942] sock_alloc_send_pskb+0x7af/0x930 [ 1365.133939] ? sk_alloc+0x350/0x350 [ 1365.134741] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1365.135884] ? SOFTIRQ_verbose+0x10/0x10 [ 1365.136768] ? lock_release+0x680/0x680 [ 1365.137639] ? find_held_lock+0x2c/0x110 [ 1365.138530] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1365.139633] ? ip_frag_init+0x350/0x350 [ 1365.140508] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1365.141571] ? ip6_mtu+0x1e9/0x3d0 [ 1365.142343] ? ip6_setup_cork+0xfb7/0x1740 [ 1365.143269] ip6_make_skb+0x2df/0x4e0 [ 1365.144098] ? ip_frag_init+0x350/0x350 [ 1365.144972] ? ip_frag_init+0x350/0x350 [ 1365.145850] ? ip6_push_pending_frames+0xf0/0xf0 [ 1365.146891] ? ip6_dst_hoplimit+0x199/0x440 [ 1365.147832] ? lock_downgrade+0x6d0/0x6d0 [ 1365.148753] udpv6_sendmsg+0x2128/0x2b40 [ 1365.149654] ? ip_frag_init+0x350/0x350 [ 1365.150536] ? udp_v6_push_pending_frames+0x360/0x360 [ 1365.151663] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1365.152818] ? lock_acquire+0x197/0x470 [ 1365.153690] ? find_held_lock+0x2c/0x110 [ 1365.154579] ? sock_has_perm+0x1ea/0x280 [ 1365.155488] ? __import_iovec+0x458/0x590 [ 1365.156395] ? udp_v6_push_pending_frames+0x360/0x360 [ 1365.157521] inet6_sendmsg+0x105/0x140 [ 1365.158363] ? inet6_compat_ioctl+0x320/0x320 [ 1365.159337] __sock_sendmsg+0xf2/0x190 [ 1365.160186] ____sys_sendmsg+0x334/0x870 [ 1365.161072] ? sock_write_iter+0x3d0/0x3d0 [ 1365.162003] ? do_recvmmsg+0x6d0/0x6d0 [ 1365.162852] ? __lock_acquire+0x1657/0x5b00 [ 1365.163806] ___sys_sendmsg+0xf3/0x170 [ 1365.164657] ? sendmsg_copy_msghdr+0x160/0x160 [ 1365.165656] ? vmacache_find+0x55/0x2a0 [ 1365.166536] ? lock_acquire+0x197/0x470 [ 1365.167402] ? find_held_lock+0x2c/0x110 [ 1365.168292] ? __might_fault+0xd3/0x180 [ 1365.169155] ? lock_downgrade+0x6d0/0x6d0 [ 1365.170063] ? asm_exc_page_fault+0x1e/0x30 [ 1365.171019] __sys_sendmmsg+0x195/0x470 [ 1365.171890] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1365.172851] ? lock_downgrade+0x6d0/0x6d0 [ 1365.173783] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1365.174834] ? wait_for_completion_io+0x270/0x270 [ 1365.175884] ? rcu_read_lock_any_held+0x75/0xa0 [ 1365.176899] ? vfs_write+0x354/0xb10 [ 1365.177712] ? fput_many+0x2f/0x1a0 [ 1365.178503] ? ksys_write+0x1a9/0x260 [ 1365.179333] ? __ia32_sys_read+0xb0/0xb0 [ 1365.180223] __x64_sys_sendmmsg+0x99/0x100 [ 1365.181143] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1365.182271] do_syscall_64+0x33/0x40 [ 1365.183083] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1365.184198] RIP: 0033:0x7fb74c37db19 [ 1365.185006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1365.189008] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1365.190669] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1365.192218] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1365.193773] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1365.195329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1365.196881] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:06:09 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:09 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 57) 07:06:09 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1365.527426] FAULT_INJECTION: forcing a failure. [ 1365.527426] name failslab, interval 1, probability 0, space 0, times 0 [ 1365.530397] CPU: 0 PID: 8566 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1365.532006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1365.533996] Call Trace: [ 1365.534625] dump_stack+0x107/0x167 [ 1365.535485] should_fail.cold+0x5/0xa [ 1365.536378] ? ip6_setup_cork+0x1e4/0x1740 [ 1365.537396] should_failslab+0x5/0x20 [ 1365.538292] kmem_cache_alloc_trace+0x55/0x320 [ 1365.539362] ip6_setup_cork+0x1e4/0x1740 [ 1365.540321] ip6_make_skb+0x22c/0x4e0 [ 1365.541212] ? ip_frag_init+0x350/0x350 [ 1365.542253] ? ip6_push_pending_frames+0xf0/0xf0 [ 1365.543513] ? ip6_dst_hoplimit+0x199/0x440 [ 1365.544520] ? lock_downgrade+0x6d0/0x6d0 [ 1365.545537] udpv6_sendmsg+0x2128/0x2b40 [ 1365.546491] ? ip_frag_init+0x350/0x350 [ 1365.547431] ? udp_v6_push_pending_frames+0x360/0x360 [ 1365.548639] ? perf_event_task_disable+0x390/0x390 [ 1365.549803] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1365.550922] ? lock_acquire+0x197/0x470 [ 1365.551841] ? find_held_lock+0x2c/0x110 [ 1365.552794] ? sock_has_perm+0x1ea/0x280 [ 1365.553780] ? __import_iovec+0x458/0x590 [ 1365.554739] ? udp_v6_push_pending_frames+0x360/0x360 [ 1365.555931] inet6_sendmsg+0x105/0x140 [ 1365.556825] ? inet6_compat_ioctl+0x320/0x320 [ 1365.557890] __sock_sendmsg+0xf2/0x190 [ 1365.558793] ____sys_sendmsg+0x334/0x870 [ 1365.559736] ? sock_write_iter+0x3d0/0x3d0 [ 1365.560712] ? do_recvmmsg+0x6d0/0x6d0 [ 1365.561643] ? __lock_acquire+0x1657/0x5b00 [ 1365.562650] ___sys_sendmsg+0xf3/0x170 [ 1365.563545] ? sendmsg_copy_msghdr+0x160/0x160 [ 1365.564595] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1365.565638] ? _raw_spin_unlock_irq+0x27/0x30 [ 1365.566672] ? lock_acquire+0x197/0x470 [ 1365.567580] ? find_held_lock+0x2c/0x110 [ 1365.568517] ? __might_fault+0xd3/0x180 [ 1365.569449] ? lock_downgrade+0x6d0/0x6d0 [ 1365.570424] __sys_sendmmsg+0x195/0x470 [ 1365.571356] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1365.572344] ? lock_downgrade+0x6d0/0x6d0 [ 1365.573324] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1365.574445] ? wait_for_completion_io+0x270/0x270 [ 1365.575552] ? rcu_read_lock_any_held+0x75/0xa0 [ 1365.576608] ? vfs_write+0x354/0xb10 [ 1365.577474] ? fput_many+0x2f/0x1a0 [ 1365.578301] ? ksys_write+0x1a9/0x260 [ 1365.579166] ? __ia32_sys_read+0xb0/0xb0 [ 1365.580097] __x64_sys_sendmmsg+0x99/0x100 [ 1365.581058] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1365.582250] do_syscall_64+0x33/0x40 [ 1365.583093] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1365.584253] RIP: 0033:0x7fb74c37db19 [ 1365.585099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1365.589277] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1365.591013] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1365.592622] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1365.594247] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1365.595862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1365.597492] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:06:24 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 58) 07:06:24 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, 0x0, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:06:24 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200), 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1380.191456] FAULT_INJECTION: forcing a failure. [ 1380.191456] name failslab, interval 1, probability 0, space 0, times 0 [ 1380.193045] CPU: 1 PID: 8585 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1380.194002] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1380.195146] Call Trace: [ 1380.195516] dump_stack+0x107/0x167 [ 1380.196020] should_fail.cold+0x5/0xa [ 1380.196548] ? ip6_setup_cork+0x1e4/0x1740 [ 1380.197134] should_failslab+0x5/0x20 [ 1380.197668] kmem_cache_alloc_trace+0x55/0x320 [ 1380.198306] ip6_setup_cork+0x1e4/0x1740 [ 1380.198873] ip6_make_skb+0x22c/0x4e0 [ 1380.199400] ? ip_frag_init+0x350/0x350 [ 1380.199952] ? ip6_push_pending_frames+0xf0/0xf0 [ 1380.200615] ? ip6_dst_hoplimit+0x199/0x440 [ 1380.201212] ? lock_downgrade+0x6d0/0x6d0 [ 1380.201805] udpv6_sendmsg+0x2128/0x2b40 [ 1380.202370] ? ip_frag_init+0x350/0x350 [ 1380.202925] ? udp_v6_push_pending_frames+0x360/0x360 [ 1380.203644] ? lock_acquire+0x197/0x470 [ 1380.204189] ? find_held_lock+0x2c/0x110 [ 1380.204756] ? lock_acquire+0x197/0x470 [ 1380.205297] ? find_held_lock+0x2c/0x110 [ 1380.205876] ? sock_has_perm+0x1ea/0x280 [ 1380.206446] ? __import_iovec+0x458/0x590 [ 1380.207011] ? udp_v6_push_pending_frames+0x360/0x360 [ 1380.207715] inet6_sendmsg+0x105/0x140 [ 1380.208243] ? inet6_compat_ioctl+0x320/0x320 [ 1380.208860] __sock_sendmsg+0xf2/0x190 [ 1380.209393] ____sys_sendmsg+0x334/0x870 [ 1380.209955] ? sock_write_iter+0x3d0/0x3d0 [ 1380.210533] ? do_recvmmsg+0x6d0/0x6d0 [ 1380.211067] ? __lock_acquire+0x1657/0x5b00 [ 1380.211669] ___sys_sendmsg+0xf3/0x170 [ 1380.212203] ? sendmsg_copy_msghdr+0x160/0x160 [ 1380.212828] ? vmacache_find+0x55/0x2a0 [ 1380.213383] ? lock_acquire+0x197/0x470 [ 1380.213933] ? find_held_lock+0x2c/0x110 [ 1380.214492] ? __might_fault+0xd3/0x180 [ 1380.215039] ? lock_downgrade+0x6d0/0x6d0 [ 1380.215609] ? asm_exc_page_fault+0x1e/0x30 [ 1380.216212] __sys_sendmmsg+0x195/0x470 [ 1380.216760] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1380.217347] ? lock_downgrade+0x6d0/0x6d0 [ 1380.217928] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1380.218585] ? wait_for_completion_io+0x270/0x270 [ 1380.219244] ? rcu_read_lock_any_held+0x75/0xa0 [ 1380.219876] ? vfs_write+0x354/0xb10 [ 1380.220384] ? fput_many+0x2f/0x1a0 [ 1380.220883] ? ksys_write+0x1a9/0x260 [ 1380.221402] ? __ia32_sys_read+0xb0/0xb0 [ 1380.221969] __x64_sys_sendmmsg+0x99/0x100 [ 1380.222550] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1380.223255] do_syscall_64+0x33/0x40 [ 1380.223765] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1380.224468] RIP: 0033:0x7fb74c37db19 [ 1380.224978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1380.227502] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1380.228536] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1380.229552] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1380.230520] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1380.231487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1380.232456] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:06:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 59) 07:06:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:24 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1380.501066] FAULT_INJECTION: forcing a failure. [ 1380.501066] name failslab, interval 1, probability 0, space 0, times 0 [ 1380.504042] CPU: 0 PID: 8606 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1380.505641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1380.507564] Call Trace: [ 1380.508181] dump_stack+0x107/0x167 [ 1380.509028] should_fail.cold+0x5/0xa [ 1380.509928] should_failslab+0x5/0x20 [ 1380.510812] __kmalloc_track_caller+0x79/0x370 [ 1380.511870] ? ip6_setup_cork+0x518/0x1740 [ 1380.512853] kmemdup+0x23/0x50 [ 1380.513608] ip6_setup_cork+0x518/0x1740 [ 1380.514560] ip6_make_skb+0x22c/0x4e0 [ 1380.515444] ? ip_frag_init+0x350/0x350 [ 1380.516369] ? ip6_push_pending_frames+0xf0/0xf0 [ 1380.517489] ? ip6_dst_hoplimit+0x199/0x440 [ 1380.518493] ? lock_downgrade+0x6d0/0x6d0 [ 1380.519476] udpv6_sendmsg+0x2128/0x2b40 [ 1380.520425] ? ip_frag_init+0x350/0x350 [ 1380.521358] ? udp_v6_push_pending_frames+0x360/0x360 [ 1380.522579] ? lock_acquire+0x197/0x470 [ 1380.523500] ? find_held_lock+0x2c/0x110 [ 1380.524454] ? lock_acquire+0x197/0x470 [ 1380.525375] ? find_held_lock+0x2c/0x110 [ 1380.526343] ? sock_has_perm+0x1ea/0x280 [ 1380.527311] ? __import_iovec+0x458/0x590 [ 1380.528275] ? udp_v6_push_pending_frames+0x360/0x360 [ 1380.529484] inet6_sendmsg+0x105/0x140 [ 1380.530390] ? inet6_compat_ioctl+0x320/0x320 [ 1380.531430] __sock_sendmsg+0xf2/0x190 [ 1380.532337] ____sys_sendmsg+0x334/0x870 [ 1380.533284] ? sock_write_iter+0x3d0/0x3d0 [ 1380.534285] ? do_recvmmsg+0x6d0/0x6d0 [ 1380.535192] ? __lock_acquire+0x1657/0x5b00 [ 1380.536209] ___sys_sendmsg+0xf3/0x170 [ 1380.537118] ? sendmsg_copy_msghdr+0x160/0x160 [ 1380.538186] ? vmacache_find+0x55/0x2a0 [ 1380.539124] ? lock_acquire+0x197/0x470 [ 1380.540045] ? find_held_lock+0x2c/0x110 [ 1380.540994] ? __might_fault+0xd3/0x180 [ 1380.541924] ? lock_downgrade+0x6d0/0x6d0 [ 1380.542887] ? asm_exc_page_fault+0x1e/0x30 [ 1380.543909] __sys_sendmmsg+0x195/0x470 [ 1380.544840] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1380.545852] ? lock_downgrade+0x6d0/0x6d0 [ 1380.546831] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1380.547952] ? wait_for_completion_io+0x270/0x270 [ 1380.549075] ? rcu_read_lock_any_held+0x75/0xa0 [ 1380.550142] ? vfs_write+0x354/0xb10 [ 1380.550985] ? fput_many+0x2f/0x1a0 [ 1380.551822] ? ksys_write+0x1a9/0x260 [ 1380.552684] ? __ia32_sys_read+0xb0/0xb0 [ 1380.553621] __x64_sys_sendmmsg+0x99/0x100 [ 1380.554576] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1380.555740] do_syscall_64+0x33/0x40 [ 1380.556581] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1380.557750] RIP: 0033:0x7fb74c37db19 [ 1380.558591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1380.562751] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1380.564477] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1380.566105] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1380.567722] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1380.569334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1380.570960] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:06:38 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, 0x0, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:06:38 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 60) 07:06:38 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1393.923266] FAULT_INJECTION: forcing a failure. [ 1393.923266] name failslab, interval 1, probability 0, space 0, times 0 [ 1393.924816] CPU: 0 PID: 8626 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1393.925745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1393.926838] Call Trace: [ 1393.927189] dump_stack+0x107/0x167 [ 1393.927662] should_fail.cold+0x5/0xa [ 1393.928155] should_failslab+0x5/0x20 [ 1393.928643] __kmalloc_track_caller+0x79/0x370 [ 1393.929242] ? ip6_setup_cork+0x518/0x1740 [ 1393.929803] kmemdup+0x23/0x50 [ 1393.930211] ip6_setup_cork+0x518/0x1740 [ 1393.930744] ip6_make_skb+0x22c/0x4e0 [ 1393.931236] ? ip_frag_init+0x350/0x350 [ 1393.931749] ? ip6_push_pending_frames+0xf0/0xf0 [ 1393.932356] ? ip6_dst_hoplimit+0x199/0x440 [ 1393.932904] ? lock_downgrade+0x6d0/0x6d0 [ 1393.933443] udpv6_sendmsg+0x2128/0x2b40 [ 1393.933975] ? ip_frag_init+0x350/0x350 [ 1393.934483] ? udp_v6_push_pending_frames+0x360/0x360 [ 1393.935147] ? lock_acquire+0x197/0x470 [ 1393.935663] ? find_held_lock+0x2c/0x110 [ 1393.936182] ? lock_acquire+0x197/0x470 [ 1393.936685] ? find_held_lock+0x2c/0x110 [ 1393.937216] ? sock_has_perm+0x1ea/0x280 [ 1393.937761] ? __import_iovec+0x458/0x590 [ 1393.938296] ? udp_v6_push_pending_frames+0x360/0x360 [ 1393.938965] inet6_sendmsg+0x105/0x140 [ 1393.939456] ? inet6_compat_ioctl+0x320/0x320 [ 1393.940040] __sock_sendmsg+0xf2/0x190 [ 1393.940538] ____sys_sendmsg+0x334/0x870 [ 1393.941061] ? sock_write_iter+0x3d0/0x3d0 [ 1393.941596] ? do_recvmmsg+0x6d0/0x6d0 [ 1393.942106] ? __lock_acquire+0x1657/0x5b00 [ 1393.942661] ___sys_sendmsg+0xf3/0x170 [ 1393.943158] ? sendmsg_copy_msghdr+0x160/0x160 [ 1393.943750] ? vmacache_find+0x55/0x2a0 [ 1393.944264] ? lock_acquire+0x197/0x470 [ 1393.944766] ? find_held_lock+0x2c/0x110 [ 1393.945306] ? __might_fault+0xd3/0x180 [ 1393.945821] ? lock_downgrade+0x6d0/0x6d0 [ 1393.946353] ? asm_exc_page_fault+0x1e/0x30 [ 1393.946914] __sys_sendmmsg+0x195/0x470 [ 1393.947430] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1393.947978] ? lock_downgrade+0x6d0/0x6d0 [ 1393.948513] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1393.949125] ? wait_for_completion_io+0x270/0x270 [ 1393.949757] ? rcu_read_lock_any_held+0x75/0xa0 [ 1393.950360] ? vfs_write+0x354/0xb10 [ 1393.950834] ? fput_many+0x2f/0x1a0 [ 1393.951302] ? ksys_write+0x1a9/0x260 [ 1393.951785] ? __ia32_sys_read+0xb0/0xb0 [ 1393.952301] __x64_sys_sendmmsg+0x99/0x100 [ 1393.952841] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1393.953488] do_syscall_64+0x33/0x40 [ 1393.953972] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1393.954613] RIP: 0033:0x7fb74c37db19 [ 1393.955080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1393.957402] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1393.958400] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1393.959320] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1393.960231] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1393.961153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1393.962104] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:06:38 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 61) 07:06:38 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:38 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1394.149254] FAULT_INJECTION: forcing a failure. [ 1394.149254] name failslab, interval 1, probability 0, space 0, times 0 [ 1394.152132] CPU: 1 PID: 8651 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1394.153660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1394.155505] Call Trace: [ 1394.156092] dump_stack+0x107/0x167 [ 1394.156916] should_fail.cold+0x5/0xa [ 1394.157776] ? create_object.isra.0+0x3a/0xa20 [ 1394.158781] should_failslab+0x5/0x20 [ 1394.159621] kmem_cache_alloc+0x5b/0x310 [ 1394.160530] create_object.isra.0+0x3a/0xa20 [ 1394.161498] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1394.162643] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1394.163780] ? alloc_skb_with_frags+0x92/0x570 [ 1394.164800] __alloc_skb+0xb1/0x5b0 [ 1394.165629] alloc_skb_with_frags+0x92/0x570 [ 1394.166618] sock_alloc_send_pskb+0x7af/0x930 [ 1394.167629] ? sk_alloc+0x350/0x350 [ 1394.168455] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1394.169661] ? SOFTIRQ_verbose+0x10/0x10 [ 1394.170569] ? lock_release+0x680/0x680 [ 1394.171463] ? find_held_lock+0x2c/0x110 [ 1394.172404] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1394.173549] ? ip_frag_init+0x350/0x350 [ 1394.174463] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1394.175533] ? ip6_mtu+0x1e9/0x3d0 [ 1394.176332] ? ip6_setup_cork+0xfb7/0x1740 [ 1394.177280] ip6_make_skb+0x2df/0x4e0 [ 1394.178145] ? ip_frag_init+0x350/0x350 [ 1394.179047] ? ip_frag_init+0x350/0x350 [ 1394.179935] ? ip6_push_pending_frames+0xf0/0xf0 [ 1394.181007] ? ip6_dst_hoplimit+0x199/0x440 [ 1394.181978] ? lock_downgrade+0x6d0/0x6d0 [ 1394.182914] udpv6_sendmsg+0x2128/0x2b40 [ 1394.183834] ? ip_frag_init+0x350/0x350 [ 1394.184760] ? udp_v6_push_pending_frames+0x360/0x360 [ 1394.185936] ? perf_event_task_disable+0x390/0x390 [ 1394.187039] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1394.188127] ? lock_acquire+0x197/0x470 [ 1394.189013] ? find_held_lock+0x2c/0x110 [ 1394.189942] ? sock_has_perm+0x1ea/0x280 [ 1394.190902] ? __import_iovec+0x458/0x590 [ 1394.191858] ? udp_v6_push_pending_frames+0x360/0x360 [ 1394.193018] inet6_sendmsg+0x105/0x140 [ 1394.193902] ? inet6_compat_ioctl+0x320/0x320 [ 1394.194909] __sock_sendmsg+0xf2/0x190 [ 1394.195798] ____sys_sendmsg+0x334/0x870 [ 1394.196722] ? sock_write_iter+0x3d0/0x3d0 [ 1394.197673] ? do_recvmmsg+0x6d0/0x6d0 [ 1394.198560] ? __lock_acquire+0x1657/0x5b00 [ 1394.199561] ___sys_sendmsg+0xf3/0x170 [ 1394.200446] ? sendmsg_copy_msghdr+0x160/0x160 [ 1394.201470] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1394.202470] ? _raw_spin_unlock_irq+0x27/0x30 [ 1394.203473] ? lock_acquire+0x197/0x470 [ 1394.204356] ? find_held_lock+0x2c/0x110 [ 1394.205270] ? __might_fault+0xd3/0x180 [ 1394.206174] ? lock_downgrade+0x6d0/0x6d0 [ 1394.207126] __sys_sendmmsg+0x195/0x470 [ 1394.208010] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1394.208967] ? lock_downgrade+0x6d0/0x6d0 [ 1394.209912] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1394.210997] ? wait_for_completion_io+0x270/0x270 [ 1394.212081] ? rcu_read_lock_any_held+0x75/0xa0 [ 1394.213114] ? vfs_write+0x354/0xb10 [ 1394.213961] ? fput_many+0x2f/0x1a0 [ 1394.214776] ? ksys_write+0x1a9/0x260 [ 1394.215641] ? __ia32_sys_read+0xb0/0xb0 [ 1394.216568] __x64_sys_sendmmsg+0x99/0x100 [ 1394.217520] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1394.218666] do_syscall_64+0x33/0x40 [ 1394.219502] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1394.220661] RIP: 0033:0x7fb74c37db19 [ 1394.221520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1394.225679] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1394.227388] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1394.228984] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1394.230593] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1394.232194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1394.233815] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:06:53 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:53 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:53 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:06:53 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 62) 07:06:53 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:53 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:53 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:06:53 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1409.654650] FAULT_INJECTION: forcing a failure. [ 1409.654650] name failslab, interval 1, probability 0, space 0, times 0 [ 1409.657785] CPU: 1 PID: 8671 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1409.659213] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1409.660910] Call Trace: [ 1409.661461] dump_stack+0x107/0x167 [ 1409.662237] should_fail.cold+0x5/0xa [ 1409.663037] ? __alloc_skb+0x6d/0x5b0 [ 1409.663825] should_failslab+0x5/0x20 [ 1409.664628] kmem_cache_alloc_node+0x55/0x330 [ 1409.665567] __alloc_skb+0x6d/0x5b0 [ 1409.666341] alloc_skb_with_frags+0x92/0x570 [ 1409.667271] sock_alloc_send_pskb+0x7af/0x930 [ 1409.668248] ? sk_alloc+0x350/0x350 [ 1409.669015] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1409.670112] ? SOFTIRQ_verbose+0x10/0x10 [ 1409.670950] ? lock_release+0x680/0x680 [ 1409.671774] ? find_held_lock+0x2c/0x110 [ 1409.672631] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1409.673685] ? ip_frag_init+0x350/0x350 [ 1409.674552] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1409.675557] ? ip6_mtu+0x1e9/0x3d0 [ 1409.676280] ? ip6_setup_cork+0xfb7/0x1740 [ 1409.677139] ip6_make_skb+0x2df/0x4e0 [ 1409.677926] ? ip_frag_init+0x350/0x350 07:06:53 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1409.678765] ? ip_frag_init+0x350/0x350 [ 1409.679764] ? ip6_push_pending_frames+0xf0/0xf0 [ 1409.680769] ? ip6_dst_hoplimit+0x199/0x440 [ 1409.681664] ? lock_downgrade+0x6d0/0x6d0 [ 1409.682546] udpv6_sendmsg+0x2128/0x2b40 07:06:54 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1409.683388] ? ip_frag_init+0x350/0x350 [ 1409.684302] ? udp_v6_push_pending_frames+0x360/0x360 [ 1409.685374] ? perf_event_task_disable+0x390/0x390 [ 1409.686409] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1409.687420] ? lock_acquire+0x197/0x470 [ 1409.688236] ? find_held_lock+0x2c/0x110 [ 1409.689099] ? sock_has_perm+0x1ea/0x280 [ 1409.689977] ? __import_iovec+0x458/0x590 [ 1409.690817] ? udp_v6_push_pending_frames+0x360/0x360 [ 1409.691879] inet6_sendmsg+0x105/0x140 [ 1409.692672] ? inet6_compat_ioctl+0x320/0x320 [ 1409.693600] __sock_sendmsg+0xf2/0x190 [ 1409.694419] ____sys_sendmsg+0x334/0x870 [ 1409.695287] ? sock_write_iter+0x3d0/0x3d0 [ 1409.696171] ? do_recvmmsg+0x6d0/0x6d0 [ 1409.696995] ? __lock_acquire+0x1657/0x5b00 [ 1409.697907] ___sys_sendmsg+0xf3/0x170 [ 1409.698725] ? sendmsg_copy_msghdr+0x160/0x160 [ 1409.699704] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1409.700638] ? _raw_spin_unlock_irq+0x27/0x30 [ 1409.701558] ? lock_acquire+0x197/0x470 [ 1409.702378] ? find_held_lock+0x2c/0x110 [ 1409.703223] ? __might_fault+0xd3/0x180 [ 1409.704037] ? lock_downgrade+0x6d0/0x6d0 [ 1409.704930] __sys_sendmmsg+0x195/0x470 [ 1409.705762] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1409.706659] ? lock_downgrade+0x6d0/0x6d0 [ 1409.707530] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1409.708546] ? wait_for_completion_io+0x270/0x270 [ 1409.709536] ? rcu_read_lock_any_held+0x75/0xa0 [ 1409.710513] ? vfs_write+0x354/0xb10 [ 1409.711303] ? fput_many+0x2f/0x1a0 [ 1409.712076] ? ksys_write+0x1a9/0x260 [ 1409.712884] ? __ia32_sys_read+0xb0/0xb0 [ 1409.713737] __x64_sys_sendmmsg+0x99/0x100 [ 1409.714639] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1409.715729] do_syscall_64+0x33/0x40 [ 1409.716504] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1409.717561] RIP: 0033:0x7fb74c37db19 [ 1409.718330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1409.722094] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1409.723685] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1409.725147] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1409.726626] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1409.728096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1409.729580] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:07:10 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:07:10 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 63) 07:07:10 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1425.812886] FAULT_INJECTION: forcing a failure. [ 1425.812886] name failslab, interval 1, probability 0, space 0, times 0 [ 1425.816088] CPU: 0 PID: 8697 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1425.817783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1425.819863] Call Trace: [ 1425.820527] dump_stack+0x107/0x167 [ 1425.821439] should_fail.cold+0x5/0xa [ 1425.822396] ? create_object.isra.0+0x3a/0xa20 [ 1425.823534] should_failslab+0x5/0x20 [ 1425.824458] kmem_cache_alloc+0x5b/0x310 [ 1425.825483] create_object.isra.0+0x3a/0xa20 [ 1425.826591] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1425.827835] kmem_cache_alloc_node+0x169/0x330 [ 1425.828983] __alloc_skb+0x6d/0x5b0 [ 1425.829899] alloc_skb_with_frags+0x92/0x570 [ 1425.831025] sock_alloc_send_pskb+0x7af/0x930 [ 1425.832153] ? sk_alloc+0x350/0x350 [ 1425.833069] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1425.834393] ? SOFTIRQ_verbose+0x10/0x10 [ 1425.835408] ? lock_release+0x680/0x680 [ 1425.836397] ? find_held_lock+0x2c/0x110 [ 1425.837417] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1425.838673] ? ip_frag_init+0x350/0x350 [ 1425.839682] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1425.840876] ? ip6_mtu+0x1e9/0x3d0 [ 1425.841752] ? ip6_setup_cork+0xfb7/0x1740 [ 1425.842807] ip6_make_skb+0x2df/0x4e0 [ 1425.843738] ? ip_frag_init+0x350/0x350 [ 1425.844694] ? ip_frag_init+0x350/0x350 [ 1425.845650] ? ip6_push_pending_frames+0xf0/0xf0 [ 1425.846817] ? ip6_dst_hoplimit+0x199/0x440 [ 1425.847842] ? lock_downgrade+0x6d0/0x6d0 [ 1425.848873] udpv6_sendmsg+0x2128/0x2b40 [ 1425.849879] ? ip_frag_init+0x350/0x350 [ 1425.850864] ? udp_v6_push_pending_frames+0x360/0x360 [ 1425.852114] ? perf_event_task_disable+0x390/0x390 [ 1425.853305] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1425.854588] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1425.855885] ? trace_hardirqs_on+0x5b/0x180 [ 1425.856928] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1425.858323] ? inet_send_prepare+0x10/0x540 [ 1425.859362] ? __sanitizer_cov_trace_pc+0x3c/0x60 [ 1425.860556] ? udp_v6_push_pending_frames+0x360/0x360 [ 1425.861806] inet6_sendmsg+0x105/0x140 [ 1425.862759] ? inet6_compat_ioctl+0x320/0x320 [ 1425.863874] __sock_sendmsg+0xf2/0x190 [ 1425.864833] ____sys_sendmsg+0x334/0x870 [ 1425.865810] ? sock_write_iter+0x3d0/0x3d0 [ 1425.866835] ? do_recvmmsg+0x6d0/0x6d0 [ 1425.867783] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1425.869064] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1425.870372] ? trace_hardirqs_on+0x5b/0x180 [ 1425.871410] ___sys_sendmsg+0xf3/0x170 [ 1425.872357] ? sendmsg_copy_msghdr+0x160/0x160 [ 1425.873456] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1425.874550] ? _raw_spin_unlock_irq+0x27/0x30 [ 1425.875631] ? finish_task_switch+0x1a4/0x5d0 [ 1425.876726] ? __switch_to+0x572/0xf70 [ 1425.877674] ? __switch_to_asm+0x3a/0x60 [ 1425.878672] ? __switch_to_asm+0x34/0x60 [ 1425.879670] ? __schedule+0x82c/0x1ea0 [ 1425.880605] ? io_schedule_timeout+0x140/0x140 [ 1425.881732] __sys_sendmmsg+0x195/0x470 [ 1425.882704] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1425.883753] ? lock_downgrade+0x6d0/0x6d0 [ 1425.884777] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1425.885930] ? wait_for_completion_io+0x270/0x270 [ 1425.887097] ? rcu_read_lock_any_held+0x75/0xa0 [ 1425.888214] ? vfs_write+0x354/0xb10 [ 1425.889109] ? fput_many+0x2f/0x1a0 [ 1425.890016] ? ksys_write+0x1a9/0x260 [ 1425.890941] ? __ia32_sys_read+0xb0/0xb0 [ 1425.891933] __x64_sys_sendmmsg+0x99/0x100 [ 1425.892963] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1425.894227] do_syscall_64+0x33/0x40 [ 1425.895130] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1425.896371] RIP: 0033:0x7fb74c37db19 [ 1425.897298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1425.901778] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1425.903643] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1425.905384] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1425.907142] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1425.908876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1425.910616] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:07:10 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:10 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:07:26 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 64) 07:07:26 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1442.244756] FAULT_INJECTION: forcing a failure. [ 1442.244756] name failslab, interval 1, probability 0, space 0, times 0 [ 1442.246607] CPU: 1 PID: 8723 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1442.247567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1442.248729] Call Trace: [ 1442.249092] dump_stack+0x107/0x167 [ 1442.249602] should_fail.cold+0x5/0xa [ 1442.250143] should_failslab+0x5/0x20 [ 1442.250677] __kmalloc_node_track_caller+0x74/0x3b0 [ 1442.251374] ? alloc_skb_with_frags+0x92/0x570 [ 1442.252013] __alloc_skb+0xb1/0x5b0 [ 1442.252527] alloc_skb_with_frags+0x92/0x570 [ 1442.253150] sock_alloc_send_pskb+0x7af/0x930 [ 1442.253787] ? sk_alloc+0x350/0x350 [ 1442.254311] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1442.255044] ? SOFTIRQ_verbose+0x10/0x10 [ 1442.255612] ? lock_release+0x680/0x680 [ 1442.256163] ? find_held_lock+0x2c/0x110 [ 1442.256733] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1442.257440] ? ip_frag_init+0x350/0x350 [ 1442.258003] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1442.258683] ? ip6_mtu+0x1e9/0x3d0 [ 1442.259182] ? ip6_setup_cork+0xfb7/0x1740 [ 1442.259776] ip6_make_skb+0x2df/0x4e0 [ 1442.260309] ? ip_frag_init+0x350/0x350 [ 1442.260869] ? ip_frag_init+0x350/0x350 [ 1442.261426] ? ip6_push_pending_frames+0xf0/0xf0 [ 1442.262099] ? ip6_dst_hoplimit+0x199/0x440 [ 1442.262710] ? lock_downgrade+0x6d0/0x6d0 [ 1442.263303] udpv6_sendmsg+0x2128/0x2b40 [ 1442.263879] ? ip_frag_init+0x350/0x350 [ 1442.264444] ? udp_v6_push_pending_frames+0x360/0x360 [ 1442.265173] ? lock_acquire+0x197/0x470 [ 1442.265734] ? find_held_lock+0x2c/0x110 [ 1442.266311] ? lock_acquire+0x197/0x470 [ 1442.266865] ? find_held_lock+0x2c/0x110 [ 1442.267435] ? sock_has_perm+0x1ea/0x280 [ 1442.268023] ? __import_iovec+0x458/0x590 [ 1442.268600] ? udp_v6_push_pending_frames+0x360/0x360 [ 1442.269317] inet6_sendmsg+0x105/0x140 [ 1442.269864] ? inet6_compat_ioctl+0x320/0x320 [ 1442.270505] __sock_sendmsg+0xf2/0x190 [ 1442.271053] ____sys_sendmsg+0x334/0x870 [ 1442.271625] ? sock_write_iter+0x3d0/0x3d0 [ 1442.272209] ? do_recvmmsg+0x6d0/0x6d0 [ 1442.272749] ? __lock_acquire+0x1657/0x5b00 [ 1442.273356] ___sys_sendmsg+0xf3/0x170 [ 1442.273906] ? sendmsg_copy_msghdr+0x160/0x160 [ 1442.274549] ? vmacache_find+0x55/0x2a0 [ 1442.275115] ? lock_acquire+0x197/0x470 [ 1442.275663] ? find_held_lock+0x2c/0x110 [ 1442.276235] ? __might_fault+0xd3/0x180 [ 1442.276790] ? lock_downgrade+0x6d0/0x6d0 [ 1442.277370] ? asm_exc_page_fault+0x1e/0x30 [ 1442.278028] __sys_sendmmsg+0x195/0x470 [ 1442.278614] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1442.279226] ? setup_APIC_eilvt+0x2f0/0x2f0 [ 1442.279827] ? clockevents_program_event+0x131/0x360 [ 1442.280534] ? tick_program_event+0xa8/0x140 [ 1442.281145] ? hrtimer_interrupt+0x771/0x9b0 [ 1442.281766] __x64_sys_sendmmsg+0x99/0x100 [ 1442.282362] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1442.283077] do_syscall_64+0x33/0x40 [ 1442.283593] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1442.284308] RIP: 0033:0x7fb74c37db19 [ 1442.284828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1442.287390] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1442.288444] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1442.289422] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1442.290395] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1442.291339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1442.292283] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:07:26 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 65) 07:07:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1442.368472] FAULT_INJECTION: forcing a failure. [ 1442.368472] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1442.370112] CPU: 1 PID: 8739 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1442.371012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1442.372085] Call Trace: [ 1442.372433] dump_stack+0x107/0x167 [ 1442.372906] should_fail.cold+0x5/0xa [ 1442.373404] _copy_from_user+0x2e/0x1b0 [ 1442.373936] __copy_msghdr_from_user+0x91/0x4b0 [ 1442.374557] ? __ia32_sys_shutdown+0x80/0x80 [ 1442.375136] ? udp_v6_push_pending_frames+0x360/0x360 [ 1442.375823] ? inet6_sendmsg+0xbd/0x140 [ 1442.376338] ? inet6_compat_ioctl+0x320/0x320 [ 1442.376911] ? __sock_sendmsg+0x55/0x190 [ 1442.377439] sendmsg_copy_msghdr+0xa1/0x160 [ 1442.377997] ? do_recvmmsg+0x6d0/0x6d0 [ 1442.378515] ? __lock_acquire+0x1657/0x5b00 [ 1442.379078] ___sys_sendmsg+0xc6/0x170 [ 1442.379579] ? sendmsg_copy_msghdr+0x160/0x160 [ 1442.380172] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1442.380858] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1442.381431] ? trace_hardirqs_on+0x5b/0x180 [ 1442.381998] ? lock_acquire+0x197/0x470 [ 1442.382532] ? find_held_lock+0x2c/0x110 [ 1442.383064] ? __might_fault+0xd3/0x180 [ 1442.383586] ? lock_downgrade+0x6d0/0x6d0 [ 1442.384142] __sys_sendmmsg+0x195/0x470 [ 1442.384675] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1442.385229] ? lock_downgrade+0x6d0/0x6d0 [ 1442.385772] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1442.386396] ? wait_for_completion_io+0x270/0x270 [ 1442.387023] ? rcu_read_lock_any_held+0x75/0xa0 [ 1442.387619] ? vfs_write+0x354/0xb10 [ 1442.388103] ? fput_many+0x2f/0x1a0 [ 1442.388573] ? ksys_write+0x1a9/0x260 [ 1442.389058] ? __ia32_sys_read+0xb0/0xb0 [ 1442.389583] __x64_sys_sendmmsg+0x99/0x100 [ 1442.390147] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1442.390816] do_syscall_64+0x33/0x40 [ 1442.391301] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1442.391965] RIP: 0033:0x7fb74c37db19 [ 1442.392447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1442.394818] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1442.395790] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1442.396698] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1442.397605] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1442.398538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1442.399452] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:07:26 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:26 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 66) 07:07:40 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1456.440333] FAULT_INJECTION: forcing a failure. [ 1456.440333] name failslab, interval 1, probability 0, space 0, times 0 [ 1456.442869] CPU: 1 PID: 8772 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1456.444280] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1456.446001] Call Trace: [ 1456.446586] dump_stack+0x107/0x167 [ 1456.447338] should_fail.cold+0x5/0xa [ 1456.448127] ? lock_release+0x680/0x680 [ 1456.448967] ? skb_clone+0x14f/0x3d0 [ 1456.449768] should_failslab+0x5/0x20 [ 1456.450568] kmem_cache_alloc+0x5b/0x310 [ 1456.451410] skb_clone+0x14f/0x3d0 [ 1456.452154] dev_queue_xmit_nit+0x3a7/0xb00 [ 1456.453076] dev_hard_start_xmit+0xab/0x6f0 [ 1456.453979] __dev_queue_xmit+0x179a/0x2690 [ 1456.454879] ? find_held_lock+0x2c/0x110 [ 1456.455706] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1456.456646] ? lock_downgrade+0x6d0/0x6d0 [ 1456.457494] ? find_held_lock+0x2c/0x110 [ 1456.458350] ? lockdep_hardirqs_on_prepare+0x129/0x3e0 [ 1456.459436] ip6_finish_output2+0x158f/0x1cf0 [ 1456.460382] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1456.461409] ip6_output+0x302/0x9e0 [ 1456.462211] ? __ip6_finish_output.part.0+0xbc0/0xbc0 [ 1456.463310] ip6_local_out+0xd2/0x4c0 [ 1456.464091] ip6_send_skb+0x117/0x460 [ 1456.464874] udp_v6_send_skb+0x7b7/0x1620 [ 1456.465731] udpv6_sendmsg+0x216b/0x2b40 [ 1456.466577] ? ip_frag_init+0x350/0x350 [ 1456.467399] ? udp_v6_push_pending_frames+0x360/0x360 [ 1456.468482] ? trace_hardirqs_on+0x5b/0x180 [ 1456.469377] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1456.470504] ? lock_acquire+0x197/0x470 [ 1456.471346] ? find_held_lock+0x2c/0x110 [ 1456.472197] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1456.473293] ? sock_has_perm+0x1ea/0x280 [ 1456.474164] ? __import_iovec+0x458/0x590 [ 1456.475041] ? udp_v6_push_pending_frames+0x360/0x360 [ 1456.476091] inet6_sendmsg+0x105/0x140 [ 1456.476883] ? inet6_compat_ioctl+0x320/0x320 [ 1456.477827] __sock_sendmsg+0xf2/0x190 07:07:40 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1456.478645] ____sys_sendmsg+0x334/0x870 [ 1456.479717] ? sock_write_iter+0x3d0/0x3d0 [ 1456.480612] ? do_recvmmsg+0x6d0/0x6d0 [ 1456.481403] ? __lock_acquire+0x1657/0x5b00 [ 1456.482321] ___sys_sendmsg+0xf3/0x170 07:07:40 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1456.483127] ? sendmsg_copy_msghdr+0x160/0x160 [ 1456.484244] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1456.485192] ? _raw_spin_unlock_irq+0x27/0x30 [ 1456.486147] ? lock_acquire+0x197/0x470 [ 1456.487036] ? find_held_lock+0x2c/0x110 [ 1456.487914] ? __might_fault+0xd3/0x180 [ 1456.488760] ? lock_downgrade+0x6d0/0x6d0 [ 1456.489662] __sys_sendmmsg+0x195/0x470 [ 1456.490568] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1456.491485] ? lock_downgrade+0x6d0/0x6d0 [ 1456.492378] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1456.493424] ? wait_for_completion_io+0x270/0x270 [ 1456.494475] ? rcu_read_lock_any_held+0x75/0xa0 [ 1456.495461] ? vfs_write+0x354/0xb10 [ 1456.496253] ? fput_many+0x2f/0x1a0 [ 1456.497040] ? ksys_write+0x1a9/0x260 [ 1456.497847] ? __ia32_sys_read+0xb0/0xb0 [ 1456.498729] __x64_sys_sendmmsg+0x99/0x100 [ 1456.499624] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1456.500712] do_syscall_64+0x33/0x40 [ 1456.501518] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1456.502637] RIP: 0033:0x7fb74c37db19 [ 1456.503443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1456.507346] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1456.509041] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1456.510558] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1456.512062] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1456.513608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1456.515118] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:07:40 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:07:40 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:40 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:41 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:53 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 67) 07:07:53 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:07:53 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:53 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:53 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:53 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:53 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:53 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1469.565295] FAULT_INJECTION: forcing a failure. [ 1469.565295] name failslab, interval 1, probability 0, space 0, times 0 [ 1469.567762] CPU: 0 PID: 8819 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1469.569514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1469.571587] Call Trace: [ 1469.572184] dump_stack+0x107/0x167 [ 1469.573005] should_fail.cold+0x5/0xa [ 1469.573863] ? create_object.isra.0+0x3a/0xa20 [ 1469.574901] should_failslab+0x5/0x20 [ 1469.575760] kmem_cache_alloc+0x5b/0x310 [ 1469.576678] create_object.isra.0+0x3a/0xa20 [ 1469.577661] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1469.578822] kmem_cache_alloc_trace+0x151/0x320 [ 1469.579878] ip6_setup_cork+0x1e4/0x1740 07:07:53 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1469.580804] ip6_make_skb+0x22c/0x4e0 [ 1469.581819] ? ip_frag_init+0x350/0x350 [ 1469.582734] ? ip6_push_pending_frames+0xf0/0xf0 [ 1469.583811] ? ip6_dst_hoplimit+0x199/0x440 [ 1469.584791] ? lock_downgrade+0x6d0/0x6d0 [ 1469.585749] udpv6_sendmsg+0x2128/0x2b40 [ 1469.586683] ? ip_frag_init+0x350/0x350 [ 1469.587590] ? udp_v6_push_pending_frames+0x360/0x360 [ 1469.588760] ? perf_event_task_disable+0x390/0x390 [ 1469.589878] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1469.590984] ? lock_acquire+0x197/0x470 [ 1469.591880] ? find_held_lock+0x2c/0x110 [ 1469.592809] ? sock_has_perm+0x1ea/0x280 [ 1469.593753] ? __import_iovec+0x458/0x590 [ 1469.594699] ? udp_v6_push_pending_frames+0x360/0x360 [ 1469.595864] inet6_sendmsg+0x105/0x140 [ 1469.596739] ? inet6_compat_ioctl+0x320/0x320 [ 1469.597755] __sock_sendmsg+0xf2/0x190 [ 1469.598644] ____sys_sendmsg+0x334/0x870 [ 1469.599569] ? sock_write_iter+0x3d0/0x3d0 [ 1469.600527] ? do_recvmmsg+0x6d0/0x6d0 [ 1469.601415] ? __lock_acquire+0x1657/0x5b00 [ 1469.602405] ___sys_sendmsg+0xf3/0x170 [ 1469.603303] ? sendmsg_copy_msghdr+0x160/0x160 [ 1469.604339] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1469.605351] ? _raw_spin_unlock_irq+0x27/0x30 [ 1469.606378] ? lock_acquire+0x197/0x470 [ 1469.607282] ? find_held_lock+0x2c/0x110 [ 1469.608207] ? __might_fault+0xd3/0x180 [ 1469.609106] ? lock_downgrade+0x6d0/0x6d0 [ 1469.610070] __sys_sendmmsg+0x195/0x470 [ 1469.610987] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1469.611965] ? lock_downgrade+0x6d0/0x6d0 [ 1469.612922] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1469.614018] ? wait_for_completion_io+0x270/0x270 [ 1469.615126] ? rcu_read_lock_any_held+0x75/0xa0 [ 1469.616181] ? vfs_write+0x354/0xb10 [ 1469.617024] ? fput_many+0x2f/0x1a0 [ 1469.617852] ? ksys_write+0x1a9/0x260 [ 1469.618724] ? __ia32_sys_read+0xb0/0xb0 [ 1469.619653] __x64_sys_sendmmsg+0x99/0x100 [ 1469.620615] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1469.621779] do_syscall_64+0x33/0x40 [ 1469.622629] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1469.623796] RIP: 0033:0x7fb74c37db19 [ 1469.624633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1469.628847] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1469.630584] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1469.632192] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1469.633811] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1469.635438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1469.637055] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:07:53 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:53 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:54 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, 0x0, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:07:54 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:54 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:54 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:07:54 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, 0x0, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:08:07 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 68) 07:08:07 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1483.074497] FAULT_INJECTION: forcing a failure. [ 1483.074497] name failslab, interval 1, probability 0, space 0, times 0 [ 1483.077413] CPU: 0 PID: 8855 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1483.078970] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1483.080843] Call Trace: [ 1483.081448] dump_stack+0x107/0x167 [ 1483.082273] should_fail.cold+0x5/0xa [ 1483.083146] ? create_object.isra.0+0x3a/0xa20 [ 1483.084179] should_failslab+0x5/0x20 [ 1483.085043] kmem_cache_alloc+0x5b/0x310 [ 1483.085962] ? lock_downgrade+0x6d0/0x6d0 [ 1483.086919] create_object.isra.0+0x3a/0xa20 [ 1483.087911] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1483.089068] __kmalloc_track_caller+0x177/0x370 [ 1483.090125] ? ip6_setup_cork+0x518/0x1740 [ 1483.091098] kmemdup+0x23/0x50 [ 1483.091829] ip6_setup_cork+0x518/0x1740 [ 1483.092760] ip6_make_skb+0x22c/0x4e0 [ 1483.093631] ? ip_frag_init+0x350/0x350 [ 1483.094531] ? ip6_push_pending_frames+0xf0/0xf0 [ 1483.095623] ? ip6_dst_hoplimit+0x199/0x440 [ 1483.096602] ? lock_downgrade+0x6d0/0x6d0 [ 1483.097556] udpv6_sendmsg+0x2128/0x2b40 [ 1483.098482] ? ip_frag_init+0x350/0x350 [ 1483.099403] ? udp_v6_push_pending_frames+0x360/0x360 [ 1483.100579] ? perf_event_task_disable+0x390/0x390 [ 1483.101699] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1483.102808] ? lock_acquire+0x197/0x470 [ 1483.103708] ? find_held_lock+0x2c/0x110 [ 1483.104644] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1483.105827] ? sock_has_perm+0x1ea/0x280 [ 1483.106784] ? __import_iovec+0x458/0x590 [ 1483.107724] ? udp_v6_push_pending_frames+0x360/0x360 [ 1483.108891] inet6_sendmsg+0x105/0x140 [ 1483.109774] ? inet6_compat_ioctl+0x320/0x320 [ 1483.110810] __sock_sendmsg+0xf2/0x190 [ 1483.111691] ____sys_sendmsg+0x334/0x870 [ 1483.112616] ? sock_write_iter+0x3d0/0x3d0 [ 1483.113573] ? do_recvmmsg+0x6d0/0x6d0 [ 1483.114459] ? __lock_acquire+0x1657/0x5b00 [ 1483.115452] ___sys_sendmsg+0xf3/0x170 [ 1483.116332] ? sendmsg_copy_msghdr+0x160/0x160 [ 1483.117365] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1483.118376] ? _raw_spin_unlock_irq+0x27/0x30 [ 1483.119399] ? lock_acquire+0x197/0x470 [ 1483.120302] ? find_held_lock+0x2c/0x110 [ 1483.121227] ? __might_fault+0xd3/0x180 [ 1483.122131] ? lock_downgrade+0x6d0/0x6d0 [ 1483.123102] __sys_sendmmsg+0x195/0x470 [ 1483.124005] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1483.124980] ? lock_downgrade+0x6d0/0x6d0 [ 1483.125931] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1483.127033] ? wait_for_completion_io+0x270/0x270 [ 1483.128127] ? rcu_read_lock_any_held+0x75/0xa0 [ 1483.129172] ? vfs_write+0x354/0xb10 [ 1483.130012] ? fput_many+0x2f/0x1a0 [ 1483.130844] ? ksys_write+0x1a9/0x260 [ 1483.131704] ? __ia32_sys_read+0xb0/0xb0 [ 1483.132628] __x64_sys_sendmmsg+0x99/0x100 [ 1483.133592] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1483.134765] do_syscall_64+0x33/0x40 [ 1483.135603] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1483.136759] RIP: 0033:0x7fb74c37db19 [ 1483.137597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1483.141756] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1483.143480] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1483.145088] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1483.146701] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1483.148308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1483.149921] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:08:07 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, 0x0, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:08:07 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:07 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 69) 07:08:24 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:08:24 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1500.084841] FAULT_INJECTION: forcing a failure. [ 1500.084841] name failslab, interval 1, probability 0, space 0, times 0 [ 1500.087824] CPU: 1 PID: 8895 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1500.089259] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1500.091033] Call Trace: [ 1500.091585] dump_stack+0x107/0x167 [ 1500.092349] should_fail.cold+0x5/0xa [ 1500.093144] ? create_object.isra.0+0x3a/0xa20 [ 1500.094103] should_failslab+0x5/0x20 [ 1500.094913] kmem_cache_alloc+0x5b/0x310 [ 1500.095769] create_object.isra.0+0x3a/0xa20 [ 1500.096681] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1500.097747] __kmalloc_track_caller+0x177/0x370 [ 1500.098709] ? ip6_setup_cork+0x518/0x1740 [ 1500.099603] kmemdup+0x23/0x50 [ 1500.100270] ip6_setup_cork+0x518/0x1740 [ 1500.101136] ip6_make_skb+0x22c/0x4e0 [ 1500.101948] ? ip_frag_init+0x350/0x350 [ 1500.102794] ? ip6_push_pending_frames+0xf0/0xf0 [ 1500.103799] ? ip6_dst_hoplimit+0x199/0x440 [ 1500.104701] ? lock_downgrade+0x6d0/0x6d0 [ 1500.105601] udpv6_sendmsg+0x2128/0x2b40 [ 1500.106466] ? ip_frag_init+0x350/0x350 [ 1500.107317] ? udp_v6_push_pending_frames+0x360/0x360 [ 1500.108414] ? trace_hardirqs_on+0x5b/0x180 [ 1500.109330] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1500.110482] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1500.111636] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1500.112735] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1500.113876] ? trace_hardirqs_on+0x5b/0x180 [ 1500.114786] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1500.115923] ? inet_send_prepare+0x5a/0x540 [ 1500.116824] ? inet_send_prepare+0xd5/0x540 [ 1500.117719] ? __sanitizer_cov_trace_pc+0x4/0x60 [ 1500.118701] ? udp_v6_push_pending_frames+0x360/0x360 [ 1500.119785] inet6_sendmsg+0x105/0x140 [ 1500.120603] ? inet6_compat_ioctl+0x320/0x320 [ 1500.121547] __sock_sendmsg+0xf2/0x190 [ 1500.122364] ____sys_sendmsg+0x334/0x870 [ 1500.123220] ? sock_write_iter+0x3d0/0x3d0 [ 1500.124100] ? do_recvmmsg+0x6d0/0x6d0 [ 1500.124919] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1500.126005] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1500.127125] ? trace_hardirqs_on+0x5b/0x180 [ 1500.128039] ___sys_sendmsg+0xf3/0x170 [ 1500.128867] ? sendmsg_copy_msghdr+0x160/0x160 [ 1500.129815] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1500.130768] ? _raw_spin_unlock_irq+0x27/0x30 [ 1500.131710] ? finish_task_switch+0x126/0x5d0 [ 1500.132629] ? finish_task_switch+0xef/0x5d0 [ 1500.133541] ? __switch_to+0x572/0xf70 [ 1500.134355] ? __switch_to_asm+0x3a/0x60 [ 1500.135208] ? __switch_to_asm+0x34/0x60 [ 1500.136053] ? __schedule+0x82c/0x1ea0 [ 1500.136871] ? io_schedule_timeout+0x140/0x140 [ 1500.137905] __sys_sendmmsg+0x195/0x470 [ 1500.138778] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1500.139678] ? lock_downgrade+0x6d0/0x6d0 [ 1500.140566] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1500.141577] ? wait_for_completion_io+0x270/0x270 [ 1500.142584] ? rcu_read_lock_any_held+0x75/0xa0 [ 1500.143562] ? vfs_write+0x354/0xb10 [ 1500.144353] ? fput_many+0x2f/0x1a0 [ 1500.145120] ? ksys_write+0x1a9/0x260 [ 1500.145916] ? __ia32_sys_read+0xb0/0xb0 [ 1500.146783] __x64_sys_sendmmsg+0x99/0x100 [ 1500.147669] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1500.148746] do_syscall_64+0x33/0x40 [ 1500.149531] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1500.150598] RIP: 0033:0x7fb74c37db19 [ 1500.151390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1500.155230] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1500.156832] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1500.158310] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1500.159815] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1500.161320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1500.162818] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:08:24 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:08:24 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:08:39 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 70) 07:08:39 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1514.804104] FAULT_INJECTION: forcing a failure. [ 1514.804104] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1514.807231] CPU: 0 PID: 8945 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1514.808754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1514.810583] Call Trace: [ 1514.811193] dump_stack+0x107/0x167 [ 1514.812002] should_fail.cold+0x5/0xa [ 1514.812859] _copy_from_user+0x2e/0x1b0 [ 1514.813767] __copy_msghdr_from_user+0x91/0x4b0 [ 1514.814803] ? __ia32_sys_shutdown+0x80/0x80 [ 1514.815817] sendmsg_copy_msghdr+0xa1/0x160 [ 1514.816776] ? do_recvmmsg+0x6d0/0x6d0 [ 1514.817667] ___sys_sendmsg+0xc6/0x170 [ 1514.818562] ? sendmsg_copy_msghdr+0x160/0x160 [ 1514.819596] ? __schedule+0x88e/0x1ea0 [ 1514.820482] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1514.821647] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1514.822851] ? trace_hardirqs_on+0x5b/0x180 [ 1514.823807] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1514.825033] ? __sys_sendmmsg+0x254/0x470 [ 1514.825969] __sys_sendmmsg+0x195/0x470 [ 1514.826862] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1514.827819] ? lock_downgrade+0x6d0/0x6d0 [ 1514.828763] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1514.829849] ? wait_for_completion_io+0x270/0x270 [ 1514.830923] ? rcu_read_lock_any_held+0x75/0xa0 [ 1514.831986] ? vfs_write+0x354/0xb10 [ 1514.832815] ? fput_many+0x2f/0x1a0 [ 1514.833646] ? ksys_write+0x1a9/0x260 [ 1514.834497] ? __ia32_sys_read+0xb0/0xb0 [ 1514.835432] __x64_sys_sendmmsg+0x99/0x100 [ 1514.836382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1514.837548] do_syscall_64+0x33/0x40 [ 1514.838392] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1514.839558] RIP: 0033:0x7fb74c37db19 [ 1514.840400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1514.844580] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1514.846304] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1514.847911] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1514.849513] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1514.851121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1514.852717] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:08:39 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 71) 07:08:39 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:39 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1515.038436] FAULT_INJECTION: forcing a failure. [ 1515.038436] name failslab, interval 1, probability 0, space 0, times 0 [ 1515.041046] CPU: 1 PID: 8960 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1515.042479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1515.044228] Call Trace: [ 1515.044781] dump_stack+0x107/0x167 [ 1515.045547] should_fail.cold+0x5/0xa [ 1515.046336] ? create_object.isra.0+0x3a/0xa20 [ 1515.047304] should_failslab+0x5/0x20 [ 1515.048104] kmem_cache_alloc+0x5b/0x310 [ 1515.048954] create_object.isra.0+0x3a/0xa20 [ 1515.049871] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1515.050951] kmem_cache_alloc_node+0x169/0x330 [ 1515.051913] __alloc_skb+0x6d/0x5b0 [ 1515.052686] alloc_skb_with_frags+0x92/0x570 [ 1515.053623] sock_alloc_send_pskb+0x7af/0x930 [ 1515.054566] ? sk_alloc+0x350/0x350 [ 1515.055359] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1515.056452] ? SOFTIRQ_verbose+0x10/0x10 [ 1515.057310] ? lock_release+0x680/0x680 [ 1515.058128] ? find_held_lock+0x2c/0x110 [ 1515.059006] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1515.060070] ? ip_frag_init+0x350/0x350 [ 1515.060911] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1515.061927] ? ip6_mtu+0x1e9/0x3d0 [ 1515.062671] ? ip6_setup_cork+0xfb7/0x1740 [ 1515.063566] ip6_make_skb+0x2df/0x4e0 [ 1515.064362] ? ip_frag_init+0x350/0x350 [ 1515.065206] ? ip_frag_init+0x350/0x350 [ 1515.066054] ? ip6_push_pending_frames+0xf0/0xf0 [ 1515.067056] ? ip6_dst_hoplimit+0x199/0x440 [ 1515.067976] ? lock_downgrade+0x6d0/0x6d0 [ 1515.068859] udpv6_sendmsg+0x2128/0x2b40 [ 1515.069722] ? ip_frag_init+0x350/0x350 [ 1515.070586] ? udp_v6_push_pending_frames+0x360/0x360 [ 1515.071688] ? lock_acquire+0x197/0x470 [ 1515.072527] ? find_held_lock+0x2c/0x110 [ 1515.073390] ? lock_acquire+0x197/0x470 [ 1515.074215] ? find_held_lock+0x2c/0x110 [ 1515.075098] ? sock_has_perm+0x1ea/0x280 [ 1515.075972] ? __import_iovec+0x458/0x590 [ 1515.076833] ? udp_v6_push_pending_frames+0x360/0x360 [ 1515.077925] inet6_sendmsg+0x105/0x140 [ 1515.078734] ? inet6_compat_ioctl+0x320/0x320 [ 1515.079681] __sock_sendmsg+0xf2/0x190 [ 1515.080505] ____sys_sendmsg+0x334/0x870 [ 1515.081357] ? sock_write_iter+0x3d0/0x3d0 [ 1515.082239] ? do_recvmmsg+0x6d0/0x6d0 [ 1515.083069] ? __lock_acquire+0x1657/0x5b00 [ 1515.084003] ___sys_sendmsg+0xf3/0x170 [ 1515.084816] ? sendmsg_copy_msghdr+0x160/0x160 [ 1515.085765] ? vmacache_find+0x55/0x2a0 [ 1515.086606] ? lock_acquire+0x197/0x470 [ 1515.087452] ? find_held_lock+0x2c/0x110 [ 1515.088322] ? __might_fault+0xd3/0x180 [ 1515.089159] ? lock_downgrade+0x6d0/0x6d0 [ 1515.090026] ? asm_exc_page_fault+0x1e/0x30 [ 1515.090966] __sys_sendmmsg+0x195/0x470 [ 1515.091790] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1515.092710] ? lock_downgrade+0x6d0/0x6d0 [ 1515.093594] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1515.094593] ? wait_for_completion_io+0x270/0x270 [ 1515.095621] ? rcu_read_lock_any_held+0x75/0xa0 [ 1515.096601] ? vfs_write+0x354/0xb10 [ 1515.097371] ? fput_many+0x2f/0x1a0 [ 1515.098127] ? ksys_write+0x1a9/0x260 [ 1515.098933] ? __ia32_sys_read+0xb0/0xb0 [ 1515.099806] __x64_sys_sendmmsg+0x99/0x100 [ 1515.100702] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1515.101793] do_syscall_64+0x33/0x40 [ 1515.102572] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1515.103665] RIP: 0033:0x7fb74c37db19 [ 1515.104437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1515.108312] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1515.109898] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1515.111384] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1515.112876] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1515.114353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1515.115848] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:08:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:08:58 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 72) 07:08:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 4: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/43, 0x2b}, {&(0x7f00000003c0)=""/240, 0xf0}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/202, 0xca}, {&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000000680)=""/105, 0x69}, {&(0x7f0000000700)=""/185, 0xb9}], 0x7, &(0x7f0000000840)=""/83, 0x53}, 0x2100) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:08:58 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1533.981243] FAULT_INJECTION: forcing a failure. [ 1533.981243] name failslab, interval 1, probability 0, space 0, times 0 [ 1533.984059] CPU: 0 PID: 8987 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1533.985700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1533.987703] Call Trace: [ 1533.988343] dump_stack+0x107/0x167 [ 1533.989225] should_fail.cold+0x5/0xa [ 1533.990151] should_failslab+0x5/0x20 [ 1533.991070] __kmalloc_node_track_caller+0x74/0x3b0 [ 1533.992287] ? alloc_skb_with_frags+0x92/0x570 [ 1533.993397] __alloc_skb+0xb1/0x5b0 [ 1533.994281] alloc_skb_with_frags+0x92/0x570 [ 1533.995358] sock_alloc_send_pskb+0x7af/0x930 [ 1533.996466] ? sk_alloc+0x350/0x350 [ 1533.997353] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1533.998622] ? SOFTIRQ_verbose+0x10/0x10 [ 1533.999601] ? lock_release+0x680/0x680 [ 1534.000552] ? find_held_lock+0x2c/0x110 [ 1534.001529] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1534.002740] ? ip_frag_init+0x350/0x350 [ 1534.003711] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1534.004884] ? ip6_mtu+0x1e9/0x3d0 [ 1534.005741] ? ip6_setup_cork+0xfb7/0x1740 [ 1534.006756] ip6_make_skb+0x2df/0x4e0 [ 1534.007686] ? ip_frag_init+0x350/0x350 [ 1534.008648] ? ip_frag_init+0x350/0x350 [ 1534.009603] ? ip6_push_pending_frames+0xf0/0xf0 [ 1534.010743] ? ip6_dst_hoplimit+0x199/0x440 [ 1534.011795] ? lock_downgrade+0x6d0/0x6d0 [ 1534.012814] udpv6_sendmsg+0x2128/0x2b40 [ 1534.013790] ? ip_frag_init+0x350/0x350 [ 1534.014775] ? udp_v6_push_pending_frames+0x360/0x360 [ 1534.016019] ? perf_event_task_disable+0x390/0x390 [ 1534.017194] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1534.018359] ? lock_acquire+0x197/0x470 [ 1534.019307] ? find_held_lock+0x2c/0x110 [ 1534.020292] ? sock_has_perm+0x1ea/0x280 [ 1534.021286] ? __import_iovec+0x458/0x590 [ 1534.022260] ? udp_v6_push_pending_frames+0x360/0x360 [ 1534.023487] inet6_sendmsg+0x105/0x140 [ 1534.024409] ? inet6_compat_ioctl+0x320/0x320 [ 1534.025468] __sock_sendmsg+0xf2/0x190 [ 1534.026393] ____sys_sendmsg+0x334/0x870 [ 1534.027372] ? sock_write_iter+0x3d0/0x3d0 [ 1534.028379] ? do_recvmmsg+0x6d0/0x6d0 [ 1534.029306] ? __lock_acquire+0x1657/0x5b00 [ 1534.030350] ___sys_sendmsg+0xf3/0x170 [ 1534.031289] ? sendmsg_copy_msghdr+0x160/0x160 [ 1534.032374] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1534.033439] ? _raw_spin_unlock_irq+0x27/0x30 [ 1534.034488] ? lock_acquire+0x197/0x470 07:08:58 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1534.035423] ? find_held_lock+0x2c/0x110 [ 1534.036573] ? __might_fault+0xd3/0x180 [ 1534.037512] ? lock_downgrade+0x6d0/0x6d0 [ 1534.038518] __sys_sendmmsg+0x195/0x470 [ 1534.039489] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1534.040508] ? lock_downgrade+0x6d0/0x6d0 [ 1534.041505] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1534.042641] ? wait_for_completion_io+0x270/0x270 [ 1534.044011] ? rcu_read_lock_any_held+0x75/0xa0 [ 1534.045218] ? vfs_write+0x354/0xb10 [ 1534.046096] ? fput_many+0x2f/0x1a0 [ 1534.046975] ? ksys_write+0x1a9/0x260 [ 1534.047888] ? __ia32_sys_read+0xb0/0xb0 [ 1534.048858] __x64_sys_sendmmsg+0x99/0x100 [ 1534.049855] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1534.051053] do_syscall_64+0x33/0x40 [ 1534.051951] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1534.053150] RIP: 0033:0x7fb74c37db19 [ 1534.054022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1534.058294] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1534.060078] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1534.061733] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1534.063407] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1534.065068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1534.066735] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:08:58 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:08:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:08:58 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 73) [ 1534.465805] FAULT_INJECTION: forcing a failure. [ 1534.465805] name failslab, interval 1, probability 0, space 0, times 0 [ 1534.468487] CPU: 0 PID: 9010 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1534.469910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1534.471615] Call Trace: [ 1534.472159] dump_stack+0x107/0x167 [ 1534.472905] should_fail.cold+0x5/0xa [ 1534.473694] ? create_object.isra.0+0x3a/0xa20 [ 1534.474645] should_failslab+0x5/0x20 [ 1534.475439] kmem_cache_alloc+0x5b/0x310 [ 1534.476271] create_object.isra.0+0x3a/0xa20 [ 1534.477181] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1534.478232] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1534.479290] ? alloc_skb_with_frags+0x92/0x570 [ 1534.480231] __alloc_skb+0xb1/0x5b0 [ 1534.480986] alloc_skb_with_frags+0x92/0x570 [ 1534.481892] sock_alloc_send_pskb+0x7af/0x930 [ 1534.482828] ? sk_alloc+0x350/0x350 [ 1534.483594] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1534.484679] ? SOFTIRQ_verbose+0x10/0x10 [ 1534.485533] ? find_held_lock+0x2c/0x110 [ 1534.486375] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1534.487429] ? ip_frag_init+0x350/0x350 [ 1534.488260] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1534.489256] ? ip6_mtu+0x1e9/0x3d0 [ 1534.489991] ? ip6_setup_cork+0xfb7/0x1740 [ 1534.490857] ip6_make_skb+0x2df/0x4e0 [ 1534.491653] ? ip_frag_init+0x350/0x350 [ 1534.492470] ? ip_frag_init+0x350/0x350 [ 1534.493297] ? ip6_push_pending_frames+0xf0/0xf0 [ 1534.494274] ? ip6_dst_hoplimit+0x199/0x440 [ 1534.495176] ? lock_downgrade+0x6d0/0x6d0 [ 1534.496061] udpv6_sendmsg+0x2128/0x2b40 [ 1534.496916] ? ip_frag_init+0x350/0x350 [ 1534.497751] ? udp_v6_push_pending_frames+0x360/0x360 [ 1534.498817] ? perf_event_task_disable+0x390/0x390 [ 1534.499857] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1534.500857] ? lock_acquire+0x197/0x470 [ 1534.501687] ? find_held_lock+0x2c/0x110 [ 1534.502532] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1534.503667] ? trace_hardirqs_on+0x5b/0x180 [ 1534.504555] ? sock_has_perm+0x1ea/0x280 [ 1534.505422] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1534.506520] ? trace_hardirqs_on+0x5b/0x180 [ 1534.507434] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1534.508548] ? udp_v6_push_pending_frames+0x360/0x360 [ 1534.509645] inet6_sendmsg+0x105/0x140 [ 1534.510454] ? inet6_compat_ioctl+0x320/0x320 [ 1534.511396] __sock_sendmsg+0xf2/0x190 [ 1534.512203] ____sys_sendmsg+0x334/0x870 [ 1534.513054] ? sock_write_iter+0x3d0/0x3d0 [ 1534.513918] ? do_recvmmsg+0x6d0/0x6d0 [ 1534.514744] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1534.515832] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1534.516965] ? trace_hardirqs_on+0x5b/0x180 [ 1534.517862] ___sys_sendmsg+0xf3/0x170 [ 1534.518687] ? sendmsg_copy_msghdr+0x160/0x160 [ 1534.519640] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1534.520563] ? _raw_spin_unlock_irq+0x27/0x30 [ 1534.521498] ? finish_task_switch+0x126/0x5d0 [ 1534.522410] ? finish_task_switch+0xef/0x5d0 [ 1534.523350] ? __switch_to+0x572/0xf70 [ 1534.524150] ? __switch_to_asm+0x3a/0x60 [ 1534.525001] ? __switch_to_asm+0x34/0x60 [ 1534.525850] ? __schedule+0x82c/0x1ea0 [ 1534.526676] ? io_schedule_timeout+0x140/0x140 [ 1534.527651] __sys_sendmmsg+0x195/0x470 [ 1534.528492] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1534.529380] ? lock_downgrade+0x6d0/0x6d0 [ 1534.530264] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1534.531283] ? wait_for_completion_io+0x270/0x270 [ 1534.532282] ? rcu_read_lock_any_held+0x75/0xa0 [ 1534.533265] ? vfs_write+0x354/0xb10 [ 1534.534036] ? fput_many+0x2f/0x1a0 [ 1534.534803] ? ksys_write+0x1a9/0x260 [ 1534.535877] ? __ia32_sys_read+0xb0/0xb0 [ 1534.536928] __x64_sys_sendmmsg+0x99/0x100 [ 1534.538002] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1534.539347] do_syscall_64+0x33/0x40 [ 1534.540187] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1534.541280] RIP: 0033:0x7fb74c37db19 [ 1534.542071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1534.545962] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1534.547576] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1534.549089] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1534.550601] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1534.552140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1534.553643] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:09:12 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 3: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:09:12 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 74) [ 1548.352435] FAULT_INJECTION: forcing a failure. [ 1548.352435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1548.355757] CPU: 1 PID: 9016 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1548.357525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1548.359673] Call Trace: [ 1548.360354] dump_stack+0x107/0x167 [ 1548.361299] should_fail.cold+0x5/0xa [ 1548.362297] _copy_from_user+0x2e/0x1b0 [ 1548.363360] __copy_msghdr_from_user+0x91/0x4b0 [ 1548.364561] ? __ia32_sys_shutdown+0x80/0x80 [ 1548.365717] ? udp_v6_push_pending_frames+0x360/0x360 [ 1548.367057] ? inet6_sendmsg+0xbd/0x140 [ 1548.368099] ? inet6_compat_ioctl+0x320/0x320 [ 1548.369256] ? __sock_sendmsg+0x55/0x190 [ 1548.370325] sendmsg_copy_msghdr+0xa1/0x160 [ 1548.371628] ? do_recvmmsg+0x6d0/0x6d0 [ 1548.372634] ? __lock_acquire+0x1657/0x5b00 [ 1548.373749] ___sys_sendmsg+0xc6/0x170 [ 1548.374745] ? sendmsg_copy_msghdr+0x160/0x160 [ 1548.375931] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1548.377066] ? _raw_spin_unlock_irq+0x27/0x30 [ 1548.378214] ? lock_acquire+0x197/0x470 [ 1548.379217] ? find_held_lock+0x2c/0x110 [ 1548.380171] ? __might_fault+0xd3/0x180 [ 1548.381016] ? lock_downgrade+0x6d0/0x6d0 [ 1548.381909] __sys_sendmmsg+0x195/0x470 [ 1548.382749] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1548.383659] ? lock_downgrade+0x6d0/0x6d0 [ 1548.384554] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1548.385573] ? wait_for_completion_io+0x270/0x270 [ 1548.386582] ? rcu_read_lock_any_held+0x75/0xa0 [ 1548.387568] ? vfs_write+0x354/0xb10 [ 1548.388352] ? fput_many+0x2f/0x1a0 [ 1548.389118] ? ksys_write+0x1a9/0x260 [ 1548.389917] ? __ia32_sys_read+0xb0/0xb0 [ 1548.390779] __x64_sys_sendmmsg+0x99/0x100 [ 1548.391681] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1548.392765] do_syscall_64+0x33/0x40 [ 1548.393556] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1548.394633] RIP: 0033:0x7fb74c37db19 [ 1548.395572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1548.400217] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1548.402138] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1548.403948] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1548.405748] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1548.407551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1548.409349] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:09:12 executing program 3: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 75) 07:09:12 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 3: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xfffffffb) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:12 executing program 3: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1548.702389] FAULT_INJECTION: forcing a failure. [ 1548.702389] name failslab, interval 1, probability 0, space 0, times 0 [ 1548.705147] CPU: 1 PID: 9052 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1548.706710] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1548.708631] Call Trace: [ 1548.709235] dump_stack+0x107/0x167 [ 1548.710077] should_fail.cold+0x5/0xa [ 1548.710964] ? ip6_setup_cork+0x1e4/0x1740 [ 1548.711949] should_failslab+0x5/0x20 [ 1548.712830] kmem_cache_alloc_trace+0x55/0x320 [ 1548.713882] ip6_setup_cork+0x1e4/0x1740 [ 1548.714821] ip6_make_skb+0x22c/0x4e0 [ 1548.715716] ? ip_frag_init+0x350/0x350 [ 1548.716643] ? ip6_push_pending_frames+0xf0/0xf0 [ 1548.717750] ? ip6_dst_hoplimit+0x199/0x440 [ 1548.718735] ? lock_downgrade+0x6d0/0x6d0 [ 1548.719712] udpv6_sendmsg+0x2128/0x2b40 [ 1548.720662] ? ip_frag_init+0x350/0x350 [ 1548.721603] ? udp_v6_push_pending_frames+0x360/0x360 [ 1548.722781] ? lock_acquire+0x197/0x470 [ 1548.723679] ? find_held_lock+0x2c/0x110 [ 1548.724601] ? lock_acquire+0x197/0x470 [ 1548.725490] ? find_held_lock+0x2c/0x110 [ 1548.726420] ? sock_has_perm+0x1ea/0x280 [ 1548.727370] ? __import_iovec+0x458/0x590 [ 1548.728300] ? udp_v6_push_pending_frames+0x360/0x360 [ 1548.729457] inet6_sendmsg+0x105/0x140 [ 1548.730334] ? inet6_compat_ioctl+0x320/0x320 [ 1548.731358] __sock_sendmsg+0xf2/0x190 [ 1548.732232] ____sys_sendmsg+0x334/0x870 [ 1548.733150] ? sock_write_iter+0x3d0/0x3d0 [ 1548.734114] ? do_recvmmsg+0x6d0/0x6d0 [ 1548.734992] ? __lock_acquire+0x1657/0x5b00 [ 1548.735983] ___sys_sendmsg+0xf3/0x170 [ 1548.736867] ? sendmsg_copy_msghdr+0x160/0x160 [ 1548.737889] ? vmacache_find+0x55/0x2a0 [ 1548.738810] ? lock_acquire+0x197/0x470 [ 1548.739712] ? find_held_lock+0x2c/0x110 [ 1548.740628] ? __might_fault+0xd3/0x180 [ 1548.741511] ? lock_downgrade+0x6d0/0x6d0 [ 1548.742430] ? asm_exc_page_fault+0x1e/0x30 [ 1548.743416] __sys_sendmmsg+0x195/0x470 [ 1548.744305] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1548.745268] ? lock_downgrade+0x6d0/0x6d0 [ 1548.746203] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1548.747288] ? wait_for_completion_io+0x270/0x270 [ 1548.748370] ? rcu_read_lock_any_held+0x75/0xa0 [ 1548.749397] ? vfs_write+0x354/0xb10 [ 1548.750221] ? fput_many+0x2f/0x1a0 [ 1548.751028] ? ksys_write+0x1a9/0x260 [ 1548.751879] ? __ia32_sys_read+0xb0/0xb0 [ 1548.752787] __x64_sys_sendmmsg+0x99/0x100 [ 1548.753725] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1548.754863] do_syscall_64+0x33/0x40 [ 1548.755698] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1548.756835] RIP: 0033:0x7fb74c37db19 [ 1548.757657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1548.761713] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1548.763391] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1548.764953] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1548.766514] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1548.768084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1548.769646] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:09:26 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:09:26 executing program 3: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 76) 07:09:26 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 4: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6d7cf708bc06516e}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x6, 0x2, 0x0, 0x0, [@loopback, @private0, @rand_addr=' \x01\x00']}, 0x38) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) 07:09:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, 0x0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1562.313356] FAULT_INJECTION: forcing a failure. [ 1562.313356] name failslab, interval 1, probability 0, space 0, times 0 [ 1562.315880] CPU: 0 PID: 9065 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1562.317347] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1562.319121] Call Trace: [ 1562.319696] dump_stack+0x107/0x167 [ 1562.320475] should_fail.cold+0x5/0xa [ 1562.321289] ? lock_release+0x680/0x680 [ 1562.322146] ? skb_clone+0x14f/0x3d0 [ 1562.322945] should_failslab+0x5/0x20 [ 1562.323766] kmem_cache_alloc+0x5b/0x310 [ 1562.324650] skb_clone+0x14f/0x3d0 [ 1562.325421] dev_queue_xmit_nit+0x3a7/0xb00 [ 1562.326362] dev_hard_start_xmit+0xab/0x6f0 [ 1562.327307] __dev_queue_xmit+0x179a/0x2690 [ 1562.328251] ? find_held_lock+0x2c/0x110 [ 1562.329128] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1562.330116] ? lock_downgrade+0x6d0/0x6d0 [ 1562.331004] ? find_held_lock+0x2c/0x110 [ 1562.331908] ? lockdep_hardirqs_on_prepare+0x129/0x3e0 [ 1562.333027] ip6_finish_output2+0x158f/0x1cf0 [ 1562.334012] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1562.335093] ip6_output+0x302/0x9e0 [ 1562.335897] ? __ip6_finish_output.part.0+0xbc0/0xbc0 [ 1562.337009] ip6_local_out+0xd2/0x4c0 [ 1562.337834] ip6_send_skb+0x117/0x460 [ 1562.338662] udp_v6_send_skb+0x7b7/0x1620 [ 1562.339585] udpv6_sendmsg+0x216b/0x2b40 [ 1562.340464] ? ip_frag_init+0x350/0x350 [ 1562.341333] ? udp_v6_push_pending_frames+0x360/0x360 [ 1562.342450] ? perf_event_task_disable+0x390/0x390 [ 1562.343517] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1562.344560] ? lock_acquire+0x197/0x470 [ 1562.345413] ? find_held_lock+0x2c/0x110 [ 1562.346309] ? sock_has_perm+0x1ea/0x280 [ 1562.347210] ? __import_iovec+0x458/0x590 [ 1562.348104] ? udp_v6_push_pending_frames+0x360/0x360 [ 1562.349212] inet6_sendmsg+0x105/0x140 [ 1562.350050] ? inet6_compat_ioctl+0x320/0x320 [ 1562.351010] __sock_sendmsg+0xf2/0x190 [ 1562.351859] ____sys_sendmsg+0x334/0x870 [ 1562.352745] ? sock_write_iter+0x3d0/0x3d0 [ 1562.353653] ? do_recvmmsg+0x6d0/0x6d0 [ 1562.354494] ? __lock_acquire+0x1657/0x5b00 [ 1562.355444] ___sys_sendmsg+0xf3/0x170 [ 1562.356289] ? sendmsg_copy_msghdr+0x160/0x160 [ 1562.357277] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1562.358234] ? _raw_spin_unlock_irq+0x27/0x30 [ 1562.359206] ? lock_acquire+0x197/0x470 [ 1562.360067] ? find_held_lock+0x2c/0x110 [ 1562.360957] ? __might_fault+0xd3/0x180 [ 1562.361813] ? lock_downgrade+0x6d0/0x6d0 [ 1562.362734] __sys_sendmmsg+0x195/0x470 [ 1562.363610] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1562.364534] ? lock_downgrade+0x6d0/0x6d0 [ 1562.365445] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1562.366484] ? wait_for_completion_io+0x270/0x270 [ 1562.367530] ? rcu_read_lock_any_held+0x75/0xa0 [ 1562.368524] ? vfs_write+0x354/0xb10 [ 1562.369331] ? fput_many+0x2f/0x1a0 [ 1562.370118] ? ksys_write+0x1a9/0x260 [ 1562.370938] ? __ia32_sys_read+0xb0/0xb0 [ 1562.371832] __x64_sys_sendmmsg+0x99/0x100 [ 1562.372744] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1562.373851] do_syscall_64+0x33/0x40 [ 1562.374651] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1562.375759] RIP: 0033:0x7fb74c37db19 [ 1562.376560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1562.380525] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1562.382161] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1562.383695] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1562.385228] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1562.386772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1562.388310] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:09:26 executing program 3: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:09:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, 0x0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:09:41 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, 0x0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 77) 07:09:41 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1577.321360] FAULT_INJECTION: forcing a failure. [ 1577.321360] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.324208] CPU: 1 PID: 9102 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1577.325776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.327540] Call Trace: [ 1577.328117] dump_stack+0x107/0x167 [ 1577.328897] should_fail.cold+0x5/0xa [ 1577.329714] should_failslab+0x5/0x20 [ 1577.330528] __kmalloc_track_caller+0x79/0x370 [ 1577.331499] ? ip6_setup_cork+0x518/0x1740 [ 1577.332424] kmemdup+0x23/0x50 [ 1577.333108] ip6_setup_cork+0x518/0x1740 [ 1577.333981] ip6_make_skb+0x22c/0x4e0 [ 1577.334793] ? ip_frag_init+0x350/0x350 [ 1577.335649] ? ip6_push_pending_frames+0xf0/0xf0 [ 1577.336662] ? ip6_dst_hoplimit+0x199/0x440 [ 1577.337576] ? lock_downgrade+0x6d0/0x6d0 [ 1577.338475] udpv6_sendmsg+0x2128/0x2b40 [ 1577.339355] ? ip_frag_init+0x350/0x350 [ 1577.340218] ? udp_v6_push_pending_frames+0x360/0x360 [ 1577.341325] ? perf_event_task_disable+0x390/0x390 [ 1577.342379] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1577.343415] ? lock_acquire+0x197/0x470 [ 1577.344274] ? find_held_lock+0x2c/0x110 [ 1577.345154] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1577.346314] ? sock_has_perm+0x1ea/0x280 [ 1577.347208] ? __import_iovec+0x458/0x590 [ 1577.348101] ? udp_v6_push_pending_frames+0x360/0x360 [ 1577.349208] inet6_sendmsg+0x105/0x140 [ 1577.350039] ? inet6_compat_ioctl+0x320/0x320 [ 1577.351010] __sock_sendmsg+0xf2/0x190 [ 1577.351860] ____sys_sendmsg+0x334/0x870 [ 1577.352735] ? sock_write_iter+0x3d0/0x3d0 [ 1577.353633] ? do_recvmmsg+0x6d0/0x6d0 [ 1577.354463] ? __lock_acquire+0x1657/0x5b00 [ 1577.355398] ___sys_sendmsg+0xf3/0x170 [ 1577.356239] ? sendmsg_copy_msghdr+0x160/0x160 [ 1577.357215] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1577.358177] ? _raw_spin_unlock_irq+0x27/0x30 [ 1577.359148] ? lock_acquire+0x197/0x470 [ 1577.360017] ? find_held_lock+0x2c/0x110 [ 1577.360895] ? __might_fault+0xd3/0x180 [ 1577.361748] ? lock_downgrade+0x6d0/0x6d0 [ 1577.362663] __sys_sendmmsg+0x195/0x470 [ 1577.363525] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1577.364460] ? lock_downgrade+0x6d0/0x6d0 [ 1577.365448] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1577.366486] ? wait_for_completion_io+0x270/0x270 [ 1577.367525] ? rcu_read_lock_any_held+0x75/0xa0 [ 1577.368514] ? vfs_write+0x354/0xb10 [ 1577.369300] ? fput_many+0x2f/0x1a0 [ 1577.370066] ? ksys_write+0x1a9/0x260 [ 1577.370865] ? __ia32_sys_read+0xb0/0xb0 [ 1577.371742] __x64_sys_sendmmsg+0x99/0x100 [ 1577.372739] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.373842] do_syscall_64+0x33/0x40 [ 1577.374653] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.375789] RIP: 0033:0x7fb74c37db19 [ 1577.376591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.380563] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1577.382192] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1577.383735] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1577.385243] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.386753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1577.388299] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:09:41 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xfffffffb) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:41 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 78) 07:09:41 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xfffffffb) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1577.632990] FAULT_INJECTION: forcing a failure. [ 1577.632990] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.635887] CPU: 1 PID: 9125 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1577.637321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.639072] Call Trace: [ 1577.639650] dump_stack+0x107/0x167 [ 1577.640418] should_fail.cold+0x5/0xa [ 1577.641220] ? create_object.isra.0+0x3a/0xa20 [ 1577.642188] should_failslab+0x5/0x20 [ 1577.642990] kmem_cache_alloc+0x5b/0x310 [ 1577.643847] ? lock_downgrade+0x6d0/0x6d0 [ 1577.644722] create_object.isra.0+0x3a/0xa20 [ 1577.645647] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.646713] __kmalloc_track_caller+0x177/0x370 [ 1577.647687] ? ip6_setup_cork+0x518/0x1740 [ 1577.648580] kmemdup+0x23/0x50 [ 1577.649250] ip6_setup_cork+0x518/0x1740 [ 1577.650105] ip6_make_skb+0x22c/0x4e0 [ 1577.650902] ? ip_frag_init+0x350/0x350 [ 1577.651750] ? ip6_push_pending_frames+0xf0/0xf0 [ 1577.652750] ? ip6_dst_hoplimit+0x199/0x440 [ 1577.653661] ? lock_downgrade+0x6d0/0x6d0 [ 1577.654546] udpv6_sendmsg+0x2128/0x2b40 [ 1577.655400] ? ip_frag_init+0x350/0x350 [ 1577.656254] ? udp_v6_push_pending_frames+0x360/0x360 [ 1577.657338] ? perf_event_task_disable+0x390/0x390 [ 1577.658372] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1577.659385] ? lock_acquire+0x197/0x470 [ 1577.660227] ? find_held_lock+0x2c/0x110 [ 1577.661094] ? sock_has_perm+0x1ea/0x280 [ 1577.661967] ? __import_iovec+0x458/0x590 [ 1577.662841] ? udp_v6_push_pending_frames+0x360/0x360 [ 1577.663927] inet6_sendmsg+0x105/0x140 [ 1577.664747] ? inet6_compat_ioctl+0x320/0x320 [ 1577.665693] __sock_sendmsg+0xf2/0x190 [ 1577.666511] ____sys_sendmsg+0x334/0x870 [ 1577.667366] ? sock_write_iter+0x3d0/0x3d0 [ 1577.668265] ? do_recvmmsg+0x6d0/0x6d0 [ 1577.669091] ? __lock_acquire+0x1657/0x5b00 [ 1577.670009] ___sys_sendmsg+0xf3/0x170 [ 1577.670838] ? sendmsg_copy_msghdr+0x160/0x160 [ 1577.671812] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1577.672753] ? _raw_spin_unlock_irq+0x27/0x30 [ 1577.673702] ? lock_acquire+0x197/0x470 [ 1577.674536] ? find_held_lock+0x2c/0x110 [ 1577.675399] ? __might_fault+0xd3/0x180 [ 1577.676246] ? lock_downgrade+0x6d0/0x6d0 [ 1577.677141] __sys_sendmmsg+0x195/0x470 [ 1577.677992] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1577.678900] ? lock_downgrade+0x6d0/0x6d0 [ 1577.679802] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1577.680819] ? wait_for_completion_io+0x270/0x270 [ 1577.681835] ? rcu_read_lock_any_held+0x75/0xa0 [ 1577.682818] ? vfs_write+0x354/0xb10 [ 1577.683617] ? fput_many+0x2f/0x1a0 [ 1577.684384] ? ksys_write+0x1a9/0x260 [ 1577.685195] ? __ia32_sys_read+0xb0/0xb0 [ 1577.686072] __x64_sys_sendmmsg+0x99/0x100 [ 1577.686978] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.688075] do_syscall_64+0x33/0x40 [ 1577.688862] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.689943] RIP: 0033:0x7fb74c37db19 [ 1577.690735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.694637] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1577.696264] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1577.697779] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1577.699292] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.700807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1577.702317] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1594.168377] FAULT_INJECTION: forcing a failure. [ 1594.168377] name failslab, interval 1, probability 0, space 0, times 0 [ 1594.170903] CPU: 1 PID: 9135 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1594.172357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1594.174109] Call Trace: [ 1594.174674] dump_stack+0x107/0x167 [ 1594.175444] should_fail.cold+0x5/0xa [ 1594.176257] should_failslab+0x5/0x20 [ 1594.177071] __kmalloc_node_track_caller+0x74/0x3b0 [ 1594.178120] ? alloc_skb_with_frags+0x92/0x570 [ 1594.179093] __alloc_skb+0xb1/0x5b0 [ 1594.179874] alloc_skb_with_frags+0x92/0x570 [ 1594.180812] sock_alloc_send_pskb+0x7af/0x930 [ 1594.181789] ? sk_alloc+0x350/0x350 [ 1594.182567] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1594.183673] ? SOFTIRQ_verbose+0x10/0x10 [ 1594.184546] ? lock_release+0x680/0x680 [ 1594.185390] ? find_held_lock+0x2c/0x110 [ 1594.186259] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1594.187337] ? ip_frag_init+0x350/0x350 [ 1594.188204] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1594.189228] ? ip6_mtu+0x1e9/0x3d0 [ 1594.189984] ? ip6_setup_cork+0xfb7/0x1740 07:09:58 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:09:58 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 79) 07:09:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 4: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6d7cf708bc06516e}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x0, 0x6, 0x2, 0x69, 0x0, [@loopback, @private0, @rand_addr=' \x01\x00']}, 0x38) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) 07:09:58 executing program 2: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6d7cf708bc06516e}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x0, 0x6, 0x2, 0x69, 0x0, [@loopback, @private0, @rand_addr=' \x01\x00']}, 0x38) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) 07:09:58 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200), 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1594.190963] ip6_make_skb+0x2df/0x4e0 [ 1594.191933] ? ip_frag_init+0x350/0x350 [ 1594.192829] ? ip_frag_init+0x350/0x350 [ 1594.193677] ? ip6_push_pending_frames+0xf0/0xf0 [ 1594.194695] ? ip6_dst_hoplimit+0x199/0x440 [ 1594.195611] ? lock_downgrade+0x6d0/0x6d0 [ 1594.196516] udpv6_sendmsg+0x2128/0x2b40 [ 1594.197378] ? ip_frag_init+0x350/0x350 [ 1594.198220] ? udp_v6_push_pending_frames+0x360/0x360 [ 1594.199323] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1594.200438] ? trace_hardirqs_on+0x5b/0x180 [ 1594.201378] ? lock_acquire+0x1b9/0x470 [ 1594.202232] ? find_held_lock+0x2c/0x110 [ 1594.203103] ? sock_has_perm+0x1ea/0x280 [ 1594.203982] ? inet6_sendmsg+0x14/0x140 [ 1594.204830] ? udp_v6_push_pending_frames+0x360/0x360 [ 1594.205919] inet6_sendmsg+0x105/0x140 [ 1594.206741] ? inet6_compat_ioctl+0x320/0x320 [ 1594.207711] __sock_sendmsg+0xf2/0x190 [ 1594.208561] ____sys_sendmsg+0x334/0x870 [ 1594.209423] ? sock_write_iter+0x3d0/0x3d0 [ 1594.210307] ? do_recvmmsg+0x6d0/0x6d0 [ 1594.211145] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1594.212266] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1594.213414] ? trace_hardirqs_on+0x5b/0x180 [ 1594.214338] ___sys_sendmsg+0xf3/0x170 [ 1594.215170] ? sendmsg_copy_msghdr+0x160/0x160 [ 1594.216162] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1594.217113] ? _raw_spin_unlock_irq+0x27/0x30 [ 1594.218063] ? finish_task_switch+0x126/0x5d0 [ 1594.219002] ? finish_task_switch+0xef/0x5d0 [ 1594.219932] ? __switch_to+0x572/0xf70 [ 1594.220757] ? __switch_to_asm+0x3a/0x60 [ 1594.221612] ? __switch_to_asm+0x34/0x60 [ 1594.222480] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1594.223576] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1594.224730] ? trace_hardirqs_on+0x5b/0x180 [ 1594.225669] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1594.226829] __sys_sendmmsg+0x195/0x470 [ 1594.227667] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1594.228577] ? lock_downgrade+0x6d0/0x6d0 [ 1594.229463] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1594.230493] ? wait_for_completion_io+0x270/0x270 [ 1594.231512] ? rcu_read_lock_any_held+0x75/0xa0 [ 1594.232511] ? vfs_write+0x354/0xb10 [ 1594.233291] ? fput_many+0x2f/0x1a0 [ 1594.234056] ? ksys_write+0x1a9/0x260 [ 1594.234864] ? __ia32_sys_read+0xb0/0xb0 [ 1594.235733] __x64_sys_sendmmsg+0x99/0x100 [ 1594.236637] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1594.237756] do_syscall_64+0x33/0x40 [ 1594.238531] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1594.239622] RIP: 0033:0x7fb74c37db19 [ 1594.240401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1594.244266] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1594.245879] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1594.247367] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1594.248889] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1594.250399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1594.251908] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:09:58 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200), 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:09:58 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 80) 07:09:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1594.612879] FAULT_INJECTION: forcing a failure. [ 1594.612879] name failslab, interval 1, probability 0, space 0, times 0 [ 1594.615747] CPU: 0 PID: 9167 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1594.617183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1594.618938] Call Trace: [ 1594.619491] dump_stack+0x107/0x167 [ 1594.620266] should_fail.cold+0x5/0xa [ 1594.621054] ? create_object.isra.0+0x3a/0xa20 [ 1594.621995] should_failslab+0x5/0x20 [ 1594.622797] kmem_cache_alloc+0x5b/0x310 [ 1594.623654] create_object.isra.0+0x3a/0xa20 [ 1594.624594] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1594.625661] kmem_cache_alloc_node+0x169/0x330 [ 1594.626643] __alloc_skb+0x6d/0x5b0 [ 1594.627421] alloc_skb_with_frags+0x92/0x570 [ 1594.628368] sock_alloc_send_pskb+0x7af/0x930 [ 1594.629329] ? sk_alloc+0x350/0x350 [ 1594.630080] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1594.631187] ? SOFTIRQ_verbose+0x10/0x10 [ 1594.632042] ? lock_release+0x680/0x680 [ 1594.632876] ? find_held_lock+0x2c/0x110 [ 1594.633739] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1594.634814] ? ip_frag_init+0x350/0x350 [ 1594.635645] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1594.636675] ? ip6_mtu+0x1e9/0x3d0 [ 1594.637423] ? ip6_setup_cork+0xfb7/0x1740 [ 1594.638306] ip6_make_skb+0x2df/0x4e0 [ 1594.639100] ? ip_frag_init+0x350/0x350 [ 1594.639949] ? ip_frag_init+0x350/0x350 [ 1594.640800] ? ip6_push_pending_frames+0xf0/0xf0 [ 1594.641808] ? ip6_dst_hoplimit+0x199/0x440 [ 1594.642721] ? lock_downgrade+0x6d0/0x6d0 [ 1594.643612] udpv6_sendmsg+0x2128/0x2b40 [ 1594.644472] ? ip_frag_init+0x350/0x350 [ 1594.645331] ? udp_v6_push_pending_frames+0x360/0x360 [ 1594.646415] ? perf_event_task_disable+0x390/0x390 [ 1594.647446] ? lock_acquire+0x197/0x470 [ 1594.648278] ? find_held_lock+0x2c/0x110 [ 1594.649135] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1594.650265] ? trace_hardirqs_on+0x5b/0x180 [ 1594.651158] ? sock_has_perm+0x1ea/0x280 [ 1594.652040] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1594.653132] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1594.654255] ? trace_hardirqs_on+0x5b/0x180 [ 1594.655159] ? udp_v6_push_pending_frames+0x360/0x360 [ 1594.656245] inet6_sendmsg+0x105/0x140 [ 1594.657058] ? inet6_compat_ioctl+0x320/0x320 [ 1594.657995] __sock_sendmsg+0xf2/0x190 [ 1594.658804] ____sys_sendmsg+0x334/0x870 [ 1594.659650] ? sock_write_iter+0x3d0/0x3d0 [ 1594.660548] ? do_recvmmsg+0x6d0/0x6d0 [ 1594.661368] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1594.662452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1594.663574] ? trace_hardirqs_on+0x5b/0x180 [ 1594.664493] ___sys_sendmsg+0xf3/0x170 [ 1594.665325] ? sendmsg_copy_msghdr+0x160/0x160 [ 1594.666283] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1594.667220] ? _raw_spin_unlock_irq+0x27/0x30 [ 1594.668173] ? finish_task_switch+0x126/0x5d0 [ 1594.669116] ? finish_task_switch+0xef/0x5d0 [ 1594.670020] ? __switch_to+0x572/0xf70 [ 1594.670845] ? __switch_to_asm+0x3a/0x60 [ 1594.671696] ? __switch_to_asm+0x34/0x60 [ 1594.672547] ? __schedule+0x82c/0x1ea0 [ 1594.673382] ? io_schedule_timeout+0x140/0x140 [ 1594.674344] __sys_sendmmsg+0x195/0x470 [ 1594.675176] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1594.676068] ? lock_downgrade+0x6d0/0x6d0 [ 1594.676942] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1594.677939] ? wait_for_completion_io+0x270/0x270 [ 1594.678937] ? rcu_read_lock_any_held+0x75/0xa0 [ 1594.679899] ? vfs_write+0x354/0xb10 [ 1594.680672] ? fput_many+0x2f/0x1a0 [ 1594.681425] ? ksys_write+0x1a9/0x260 [ 1594.682214] ? __ia32_sys_read+0xb0/0xb0 [ 1594.683070] __x64_sys_sendmmsg+0x99/0x100 [ 1594.683958] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1594.685034] do_syscall_64+0x33/0x40 [ 1594.685809] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1594.686858] RIP: 0033:0x7fb74c37db19 [ 1594.687640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1594.691464] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1594.693051] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1594.694537] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1594.696036] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1594.697509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1594.698981] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:10:13 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:10:13 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:13 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 81) 07:10:13 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:13 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 07:10:13 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200), 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:13 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 07:10:13 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1608.808293] FAULT_INJECTION: forcing a failure. [ 1608.808293] name failslab, interval 1, probability 0, space 0, times 0 [ 1608.809822] CPU: 0 PID: 9186 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1608.810595] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1608.811559] Call Trace: [ 1608.811869] dump_stack+0x107/0x167 [ 1608.812294] should_fail.cold+0x5/0xa [ 1608.812725] ? create_object.isra.0+0x3a/0xa20 [ 1608.813247] should_failslab+0x5/0x20 [ 1608.813675] kmem_cache_alloc+0x5b/0x310 [ 1608.814132] create_object.isra.0+0x3a/0xa20 [ 1608.814617] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1608.815192] kmem_cache_alloc_node+0x169/0x330 [ 1608.815716] __alloc_skb+0x6d/0x5b0 [ 1608.816151] alloc_skb_with_frags+0x92/0x570 [ 1608.816658] sock_alloc_send_pskb+0x7af/0x930 [ 1608.817175] ? sk_alloc+0x350/0x350 [ 1608.817591] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1608.818181] ? SOFTIRQ_verbose+0x10/0x10 [ 1608.818650] ? lock_release+0x680/0x680 [ 1608.819112] ? find_held_lock+0x2c/0x110 [ 1608.819579] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1608.820170] ? ip_frag_init+0x350/0x350 [ 1608.820632] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1608.821180] ? ip6_mtu+0x1e9/0x3d0 [ 1608.821587] ? ip6_setup_cork+0xfb7/0x1740 [ 1608.822060] ip6_make_skb+0x2df/0x4e0 [ 1608.822479] ? ip_frag_init+0x350/0x350 [ 1608.822938] ? ip_frag_init+0x350/0x350 [ 1608.823394] ? ip6_push_pending_frames+0xf0/0xf0 [ 1608.823948] ? ip6_dst_hoplimit+0x199/0x440 [ 1608.824443] ? lock_downgrade+0x6d0/0x6d0 [ 1608.824929] udpv6_sendmsg+0x2128/0x2b40 [ 1608.825399] ? ip_frag_init+0x350/0x350 [ 1608.825856] ? udp_v6_push_pending_frames+0x360/0x360 [ 1608.826431] ? perf_event_task_disable+0x390/0x390 [ 1608.827002] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1608.827556] ? lock_acquire+0x197/0x470 [ 1608.828005] ? find_held_lock+0x2c/0x110 [ 1608.828478] ? sock_has_perm+0x1ea/0x280 [ 1608.828956] ? __import_iovec+0x458/0x590 [ 1608.829425] ? udp_v6_push_pending_frames+0x360/0x360 [ 1608.830025] inet6_sendmsg+0x105/0x140 [ 1608.830456] ? inet6_compat_ioctl+0x320/0x320 [ 1608.830959] __sock_sendmsg+0xf2/0x190 [ 1608.831403] ____sys_sendmsg+0x334/0x870 [ 1608.831869] ? sock_write_iter+0x3d0/0x3d0 [ 1608.832356] ? do_recvmmsg+0x6d0/0x6d0 [ 1608.832791] ? __lock_acquire+0x1657/0x5b00 [ 1608.833286] ___sys_sendmsg+0xf3/0x170 [ 1608.833724] ? sendmsg_copy_msghdr+0x160/0x160 [ 1608.834237] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1608.834841] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1608.835342] ? trace_hardirqs_on+0x5b/0x180 [ 1608.835849] ? lock_acquire+0x197/0x470 [ 1608.836307] ? find_held_lock+0x2c/0x110 [ 1608.836777] ? __might_fault+0xd3/0x180 [ 1608.837238] ? lock_downgrade+0x6d0/0x6d0 [ 1608.837710] __sys_sendmmsg+0x195/0x470 [ 1608.838163] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1608.838651] ? lock_downgrade+0x6d0/0x6d0 [ 1608.839130] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1608.839679] ? wait_for_completion_io+0x270/0x270 [ 1608.840252] ? rcu_read_lock_any_held+0x75/0xa0 [ 1608.840779] ? vfs_write+0x354/0xb10 [ 1608.841207] ? fput_many+0x2f/0x1a0 [ 1608.841636] ? ksys_write+0x1a9/0x260 [ 1608.842078] ? __ia32_sys_read+0xb0/0xb0 [ 1608.842545] __x64_sys_sendmmsg+0x99/0x100 [ 1608.843047] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1608.843639] do_syscall_64+0x33/0x40 [ 1608.844085] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1608.844679] RIP: 0033:0x7fb74c37db19 [ 1608.845107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1608.847202] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1608.848028] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1608.848794] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1608.849559] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1608.850327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1608.851091] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1608.865127] FAULT_INJECTION: forcing a failure. [ 1608.865127] name failslab, interval 1, probability 0, space 0, times 0 [ 1608.866735] CPU: 0 PID: 9178 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1608.867536] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1608.868525] Call Trace: [ 1608.868839] dump_stack+0x107/0x167 [ 1608.869238] should_fail.cold+0x5/0xa [ 1608.869678] should_failslab+0x5/0x20 [ 1608.870143] kmem_cache_alloc_bulk+0x4b/0x320 07:10:13 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:13 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1608.870670] io_submit_sqes+0x6fe6/0x8610 [ 1608.871374] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1608.871952] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1608.872510] ? find_held_lock+0x2c/0x110 [ 1608.872982] ? io_submit_sqes+0x8610/0x8610 [ 1608.873486] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1608.874021] ? wait_for_completion_io+0x270/0x270 [ 1608.874583] ? rcu_read_lock_any_held+0x75/0xa0 [ 1608.875115] ? vfs_write+0x354/0xb10 [ 1608.875528] ? fput_many+0x2f/0x1a0 [ 1608.875958] ? ksys_write+0x1a9/0x260 [ 1608.876400] ? __ia32_sys_read+0xb0/0xb0 [ 1608.876884] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1608.877482] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1608.878081] do_syscall_64+0x33/0x40 [ 1608.878505] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1608.879061] RIP: 0033:0x7fd7cd959b19 [ 1608.879478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1608.881534] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1608.882404] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1608.883222] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1608.884045] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1608.884839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1608.885653] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 07:10:13 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:10:13 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:13 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:10:13 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:13 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:13 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xe, 0x0, 0x0, 0x0) 07:10:30 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 07:10:30 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 82) 07:10:30 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:10:30 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x11, 0x0, 0x0, 0x0) [ 1625.985177] FAULT_INJECTION: forcing a failure. [ 1625.985177] name failslab, interval 1, probability 0, space 0, times 0 [ 1625.987197] CPU: 1 PID: 9221 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1625.988388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1625.989811] Call Trace: [ 1625.990301] dump_stack+0x107/0x167 [ 1625.990958] should_fail.cold+0x5/0xa [ 1625.991552] ? __alloc_skb+0x6d/0x5b0 [ 1625.992170] should_failslab+0x5/0x20 [ 1625.992776] kmem_cache_alloc_node+0x55/0x330 [ 1625.993538] __alloc_skb+0x6d/0x5b0 [ 1625.994124] alloc_skb_with_frags+0x92/0x570 [ 1625.994822] sock_alloc_send_pskb+0x7af/0x930 [ 1625.995560] ? sk_alloc+0x350/0x350 [ 1625.996156] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1625.996975] ? SOFTIRQ_verbose+0x10/0x10 [ 1625.997663] ? lock_release+0x680/0x680 [ 1625.998305] ? find_held_lock+0x2c/0x110 [ 1625.998997] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1625.999791] ? ip_frag_init+0x350/0x350 [ 1626.000435] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1626.001241] ? ip6_mtu+0x1e9/0x3d0 [ 1626.001856] ? ip6_setup_cork+0xfb7/0x1740 [ 1626.002584] ip6_make_skb+0x2df/0x4e0 [ 1626.003257] ? ip_frag_init+0x350/0x350 [ 1626.003976] ? ip_frag_init+0x350/0x350 [ 1626.004644] ? ip6_push_pending_frames+0xf0/0xf0 [ 1626.005417] ? ip6_dst_hoplimit+0x199/0x440 [ 1626.006266] ? lock_downgrade+0x6d0/0x6d0 [ 1626.007103] udpv6_sendmsg+0x2128/0x2b40 [ 1626.007899] ? ip_frag_init+0x350/0x350 [ 1626.008695] ? udp_v6_push_pending_frames+0x360/0x360 [ 1626.009707] ? perf_event_task_disable+0x390/0x390 [ 1626.010666] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1626.011606] ? lock_acquire+0x197/0x470 [ 1626.012381] ? find_held_lock+0x2c/0x110 [ 1626.013180] ? sock_has_perm+0x1ea/0x280 [ 1626.014004] ? __import_iovec+0x458/0x590 [ 1626.014830] ? udp_v6_push_pending_frames+0x360/0x360 [ 1626.015827] inet6_sendmsg+0x105/0x140 [ 1626.016575] ? inet6_compat_ioctl+0x320/0x320 [ 1626.017439] __sock_sendmsg+0xf2/0x190 [ 1626.018204] ____sys_sendmsg+0x334/0x870 [ 1626.018985] ? sock_write_iter+0x3d0/0x3d0 [ 1626.019802] ? do_recvmmsg+0x6d0/0x6d0 [ 1626.020548] ? __lock_acquire+0x1657/0x5b00 [ 1626.021392] ___sys_sendmsg+0xf3/0x170 [ 1626.022150] ? sendmsg_copy_msghdr+0x160/0x160 [ 1626.023036] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1626.023893] ? _raw_spin_unlock_irq+0x27/0x30 [ 1626.024790] ? lock_acquire+0x197/0x470 [ 1626.025561] ? find_held_lock+0x2c/0x110 [ 1626.026353] ? __might_fault+0xd3/0x180 [ 1626.027012] ? lock_downgrade+0x6d0/0x6d0 [ 1626.027701] __sys_sendmmsg+0x195/0x470 [ 1626.028352] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1626.029043] ? lock_downgrade+0x6d0/0x6d0 [ 1626.029687] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.030453] ? wait_for_completion_io+0x270/0x270 [ 1626.031209] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.031925] ? vfs_write+0x354/0xb10 [ 1626.032517] ? fput_many+0x2f/0x1a0 [ 1626.033089] ? ksys_write+0x1a9/0x260 [ 1626.033709] ? __ia32_sys_read+0xb0/0xb0 [ 1626.034353] __x64_sys_sendmmsg+0x99/0x100 [ 1626.035031] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.035842] do_syscall_64+0x33/0x40 [ 1626.036445] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.037257] RIP: 0033:0x7fb74c37db19 [ 1626.037830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.040654] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1626.041827] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1626.042918] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1626.044022] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.045125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1626.046222] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1626.048208] FAULT_INJECTION: forcing a failure. [ 1626.048208] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.049929] CPU: 1 PID: 9218 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1626.051004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.052332] Call Trace: [ 1626.052745] dump_stack+0x107/0x167 [ 1626.053332] should_fail.cold+0x5/0xa [ 1626.053936] ? create_object.isra.0+0x3a/0xa20 [ 1626.054660] should_failslab+0x5/0x20 [ 1626.055260] kmem_cache_alloc+0x5b/0x310 [ 1626.055906] create_object.isra.0+0x3a/0xa20 [ 1626.056607] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.057403] kmem_cache_alloc_bulk+0x168/0x320 [ 1626.058123] io_submit_sqes+0x6fe6/0x8610 [ 1626.058835] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1626.059751] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1626.060655] ? find_held_lock+0x2c/0x110 [ 1626.061272] ? io_submit_sqes+0x8610/0x8610 [ 1626.061995] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.062762] ? wait_for_completion_io+0x270/0x270 [ 1626.063533] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.064319] ? vfs_write+0x354/0xb10 [ 1626.064920] ? fput_many+0x2f/0x1a0 [ 1626.065487] ? ksys_write+0x1a9/0x260 [ 1626.066135] ? __ia32_sys_read+0xb0/0xb0 [ 1626.066763] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.067607] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.068456] do_syscall_64+0x33/0x40 [ 1626.069127] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.069964] RIP: 0033:0x7fd7cd959b19 [ 1626.070577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.073566] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.074883] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1626.076080] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1626.077350] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.078573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1626.079692] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 07:10:30 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) 07:10:30 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x36, 0x0, 0x0, 0x0) 07:10:30 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 83) 07:10:30 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1626.212030] FAULT_INJECTION: forcing a failure. [ 1626.212030] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.214607] CPU: 0 PID: 9240 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1626.216053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.217844] Call Trace: [ 1626.218400] dump_stack+0x107/0x167 [ 1626.219171] should_fail.cold+0x5/0xa [ 1626.219972] ? create_object.isra.0+0x3a/0xa20 [ 1626.220965] should_failslab+0x5/0x20 [ 1626.221762] kmem_cache_alloc+0x5b/0x310 [ 1626.222621] ? mark_held_locks+0x9e/0xe0 [ 1626.223481] create_object.isra.0+0x3a/0xa20 [ 1626.224443] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.225526] kmem_cache_alloc_bulk+0x168/0x320 [ 1626.226508] io_submit_sqes+0x6fe6/0x8610 [ 1626.227417] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1626.228505] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1626.229534] ? find_held_lock+0x2c/0x110 [ 1626.230410] ? io_submit_sqes+0x8610/0x8610 [ 1626.231333] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.232392] ? wait_for_completion_io+0x270/0x270 [ 1626.233408] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.234398] ? vfs_write+0x354/0xb10 [ 1626.235193] ? fput_many+0x2f/0x1a0 [ 1626.235962] ? ksys_write+0x1a9/0x260 [ 1626.236788] ? __ia32_sys_read+0xb0/0xb0 [ 1626.237645] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.238754] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.239842] do_syscall_64+0x33/0x40 [ 1626.240663] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.241743] RIP: 0033:0x7fd7cd959b19 [ 1626.242521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.246434] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.248058] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1626.249578] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1626.250790] FAULT_INJECTION: forcing a failure. [ 1626.250790] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.251082] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.254168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1626.255663] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 [ 1626.257264] CPU: 1 PID: 9246 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1626.258364] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.259654] Call Trace: [ 1626.260100] dump_stack+0x107/0x167 [ 1626.260706] should_fail.cold+0x5/0xa [ 1626.261319] should_failslab+0x5/0x20 [ 1626.261920] __kmalloc_track_caller+0x79/0x370 [ 1626.262629] ? ip6_setup_cork+0x518/0x1740 [ 1626.263326] kmemdup+0x23/0x50 [ 1626.263857] ip6_setup_cork+0x518/0x1740 [ 1626.264498] ip6_make_skb+0x22c/0x4e0 [ 1626.265074] ? ip_frag_init+0x350/0x350 [ 1626.265693] ? ip6_push_pending_frames+0xf0/0xf0 [ 1626.266367] ? ip6_dst_hoplimit+0x199/0x440 [ 1626.266977] ? lock_downgrade+0x6d0/0x6d0 [ 1626.267656] udpv6_sendmsg+0x2128/0x2b40 [ 1626.268298] ? ip_frag_init+0x350/0x350 [ 1626.269001] ? udp_v6_push_pending_frames+0x360/0x360 [ 1626.269885] ? perf_event_task_disable+0x390/0x390 [ 1626.270684] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1626.271394] ? lock_acquire+0x197/0x470 [ 1626.271975] ? find_held_lock+0x2c/0x110 [ 1626.272567] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1626.273374] ? sock_has_perm+0x1ea/0x280 [ 1626.274040] ? __import_iovec+0x458/0x590 [ 1626.274728] ? udp_v6_push_pending_frames+0x360/0x360 [ 1626.275551] inet6_sendmsg+0x105/0x140 [ 1626.276256] ? inet6_compat_ioctl+0x320/0x320 [ 1626.276983] __sock_sendmsg+0xf2/0x190 [ 1626.277629] ____sys_sendmsg+0x334/0x870 [ 1626.278195] ? sock_write_iter+0x3d0/0x3d0 [ 1626.278930] ? do_recvmmsg+0x6d0/0x6d0 [ 1626.279617] ? __lock_acquire+0x1657/0x5b00 [ 1626.280398] ___sys_sendmsg+0xf3/0x170 [ 1626.281083] ? sendmsg_copy_msghdr+0x160/0x160 [ 1626.281901] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1626.282677] ? _raw_spin_unlock_irq+0x27/0x30 [ 1626.283465] ? lock_acquire+0x197/0x470 [ 1626.284162] ? find_held_lock+0x2c/0x110 [ 1626.284881] ? __might_fault+0xd3/0x180 [ 1626.285575] ? lock_downgrade+0x6d0/0x6d0 [ 1626.286301] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1626.287269] __sys_sendmmsg+0x195/0x470 [ 1626.287967] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1626.288736] ? lock_downgrade+0x6d0/0x6d0 [ 1626.289471] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.290313] ? wait_for_completion_io+0x270/0x270 [ 1626.291155] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.291969] ? vfs_write+0x354/0xb10 [ 1626.292621] ? fput_many+0x2f/0x1a0 [ 1626.293252] ? ksys_write+0x1a9/0x260 [ 1626.293909] ? __ia32_sys_read+0xb0/0xb0 [ 1626.294619] __x64_sys_sendmmsg+0x99/0x100 [ 1626.295347] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.296077] do_syscall_64+0x33/0x40 [ 1626.296641] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.297406] RIP: 0033:0x7fb74c37db19 [ 1626.297926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.300605] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1626.301646] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1626.302617] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1626.303591] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.304571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1626.305553] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:10:30 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xe00, 0x0, 0x0, 0x0) 07:10:30 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) 07:10:30 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:30 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1626.450771] FAULT_INJECTION: forcing a failure. [ 1626.450771] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.453247] CPU: 0 PID: 9261 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1626.454689] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.456453] Call Trace: [ 1626.457011] dump_stack+0x107/0x167 [ 1626.457787] should_fail.cold+0x5/0xa [ 1626.458586] ? create_object.isra.0+0x3a/0xa20 [ 1626.459536] should_failslab+0x5/0x20 [ 1626.460357] kmem_cache_alloc+0x5b/0x310 [ 1626.461211] ? mark_held_locks+0x9e/0xe0 [ 1626.462071] create_object.isra.0+0x3a/0xa20 [ 1626.462992] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.464065] kmem_cache_alloc_bulk+0x168/0x320 [ 1626.465036] io_submit_sqes+0x6fe6/0x8610 [ 1626.465930] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1626.466966] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1626.468007] ? find_held_lock+0x2c/0x110 [ 1626.468889] ? io_submit_sqes+0x8610/0x8610 [ 1626.469794] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.470788] ? wait_for_completion_io+0x270/0x270 [ 1626.471796] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.472790] ? vfs_write+0x354/0xb10 [ 1626.473571] ? fput_many+0x2f/0x1a0 [ 1626.474345] ? ksys_write+0x1a9/0x260 [ 1626.475171] ? __ia32_sys_read+0xb0/0xb0 [ 1626.476061] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.477181] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.478284] do_syscall_64+0x33/0x40 [ 1626.479058] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.480145] RIP: 0033:0x7fd7cd959b19 [ 1626.480950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.484790] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.486389] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1626.487899] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1626.489408] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.490901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1626.492427] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 07:10:43 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) 07:10:43 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x1100, 0x0, 0x0, 0x0) 07:10:43 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 84) 07:10:43 executing program 7: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1639.247370] FAULT_INJECTION: forcing a failure. [ 1639.247370] name failslab, interval 1, probability 0, space 0, times 0 [ 1639.248833] CPU: 0 PID: 9271 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1639.249614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.250564] Call Trace: [ 1639.250872] dump_stack+0x107/0x167 [ 1639.251290] should_fail.cold+0x5/0xa [ 1639.251728] ? create_object.isra.0+0x3a/0xa20 [ 1639.252250] should_failslab+0x5/0x20 [ 1639.252707] kmem_cache_alloc+0x5b/0x310 [ 1639.253178] ? mark_held_locks+0x9e/0xe0 [ 1639.253640] create_object.isra.0+0x3a/0xa20 [ 1639.254142] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1639.254727] kmem_cache_alloc_bulk+0x168/0x320 [ 1639.255257] io_submit_sqes+0x6fe6/0x8610 [ 1639.255752] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1639.256340] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1639.256894] ? find_held_lock+0x2c/0x110 [ 1639.257359] ? io_submit_sqes+0x8610/0x8610 [ 1639.257858] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1639.258415] ? wait_for_completion_io+0x270/0x270 [ 1639.258968] ? rcu_read_lock_any_held+0x75/0xa0 [ 1639.259494] ? vfs_write+0x354/0xb10 [ 1639.259921] ? fput_many+0x2f/0x1a0 [ 1639.260365] ? ksys_write+0x1a9/0x260 [ 1639.260803] ? __ia32_sys_read+0xb0/0xb0 [ 1639.261270] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1639.261868] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1639.262460] do_syscall_64+0x33/0x40 [ 1639.262885] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.263474] RIP: 0033:0x7fd7cd959b19 [ 1639.263900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.266062] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1639.266946] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1639.267775] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1639.268631] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.269456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1639.270279] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 07:10:43 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) [ 1639.299833] FAULT_INJECTION: forcing a failure. [ 1639.299833] name failslab, interval 1, probability 0, space 0, times 0 [ 1639.301172] CPU: 0 PID: 9283 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1639.301962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.302923] Call Trace: [ 1639.303235] dump_stack+0x107/0x167 [ 1639.303652] should_fail.cold+0x5/0xa [ 1639.304089] ? ip6_setup_cork+0x1e4/0x1740 [ 1639.304608] should_failslab+0x5/0x20 [ 1639.305049] kmem_cache_alloc_trace+0x55/0x320 [ 1639.305580] ip6_setup_cork+0x1e4/0x1740 [ 1639.306051] ip6_make_skb+0x22c/0x4e0 [ 1639.306506] ? ip_frag_init+0x350/0x350 [ 1639.306969] ? ip6_push_pending_frames+0xf0/0xf0 [ 1639.307526] ? ip6_dst_hoplimit+0x199/0x440 [ 1639.308023] ? lock_downgrade+0x6d0/0x6d0 [ 1639.308529] udpv6_sendmsg+0x2128/0x2b40 [ 1639.308998] ? ip_frag_init+0x350/0x350 [ 1639.309465] ? udp_v6_push_pending_frames+0x360/0x360 [ 1639.310060] ? lock_acquire+0x197/0x470 [ 1639.310519] ? find_held_lock+0x2c/0x110 [ 1639.310991] ? lock_acquire+0x197/0x470 [ 1639.311448] ? find_held_lock+0x2c/0x110 [ 1639.311934] ? sock_has_perm+0x1ea/0x280 [ 1639.312438] ? __import_iovec+0x458/0x590 [ 1639.312914] ? udp_v6_push_pending_frames+0x360/0x360 [ 1639.313506] inet6_sendmsg+0x105/0x140 [ 1639.313953] ? inet6_compat_ioctl+0x320/0x320 [ 1639.314480] __sock_sendmsg+0xf2/0x190 [ 1639.314932] ____sys_sendmsg+0x334/0x870 [ 1639.315408] ? sock_write_iter+0x3d0/0x3d0 [ 1639.315898] ? do_recvmmsg+0x6d0/0x6d0 [ 1639.316375] ? __lock_acquire+0x1657/0x5b00 [ 1639.316880] ___sys_sendmsg+0xf3/0x170 [ 1639.317338] ? sendmsg_copy_msghdr+0x160/0x160 [ 1639.317871] ? vmacache_find+0x55/0x2a0 [ 1639.318335] ? lock_acquire+0x197/0x470 [ 1639.318798] ? find_held_lock+0x2c/0x110 [ 1639.319268] ? __might_fault+0xd3/0x180 [ 1639.319722] ? lock_downgrade+0x6d0/0x6d0 [ 1639.320197] ? asm_exc_page_fault+0x1e/0x30 [ 1639.320725] __sys_sendmmsg+0x195/0x470 [ 1639.321186] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1639.321685] ? lock_downgrade+0x6d0/0x6d0 [ 1639.322180] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1639.322736] ? wait_for_completion_io+0x270/0x270 [ 1639.323305] ? rcu_read_lock_any_held+0x75/0xa0 [ 1639.323839] ? vfs_write+0x354/0xb10 [ 1639.324277] ? fput_many+0x2f/0x1a0 [ 1639.324709] ? ksys_write+0x1a9/0x260 [ 1639.325151] ? __ia32_sys_read+0xb0/0xb0 [ 1639.325624] __x64_sys_sendmmsg+0x99/0x100 [ 1639.326115] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1639.326720] do_syscall_64+0x33/0x40 [ 1639.327145] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.327738] RIP: 0033:0x7fb74c37db19 [ 1639.328170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.330310] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1639.331183] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1639.332002] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1639.332847] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.333670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1639.334496] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:10:43 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 85) [ 1639.382943] FAULT_INJECTION: forcing a failure. [ 1639.382943] name failslab, interval 1, probability 0, space 0, times 0 [ 1639.384354] CPU: 0 PID: 9289 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1639.385139] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.386096] Call Trace: [ 1639.386418] dump_stack+0x107/0x167 [ 1639.386842] should_fail.cold+0x5/0xa [ 1639.387286] ? __alloc_skb+0x6d/0x5b0 [ 1639.387738] should_failslab+0x5/0x20 [ 1639.388183] kmem_cache_alloc_node+0x55/0x330 [ 1639.388729] __alloc_skb+0x6d/0x5b0 [ 1639.389148] alloc_skb_with_frags+0x92/0x570 [ 1639.389664] sock_alloc_send_pskb+0x7af/0x930 [ 1639.390183] ? sk_alloc+0x350/0x350 [ 1639.390609] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1639.391212] ? SOFTIRQ_verbose+0x10/0x10 [ 1639.391685] ? lock_release+0x680/0x680 [ 1639.392144] ? find_held_lock+0x2c/0x110 [ 1639.392639] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1639.393230] ? ip_frag_init+0x350/0x350 [ 1639.393693] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1639.394256] ? ip6_mtu+0x1e9/0x3d0 [ 1639.394665] ? ip6_setup_cork+0xfb7/0x1740 [ 1639.395160] ip6_make_skb+0x2df/0x4e0 [ 1639.395606] ? ip_frag_init+0x350/0x350 [ 1639.396065] ? ip_frag_init+0x350/0x350 [ 1639.396550] ? ip6_push_pending_frames+0xf0/0xf0 [ 1639.397103] ? ip6_dst_hoplimit+0x199/0x440 [ 1639.397608] ? lock_downgrade+0x6d0/0x6d0 [ 1639.398101] udpv6_sendmsg+0x2128/0x2b40 [ 1639.398578] ? ip_frag_init+0x350/0x350 [ 1639.399038] ? udp_v6_push_pending_frames+0x360/0x360 [ 1639.399641] ? perf_event_task_disable+0x390/0x390 [ 1639.400216] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1639.400806] ? lock_acquire+0x197/0x470 [ 1639.401265] ? find_held_lock+0x2c/0x110 [ 1639.401742] ? sock_has_perm+0x1ea/0x280 [ 1639.402228] ? __import_iovec+0x458/0x590 [ 1639.402710] ? udp_v6_push_pending_frames+0x360/0x360 [ 1639.403302] inet6_sendmsg+0x105/0x140 [ 1639.403758] ? inet6_compat_ioctl+0x320/0x320 [ 1639.404287] __sock_sendmsg+0xf2/0x190 [ 1639.404749] ____sys_sendmsg+0x334/0x870 [ 1639.405222] ? sock_write_iter+0x3d0/0x3d0 [ 1639.405712] ? do_recvmmsg+0x6d0/0x6d0 [ 1639.406168] ? __lock_acquire+0x1657/0x5b00 [ 1639.406670] ___sys_sendmsg+0xf3/0x170 [ 1639.407122] ? sendmsg_copy_msghdr+0x160/0x160 [ 1639.407658] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1639.408272] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1639.408802] ? trace_hardirqs_on+0x5b/0x180 [ 1639.409308] ? lock_acquire+0x197/0x470 [ 1639.409770] ? find_held_lock+0x2c/0x110 [ 1639.410241] ? __might_fault+0xd3/0x180 [ 1639.410696] ? lock_downgrade+0x6d0/0x6d0 [ 1639.411196] __sys_sendmmsg+0x195/0x470 [ 1639.411663] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1639.412168] ? lock_downgrade+0x6d0/0x6d0 [ 1639.412679] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1639.413237] ? wait_for_completion_io+0x270/0x270 [ 1639.413796] ? rcu_read_lock_any_held+0x75/0xa0 [ 1639.414331] ? vfs_write+0x354/0xb10 [ 1639.414764] ? fput_many+0x2f/0x1a0 [ 1639.415184] ? ksys_write+0x1a9/0x260 [ 1639.415634] ? __ia32_sys_read+0xb0/0xb0 [ 1639.416107] __x64_sys_sendmmsg+0x99/0x100 [ 1639.416615] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1639.417207] do_syscall_64+0x33/0x40 [ 1639.417641] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.418229] RIP: 0033:0x7fb74c37db19 [ 1639.418661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.420797] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1639.421681] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1639.422498] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1639.423327] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.424153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1639.424993] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:10:43 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) 07:10:43 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1639.450837] FAULT_INJECTION: forcing a failure. [ 1639.450837] name failslab, interval 1, probability 0, space 0, times 0 [ 1639.452138] CPU: 0 PID: 9287 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1639.452947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.453893] Call Trace: [ 1639.454199] dump_stack+0x107/0x167 [ 1639.454617] should_fail.cold+0x5/0xa [ 1639.455056] ? create_object.isra.0+0x3a/0xa20 [ 1639.455577] should_failslab+0x5/0x20 [ 1639.456021] kmem_cache_alloc+0x5b/0x310 [ 1639.456523] ? mark_held_locks+0x9e/0xe0 [ 1639.456992] create_object.isra.0+0x3a/0xa20 [ 1639.457505] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1639.458089] kmem_cache_alloc_bulk+0x168/0x320 [ 1639.458619] io_submit_sqes+0x6fe6/0x8610 [ 1639.459110] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1639.459689] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1639.460248] ? find_held_lock+0x2c/0x110 [ 1639.460734] ? io_submit_sqes+0x8610/0x8610 [ 1639.461240] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1639.461817] ? wait_for_completion_io+0x270/0x270 [ 1639.462407] ? rcu_read_lock_any_held+0x75/0xa0 [ 1639.462989] ? vfs_write+0x354/0xb10 [ 1639.463412] ? fput_many+0x2f/0x1a0 [ 1639.463832] ? ksys_write+0x1a9/0x260 [ 1639.464282] ? __ia32_sys_read+0xb0/0xb0 [ 1639.464763] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1639.465374] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1639.465968] do_syscall_64+0x33/0x40 [ 1639.466390] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.466975] RIP: 0033:0x7fd7cd959b19 [ 1639.467406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.469522] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1639.470403] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1639.471215] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1639.472027] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.472860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1639.473675] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 07:10:43 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 07:10:43 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:43 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1639.670101] FAULT_INJECTION: forcing a failure. [ 1639.670101] name failslab, interval 1, probability 0, space 0, times 0 [ 1639.671470] CPU: 0 PID: 9314 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1639.672251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.673212] Call Trace: [ 1639.673519] dump_stack+0x107/0x167 [ 1639.673942] should_fail.cold+0x5/0xa [ 1639.674382] ? io_uring_alloc_task_context+0x99/0x6a0 [ 1639.674973] should_failslab+0x5/0x20 [ 1639.675411] kmem_cache_alloc_trace+0x55/0x320 [ 1639.675938] io_uring_alloc_task_context+0x99/0x6a0 [ 1639.676531] ? io_import_iovec+0x1120/0x1120 [ 1639.677039] ? find_held_lock+0x2c/0x110 [ 1639.677506] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1639.678061] __io_uring_add_tctx_node+0x2c6/0x520 [ 1639.678609] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1639.679222] __do_sys_io_uring_enter+0x146f/0x1890 [ 1639.679785] ? find_held_lock+0x2c/0x110 [ 1639.680254] ? io_submit_sqes+0x8610/0x8610 [ 1639.680773] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1639.681324] ? wait_for_completion_io+0x270/0x270 [ 1639.681875] ? rcu_read_lock_any_held+0x75/0xa0 [ 1639.682410] ? vfs_write+0x354/0xb10 [ 1639.682839] ? fput_many+0x2f/0x1a0 [ 1639.683257] ? ksys_write+0x1a9/0x260 [ 1639.683696] ? __ia32_sys_read+0xb0/0xb0 [ 1639.684162] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1639.684781] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1639.685375] do_syscall_64+0x33/0x40 [ 1639.685807] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.686397] RIP: 0033:0x7fddac2fab19 [ 1639.686826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.688952] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1639.689823] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1639.690642] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1639.691458] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.692290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1639.693119] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:10:58 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 86) 07:10:58 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:58 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) 07:10:58 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x3600, 0x0, 0x0, 0x0) 07:10:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:58 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:58 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) [ 1654.297728] FAULT_INJECTION: forcing a failure. [ 1654.297728] name failslab, interval 1, probability 0, space 0, times 0 [ 1654.299146] CPU: 0 PID: 9334 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1654.299981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1654.300997] Call Trace: [ 1654.301327] dump_stack+0x107/0x167 [ 1654.301782] should_fail.cold+0x5/0xa [ 1654.302250] ? create_object.isra.0+0x3a/0xa20 [ 1654.302808] should_failslab+0x5/0x20 [ 1654.303269] kmem_cache_alloc+0x5b/0x310 [ 1654.303762] create_object.isra.0+0x3a/0xa20 [ 1654.304293] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1654.304927] kmem_cache_alloc_node+0x169/0x330 [ 1654.305486] __alloc_skb+0x6d/0x5b0 [ 1654.305931] alloc_skb_with_frags+0x92/0x570 [ 1654.306476] sock_alloc_send_pskb+0x7af/0x930 [ 1654.307026] ? sk_alloc+0x350/0x350 [ 1654.307475] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1654.308106] ? SOFTIRQ_verbose+0x10/0x10 [ 1654.308621] ? lock_release+0x680/0x680 [ 1654.309103] ? find_held_lock+0x2c/0x110 [ 1654.309605] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1654.310216] ? ip_frag_init+0x350/0x350 [ 1654.310707] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1654.311288] ? ip6_mtu+0x1e9/0x3d0 [ 1654.311717] ? ip6_setup_cork+0xfb7/0x1740 [ 1654.312229] ip6_make_skb+0x2df/0x4e0 [ 1654.312694] ? ip_frag_init+0x350/0x350 [ 1654.313178] ? ip_frag_init+0x350/0x350 [ 1654.313661] ? ip6_push_pending_frames+0xf0/0xf0 [ 1654.314239] ? ip6_dst_hoplimit+0x199/0x440 [ 1654.314761] ? lock_downgrade+0x6d0/0x6d0 [ 1654.315272] udpv6_sendmsg+0x2128/0x2b40 [ 1654.315766] ? ip_frag_init+0x350/0x350 [ 1654.316252] ? udp_v6_push_pending_frames+0x360/0x360 [ 1654.316896] ? perf_event_task_disable+0x390/0x390 [ 1654.317492] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1654.318078] ? lock_acquire+0x197/0x470 [ 1654.318558] ? find_held_lock+0x2c/0x110 [ 1654.319055] ? sock_has_perm+0x1ea/0x280 [ 1654.319566] ? __import_iovec+0x458/0x590 [ 1654.320066] ? udp_v6_push_pending_frames+0x360/0x360 [ 1654.320707] inet6_sendmsg+0x105/0x140 [ 1654.321174] ? inet6_compat_ioctl+0x320/0x320 [ 1654.321720] __sock_sendmsg+0xf2/0x190 [ 1654.322190] ____sys_sendmsg+0x334/0x870 [ 1654.322688] ? sock_write_iter+0x3d0/0x3d0 [ 1654.323196] ? do_recvmmsg+0x6d0/0x6d0 [ 1654.323668] ? __lock_acquire+0x1657/0x5b00 [ 1654.324193] ___sys_sendmsg+0xf3/0x170 [ 1654.324678] ? sendmsg_copy_msghdr+0x160/0x160 [ 1654.325228] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1654.325763] ? _raw_spin_unlock_irq+0x27/0x30 [ 1654.326305] ? lock_acquire+0x197/0x470 [ 1654.326779] ? find_held_lock+0x2c/0x110 [ 1654.327270] ? __might_fault+0xd3/0x180 [ 1654.327747] ? lock_downgrade+0x6d0/0x6d0 [ 1654.328256] __sys_sendmmsg+0x195/0x470 [ 1654.328752] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1654.329267] ? lock_downgrade+0x6d0/0x6d0 [ 1654.329775] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1654.330352] ? wait_for_completion_io+0x270/0x270 [ 1654.330931] ? rcu_read_lock_any_held+0x75/0xa0 [ 1654.331485] ? vfs_write+0x354/0xb10 [ 1654.331933] ? fput_many+0x2f/0x1a0 [ 1654.332368] ? ksys_write+0x1a9/0x260 [ 1654.332841] ? __ia32_sys_read+0xb0/0xb0 [ 1654.333333] __x64_sys_sendmmsg+0x99/0x100 [ 1654.333842] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1654.334456] do_syscall_64+0x33/0x40 [ 1654.334903] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1654.335522] RIP: 0033:0x7fb74c37db19 [ 1654.335967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1654.338173] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1654.339084] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1654.339936] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1654.340796] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1654.341646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1654.342494] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1654.361912] FAULT_INJECTION: forcing a failure. [ 1654.361912] name failslab, interval 1, probability 0, space 0, times 0 [ 1654.363249] CPU: 0 PID: 9342 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1654.364056] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1654.364240] FAULT_INJECTION: forcing a failure. [ 1654.364240] name failslab, interval 1, probability 0, space 0, times 0 [ 1654.365031] Call Trace: [ 1654.365045] dump_stack+0x107/0x167 [ 1654.365058] should_fail.cold+0x5/0xa [ 1654.365070] ? create_object.isra.0+0x3a/0xa20 [ 1654.365080] should_failslab+0x5/0x20 [ 1654.365090] kmem_cache_alloc+0x5b/0x310 [ 1654.365105] create_object.isra.0+0x3a/0xa20 [ 1654.365114] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1654.365129] kmem_cache_alloc_trace+0x151/0x320 [ 1654.365150] io_uring_alloc_task_context+0x99/0x6a0 [ 1654.373758] ? io_import_iovec+0x1120/0x1120 [ 1654.374423] ? find_held_lock+0x2c/0x110 [ 1654.375035] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1654.375762] __io_uring_add_tctx_node+0x2c6/0x520 [ 1654.376506] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1654.377305] __do_sys_io_uring_enter+0x146f/0x1890 [ 1654.378049] ? find_held_lock+0x2c/0x110 [ 1654.378670] ? io_submit_sqes+0x8610/0x8610 [ 1654.379329] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1654.380053] ? wait_for_completion_io+0x270/0x270 [ 1654.380786] ? rcu_read_lock_any_held+0x75/0xa0 [ 1654.381493] ? vfs_write+0x354/0xb10 [ 1654.382050] ? fput_many+0x2f/0x1a0 [ 1654.382604] ? ksys_write+0x1a9/0x260 [ 1654.383167] ? __ia32_sys_read+0xb0/0xb0 [ 1654.383773] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1654.384561] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1654.385335] do_syscall_64+0x33/0x40 [ 1654.385889] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1654.386650] RIP: 0033:0x7fddac2fab19 [ 1654.387212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1654.389978] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1654.391105] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1654.392177] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1654.393069] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1654.393904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1654.394738] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 [ 1654.395595] CPU: 1 PID: 9335 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1654.397051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1654.398804] Call Trace: [ 1654.399367] dump_stack+0x107/0x167 [ 1654.400137] should_fail.cold+0x5/0xa [ 1654.400956] ? create_object.isra.0+0x3a/0xa20 [ 1654.401925] should_failslab+0x5/0x20 [ 1654.402732] kmem_cache_alloc+0x5b/0x310 [ 1654.403588] ? mark_held_locks+0x9e/0xe0 [ 1654.404460] create_object.isra.0+0x3a/0xa20 [ 1654.405389] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1654.406457] kmem_cache_alloc_bulk+0x168/0x320 [ 1654.407429] io_submit_sqes+0x6fe6/0x8610 [ 1654.408333] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1654.409382] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1654.410402] ? find_held_lock+0x2c/0x110 [ 1654.411264] ? io_submit_sqes+0x8610/0x8610 [ 1654.412188] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1654.413222] ? wait_for_completion_io+0x270/0x270 [ 1654.414233] ? rcu_read_lock_any_held+0x75/0xa0 [ 1654.415206] ? vfs_write+0x354/0xb10 [ 1654.415995] ? fput_many+0x2f/0x1a0 [ 1654.416766] ? ksys_write+0x1a9/0x260 [ 1654.417565] ? __ia32_sys_read+0xb0/0xb0 [ 1654.418417] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1654.419514] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1654.420612] do_syscall_64+0x33/0x40 [ 1654.421391] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1654.422461] RIP: 0033:0x7fd7cd959b19 [ 1654.423244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1654.427103] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1654.428695] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1654.430201] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1654.431716] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1654.433213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1654.434706] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 07:10:58 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:10:58 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:13 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) 07:11:13 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) 07:11:13 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:13 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 87) 07:11:13 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x10012, 0x0, 0x0, 0x0) 07:11:13 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:13 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:13 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1668.740920] FAULT_INJECTION: forcing a failure. [ 1668.740920] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1668.743665] CPU: 0 PID: 9360 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1668.745194] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1668.747015] Call Trace: [ 1668.747619] dump_stack+0x107/0x167 [ 1668.748441] should_fail.cold+0x5/0xa [ 1668.749342] _copy_from_user+0x2e/0x1b0 [ 1668.750252] __copy_msghdr_from_user+0x91/0x4b0 [ 1668.751287] ? __ia32_sys_shutdown+0x80/0x80 [ 1668.752269] ? udp_v6_push_pending_frames+0x360/0x360 [ 1668.753428] ? inet6_sendmsg+0xbd/0x140 [ 1668.754304] ? inet6_compat_ioctl+0x320/0x320 [ 1668.755300] ? __sock_sendmsg+0x55/0x190 [ 1668.756230] sendmsg_copy_msghdr+0xa1/0x160 [ 1668.757248] ? do_recvmmsg+0x6d0/0x6d0 [ 1668.758198] ? __lock_acquire+0x1657/0x5b00 [ 1668.759248] ___sys_sendmsg+0xc6/0x170 [ 1668.760199] ? sendmsg_copy_msghdr+0x160/0x160 [ 1668.761335] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1668.762436] ? _raw_spin_unlock_irq+0x27/0x30 [ 1668.763505] ? lock_acquire+0x197/0x470 [ 1668.764471] ? find_held_lock+0x2c/0x110 [ 1668.765484] ? __might_fault+0xd3/0x180 [ 1668.766448] ? lock_downgrade+0x6d0/0x6d0 [ 1668.767487] __sys_sendmmsg+0x195/0x470 [ 1668.768435] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1668.769483] ? lock_downgrade+0x6d0/0x6d0 [ 1668.770478] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1668.771649] ? wait_for_completion_io+0x270/0x270 [ 1668.772806] ? rcu_read_lock_any_held+0x75/0xa0 [ 1668.773912] ? vfs_write+0x354/0xb10 [ 1668.774789] ? fput_many+0x2f/0x1a0 [ 1668.775637] ? ksys_write+0x1a9/0x260 [ 1668.776549] ? __ia32_sys_read+0xb0/0xb0 [ 1668.777491] __x64_sys_sendmmsg+0x99/0x100 [ 1668.778478] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1668.779687] do_syscall_64+0x33/0x40 [ 1668.780562] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1668.781761] RIP: 0033:0x7fb74c37db19 [ 1668.782629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1668.786909] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1668.788682] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1668.790337] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1668.790937] FAULT_INJECTION: forcing a failure. [ 1668.790937] name failslab, interval 1, probability 0, space 0, times 0 [ 1668.791990] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1668.792003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1668.792015] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1668.796533] CPU: 1 PID: 9374 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1668.797452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1668.798550] Call Trace: [ 1668.798908] dump_stack+0x107/0x167 [ 1668.799407] should_fail.cold+0x5/0xa [ 1668.799921] ? create_object.isra.0+0x3a/0xa20 [ 1668.800544] should_failslab+0x5/0x20 [ 1668.801069] kmem_cache_alloc+0x5b/0x310 [ 1668.801615] create_object.isra.0+0x3a/0xa20 [ 1668.802207] kmemleak_alloc_percpu+0xa0/0x100 [ 1668.802805] pcpu_alloc+0x4e2/0x1240 [ 1668.803314] __percpu_counter_init+0x10d/0x2d0 [ 1668.803930] io_uring_alloc_task_context+0xcc/0x6a0 [ 1668.804606] ? io_import_iovec+0x1120/0x1120 [ 1668.805202] ? find_held_lock+0x2c/0x110 [ 1668.805750] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1668.806395] __io_uring_add_tctx_node+0x2c6/0x520 [ 1668.807036] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1668.807741] __do_sys_io_uring_enter+0x146f/0x1890 [ 1668.808401] ? find_held_lock+0x2c/0x110 [ 1668.808957] ? io_submit_sqes+0x8610/0x8610 [ 1668.809544] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1668.810191] ? wait_for_completion_io+0x270/0x270 [ 1668.810836] ? rcu_read_lock_any_held+0x75/0xa0 [ 1668.811462] ? vfs_write+0x354/0xb10 [ 1668.811955] ? fput_many+0x2f/0x1a0 [ 1668.812443] ? ksys_write+0x1a9/0x260 [ 1668.812963] ? __ia32_sys_read+0xb0/0xb0 [ 1668.813514] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1668.814214] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1668.814916] do_syscall_64+0x33/0x40 [ 1668.815412] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1668.816094] RIP: 0033:0x7fddac2fab19 [ 1668.816603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1668.819043] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1668.820046] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1668.821011] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1668.821959] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1668.822895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1668.823839] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:11:13 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1668.845445] FAULT_INJECTION: forcing a failure. [ 1668.845445] name failslab, interval 1, probability 0, space 0, times 0 [ 1668.846984] CPU: 1 PID: 9372 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1668.847892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1668.848994] Call Trace: [ 1668.849348] dump_stack+0x107/0x167 [ 1668.849843] should_fail.cold+0x5/0xa [ 1668.850352] ? create_object.isra.0+0x3a/0xa20 [ 1668.850952] should_failslab+0x5/0x20 [ 1668.851459] kmem_cache_alloc+0x5b/0x310 [ 1668.851997] ? mark_held_locks+0x9e/0xe0 [ 1668.852539] create_object.isra.0+0x3a/0xa20 [ 1668.853125] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1668.853802] kmem_cache_alloc_bulk+0x168/0x320 [ 1668.854408] io_submit_sqes+0x6fe6/0x8610 [ 1668.854968] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1668.855628] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1668.856277] ? find_held_lock+0x2c/0x110 [ 1668.856827] ? io_submit_sqes+0x8610/0x8610 [ 1668.857395] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1668.858026] ? wait_for_completion_io+0x270/0x270 [ 1668.858663] ? rcu_read_lock_any_held+0x75/0xa0 [ 1668.859280] ? vfs_write+0x354/0xb10 [ 1668.859778] ? fput_many+0x2f/0x1a0 [ 1668.860256] ? ksys_write+0x1a9/0x260 [ 1668.860769] ? __ia32_sys_read+0xb0/0xb0 [ 1668.861304] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1668.861991] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1668.862683] do_syscall_64+0x33/0x40 [ 1668.863187] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1668.863858] RIP: 0033:0x7fd7cd959b19 [ 1668.864350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1668.866765] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1668.867764] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1668.868758] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1668.869701] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1668.870639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1668.871573] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 07:11:13 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:13 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x34000, 0x0, 0x0, 0x0) 07:11:13 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 88) 07:11:13 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:13 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:13 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:13 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) [ 1669.053147] FAULT_INJECTION: forcing a failure. [ 1669.053147] name failslab, interval 1, probability 0, space 0, times 0 [ 1669.054634] CPU: 1 PID: 9393 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1669.055465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1669.056476] Call Trace: [ 1669.056821] dump_stack+0x107/0x167 [ 1669.057265] should_fail.cold+0x5/0xa [ 1669.057727] ? create_object.isra.0+0x3a/0xa20 [ 1669.058283] should_failslab+0x5/0x20 [ 1669.058744] kmem_cache_alloc+0x5b/0x310 [ 1669.059240] ? mark_held_locks+0x9e/0xe0 [ 1669.059732] create_object.isra.0+0x3a/0xa20 [ 1669.060261] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1669.060888] kmem_cache_alloc_bulk+0x168/0x320 [ 1669.061441] io_submit_sqes+0x6fe6/0x8610 [ 1669.061962] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1669.062156] FAULT_INJECTION: forcing a failure. [ 1669.062156] name failslab, interval 1, probability 0, space 0, times 0 [ 1669.062563] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1669.062577] ? find_held_lock+0x2c/0x110 [ 1669.062592] ? io_submit_sqes+0x8610/0x8610 [ 1669.062623] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1669.067495] ? wait_for_completion_io+0x270/0x270 [ 1669.068081] ? rcu_read_lock_any_held+0x75/0xa0 [ 1669.068653] ? vfs_write+0x354/0xb10 [ 1669.069101] ? fput_many+0x2f/0x1a0 [ 1669.069540] ? ksys_write+0x1a9/0x260 [ 1669.070003] ? __ia32_sys_read+0xb0/0xb0 [ 1669.070493] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1669.071125] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1669.071752] do_syscall_64+0x33/0x40 [ 1669.072198] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1669.072829] RIP: 0033:0x7fd7cd959b19 [ 1669.073280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1669.075496] RSP: 002b:00007fd7caecf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1669.076413] RAX: ffffffffffffffda RBX: 00007fd7cda6cf60 RCX: 00007fd7cd959b19 [ 1669.077283] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1669.078133] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1669.078983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1669.079832] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 [ 1669.080747] CPU: 0 PID: 9392 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1669.082435] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1669.084467] Call Trace: [ 1669.085099] dump_stack+0x107/0x167 [ 1669.085930] should_fail.cold+0x5/0xa [ 1669.086802] ? __alloc_skb+0x6d/0x5b0 [ 1669.087668] should_failslab+0x5/0x20 [ 1669.088534] kmem_cache_alloc_node+0x55/0x330 [ 1669.089569] __alloc_skb+0x6d/0x5b0 [ 1669.090401] alloc_skb_with_frags+0x92/0x570 [ 1669.091414] sock_alloc_send_pskb+0x7af/0x930 [ 1669.092436] ? sk_alloc+0x350/0x350 [ 1669.093284] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1669.094465] ? SOFTIRQ_verbose+0x10/0x10 [ 1669.095384] ? lock_release+0x680/0x680 [ 1669.096302] ? find_held_lock+0x2c/0x110 [ 1669.097237] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1669.098378] ? ip_frag_init+0x350/0x350 [ 1669.099292] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1669.100375] ? ip6_mtu+0x1e9/0x3d0 [ 1669.101186] ? ip6_setup_cork+0xfb7/0x1740 [ 1669.102144] ip6_make_skb+0x2df/0x4e0 [ 1669.103010] ? ip_frag_init+0x350/0x350 [ 1669.103915] ? ip_frag_init+0x350/0x350 [ 1669.104823] ? ip6_push_pending_frames+0xf0/0xf0 [ 1669.105898] ? ip6_dst_hoplimit+0x199/0x440 [ 1669.106883] ? lock_downgrade+0x6d0/0x6d0 [ 1669.107840] udpv6_sendmsg+0x2128/0x2b40 [ 1669.108777] ? ip_frag_init+0x350/0x350 [ 1669.109691] ? udp_v6_push_pending_frames+0x360/0x360 [ 1669.110864] ? perf_event_task_disable+0x390/0x390 [ 1669.111973] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1669.113079] ? lock_acquire+0x197/0x470 [ 1669.113970] ? find_held_lock+0x2c/0x110 [ 1669.114914] ? sock_has_perm+0x1ea/0x280 [ 1669.115855] ? __import_iovec+0x458/0x590 [ 1669.116804] ? udp_v6_push_pending_frames+0x360/0x360 [ 1669.117964] inet6_sendmsg+0x105/0x140 [ 1669.118838] ? inet6_compat_ioctl+0x320/0x320 [ 1669.119846] __sock_sendmsg+0xf2/0x190 [ 1669.120734] ____sys_sendmsg+0x334/0x870 [ 1669.121657] ? sock_write_iter+0x3d0/0x3d0 [ 1669.122610] ? do_recvmmsg+0x6d0/0x6d0 [ 1669.123494] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1669.124687] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1669.125907] ? trace_hardirqs_on+0x5b/0x180 [ 1669.126914] ___sys_sendmsg+0xf3/0x170 [ 1669.127821] ? sendmsg_copy_msghdr+0x160/0x160 [ 1669.128893] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1669.129932] ? _raw_spin_unlock_irq+0x27/0x30 [ 1669.130975] ? finish_task_switch+0x126/0x5d0 [ 1669.132011] ? finish_task_switch+0xef/0x5d0 [ 1669.133035] ? __switch_to+0x572/0xf70 [ 1669.133935] ? __switch_to_asm+0x3a/0x60 [ 1669.134873] ? __switch_to_asm+0x34/0x60 [ 1669.135815] ? __schedule+0x82c/0x1ea0 [ 1669.136733] ? io_schedule_timeout+0x140/0x140 [ 1669.137812] __sys_sendmmsg+0x195/0x470 [ 1669.138740] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1669.139740] ? lock_downgrade+0x6d0/0x6d0 [ 1669.140727] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1669.141854] ? wait_for_completion_io+0x270/0x270 [ 1669.142981] ? rcu_read_lock_any_held+0x75/0xa0 [ 1669.144063] ? vfs_write+0x354/0xb10 [ 1669.144942] ? fput_many+0x2f/0x1a0 [ 1669.145794] ? ksys_write+0x1a9/0x260 [ 1669.146683] ? __ia32_sys_read+0xb0/0xb0 [ 1669.147647] __x64_sys_sendmmsg+0x99/0x100 [ 1669.148651] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1669.149853] do_syscall_64+0x33/0x40 [ 1669.150720] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1669.151916] RIP: 0033:0x7fb74c37db19 [ 1669.152796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1669.157081] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1669.158852] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1669.160528] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1669.162194] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1669.163843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1669.165505] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:11:26 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:26 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) 07:11:26 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 89) 07:11:26 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:26 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:26 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x400300, 0x0, 0x0, 0x0) 07:11:26 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) [ 1682.587352] FAULT_INJECTION: forcing a failure. [ 1682.587352] name failslab, interval 1, probability 0, space 0, times 0 07:11:26 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1682.590203] CPU: 0 PID: 9408 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1682.591899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1682.593775] Call Trace: [ 1682.594369] dump_stack+0x107/0x167 [ 1682.595188] should_fail.cold+0x5/0xa [ 1682.596048] ? create_object.isra.0+0x3a/0xa20 [ 1682.597079] should_failslab+0x5/0x20 [ 1682.597933] kmem_cache_alloc+0x5b/0x310 [ 1682.598850] create_object.isra.0+0x3a/0xa20 [ 1682.599839] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1682.600992] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1682.602133] ? alloc_skb_with_frags+0x92/0x570 [ 1682.603162] __alloc_skb+0xb1/0x5b0 [ 1682.603987] alloc_skb_with_frags+0x92/0x570 [ 1682.604995] sock_alloc_send_pskb+0x7af/0x930 [ 1682.606012] ? sk_alloc+0x350/0x350 [ 1682.606834] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1682.608013] ? SOFTIRQ_verbose+0x10/0x10 [ 1682.608928] ? lock_release+0x680/0x680 [ 1682.609822] ? find_held_lock+0x2c/0x110 [ 1682.610740] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1682.611881] ? ip_frag_init+0x350/0x350 [ 1682.612795] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1682.613864] ? ip6_mtu+0x1e9/0x3d0 [ 1682.614650] ? ip6_setup_cork+0xfb7/0x1740 [ 1682.615601] ip6_make_skb+0x2df/0x4e0 [ 1682.616448] ? ip_frag_init+0x350/0x350 [ 1682.617345] ? ip_frag_init+0x350/0x350 [ 1682.618234] ? ip6_push_pending_frames+0xf0/0xf0 [ 1682.619288] ? ip6_dst_hoplimit+0x199/0x440 [ 1682.620245] ? lock_downgrade+0x6d0/0x6d0 [ 1682.621198] udpv6_sendmsg+0x2128/0x2b40 [ 1682.622104] ? ip_frag_init+0x350/0x350 [ 1682.622998] ? udp_v6_push_pending_frames+0x360/0x360 [ 1682.624146] ? perf_event_task_disable+0x390/0x390 [ 1682.625261] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1682.626338] ? lock_acquire+0x197/0x470 [ 1682.627238] ? find_held_lock+0x2c/0x110 [ 1682.628159] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1682.629333] ? sock_has_perm+0x1ea/0x280 [ 1682.630265] ? __import_iovec+0x458/0x590 [ 1682.631195] ? udp_v6_push_pending_frames+0x360/0x360 [ 1682.632347] inet6_sendmsg+0x105/0x140 [ 1682.633226] ? inet6_compat_ioctl+0x320/0x320 [ 1682.634231] __sock_sendmsg+0xf2/0x190 [ 1682.635106] ____sys_sendmsg+0x334/0x870 [ 1682.636028] ? sock_write_iter+0x3d0/0x3d0 [ 1682.636976] ? do_recvmmsg+0x6d0/0x6d0 [ 1682.637857] ? __lock_acquire+0x1657/0x5b00 [ 1682.638836] ___sys_sendmsg+0xf3/0x170 [ 1682.639707] ? sendmsg_copy_msghdr+0x160/0x160 [ 1682.640752] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1682.641765] ? _raw_spin_unlock_irq+0x27/0x30 [ 1682.642779] ? lock_acquire+0x197/0x470 [ 1682.643669] ? find_held_lock+0x2c/0x110 [ 1682.644584] ? __might_fault+0xd3/0x180 [ 1682.645494] ? lock_downgrade+0x6d0/0x6d0 [ 1682.646430] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1682.647680] __sys_sendmmsg+0x195/0x470 [ 1682.648581] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1682.649564] ? lock_downgrade+0x6d0/0x6d0 [ 1682.650516] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1682.651609] ? wait_for_completion_io+0x270/0x270 [ 1682.652704] ? rcu_read_lock_any_held+0x75/0xa0 [ 1682.653767] ? vfs_write+0x354/0xb10 [ 1682.654608] ? fput_many+0x2f/0x1a0 [ 1682.655445] ? ksys_write+0x1a9/0x260 [ 1682.656310] ? __ia32_sys_read+0xb0/0xb0 [ 1682.657252] __x64_sys_sendmmsg+0x99/0x100 [ 1682.658222] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1682.659390] do_syscall_64+0x33/0x40 [ 1682.660232] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1682.661397] RIP: 0033:0x7fb74c37db19 [ 1682.662251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1682.666415] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1682.668152] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1682.669781] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1682.671422] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1682.671922] FAULT_INJECTION: forcing a failure. [ 1682.671922] name failslab, interval 1, probability 0, space 0, times 0 [ 1682.673059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 07:11:26 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1682.673072] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1682.676726] CPU: 1 PID: 9422 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1682.677684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1682.678952] Call Trace: [ 1682.679364] dump_stack+0x107/0x167 [ 1682.679932] should_fail.cold+0x5/0xa [ 1682.680525] ? create_object.isra.0+0x3a/0xa20 [ 1682.681264] should_failslab+0x5/0x20 [ 1682.681869] kmem_cache_alloc+0x5b/0x310 [ 1682.682504] create_object.isra.0+0x3a/0xa20 [ 1682.683210] kmemleak_alloc_percpu+0xa0/0x100 [ 1682.683910] pcpu_alloc+0x4e2/0x1240 [ 1682.684514] __percpu_counter_init+0x10d/0x2d0 [ 1682.685250] io_uring_alloc_task_context+0xcc/0x6a0 [ 1682.686041] ? io_import_iovec+0x1120/0x1120 [ 1682.686723] ? find_held_lock+0x2c/0x110 [ 1682.687371] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1682.688137] __io_uring_add_tctx_node+0x2c6/0x520 [ 1682.688912] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1682.689756] __do_sys_io_uring_enter+0x146f/0x1890 [ 1682.690533] ? find_held_lock+0x2c/0x110 [ 1682.691180] ? io_submit_sqes+0x8610/0x8610 [ 1682.691858] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1682.692633] ? wait_for_completion_io+0x270/0x270 [ 1682.693418] ? rcu_read_lock_any_held+0x75/0xa0 [ 1682.694147] ? vfs_write+0x354/0xb10 [ 1682.694724] ? fput_many+0x2f/0x1a0 [ 1682.695300] ? ksys_write+0x1a9/0x260 [ 1682.695898] ? __ia32_sys_read+0xb0/0xb0 [ 1682.696538] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1682.697399] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1682.698213] do_syscall_64+0x33/0x40 [ 1682.698796] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1682.699604] RIP: 0033:0x7fddac2fab19 [ 1682.700199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1682.703145] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1682.704348] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1682.705496] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1682.706632] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1682.707755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1682.708898] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 [ 1682.724105] FAULT_INJECTION: forcing a failure. [ 1682.724105] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1682.727117] CPU: 0 PID: 9411 Comm: syz-executor.2 Not tainted 5.10.240 #1 [ 1682.728655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1682.730513] Call Trace: [ 1682.731107] dump_stack+0x107/0x167 [ 1682.731935] should_fail.cold+0x5/0xa [ 1682.732804] _copy_to_user+0x2e/0x180 [ 1682.733662] simple_read_from_buffer+0xcc/0x160 [ 1682.734705] proc_fail_nth_read+0x198/0x230 [ 1682.735671] ? proc_sessionid_read+0x230/0x230 [ 1682.736683] ? security_file_permission+0xb1/0xe0 [ 1682.737768] ? proc_sessionid_read+0x230/0x230 [ 1682.738779] vfs_read+0x228/0x620 [ 1682.739556] ksys_read+0x12d/0x260 [ 1682.740366] ? vfs_write+0xb10/0xb10 [ 1682.741214] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1682.742383] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1682.743528] do_syscall_64+0x33/0x40 [ 1682.744364] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1682.745512] RIP: 0033:0x7fd7cd90c69c [ 1682.746352] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1682.750484] RSP: 002b:00007fd7caecf170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1682.752183] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd7cd90c69c [ 1682.753786] RDX: 000000000000000f RSI: 00007fd7caecf1e0 RDI: 0000000000000006 [ 1682.755371] RBP: 00007fd7caecf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1682.756963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1682.758538] R13: 00007ffd805d48df R14: 00007fd7caecf300 R15: 0000000000022000 07:11:27 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:27 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:27 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0) 07:11:43 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:11:43 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:43 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) 07:11:43 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 90) 07:11:43 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:43 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0) 07:11:43 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:43 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1699.174164] FAULT_INJECTION: forcing a failure. [ 1699.174164] name failslab, interval 1, probability 0, space 0, times 0 [ 1699.176873] CPU: 1 PID: 9450 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1699.178338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1699.180111] Call Trace: [ 1699.180689] dump_stack+0x107/0x167 [ 1699.181491] should_fail.cold+0x5/0xa [ 1699.182313] ? ip6_setup_cork+0x1e4/0x1740 [ 1699.183222] should_failslab+0x5/0x20 [ 1699.184042] kmem_cache_alloc_trace+0x55/0x320 [ 1699.185095] ip6_setup_cork+0x1e4/0x1740 [ 1699.185978] ip6_make_skb+0x22c/0x4e0 [ 1699.186802] ? ip_frag_init+0x350/0x350 [ 1699.187661] ? ip6_push_pending_frames+0xf0/0xf0 [ 1699.188682] ? ip6_dst_hoplimit+0x199/0x440 [ 1699.189626] ? lock_downgrade+0x6d0/0x6d0 [ 1699.190535] udpv6_sendmsg+0x2128/0x2b40 [ 1699.191410] ? ip_frag_init+0x350/0x350 [ 1699.192278] ? udp_v6_push_pending_frames+0x360/0x360 [ 1699.193394] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1699.194535] ? lock_acquire+0x197/0x470 [ 1699.195386] ? find_held_lock+0x2c/0x110 [ 1699.196274] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1699.197443] ? trace_hardirqs_on+0x5b/0x180 [ 1699.198371] ? sock_has_perm+0x1ea/0x280 [ 1699.199251] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1699.200371] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1699.201534] ? trace_hardirqs_on+0x5b/0x180 [ 1699.202463] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1699.203628] ? security_socket_sendmsg+0x89/0xb0 [ 1699.204655] ? udp_v6_push_pending_frames+0x360/0x360 [ 1699.205770] inet6_sendmsg+0x105/0x140 [ 1699.206605] ? inet6_compat_ioctl+0x320/0x320 [ 1699.207574] __sock_sendmsg+0xf2/0x190 [ 1699.208415] ____sys_sendmsg+0x334/0x870 [ 1699.209294] ? trace_hardirqs_on+0x5b/0x180 [ 1699.210223] ? sock_write_iter+0x3d0/0x3d0 [ 1699.211126] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1699.212293] ? sendmsg_copy_msghdr+0xba/0x160 [ 1699.213284] ___sys_sendmsg+0xf3/0x170 [ 1699.214121] ? sendmsg_copy_msghdr+0x160/0x160 [ 1699.215104] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1699.216063] ? _raw_spin_unlock_irq+0x27/0x30 [ 1699.217037] ? finish_task_switch+0x126/0x5d0 [ 1699.218000] ? finish_task_switch+0xef/0x5d0 [ 1699.218943] ? __switch_to+0x572/0xf70 [ 1699.219781] ? __switch_to_asm+0x3a/0x60 [ 1699.220646] ? __switch_to_asm+0x34/0x60 [ 1699.221538] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1699.222658] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1699.223808] ? trace_hardirqs_on+0x5b/0x180 [ 1699.224740] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1699.225922] ? __sys_sendmmsg+0x26a/0x470 [ 1699.226823] __sys_sendmmsg+0x195/0x470 [ 1699.227691] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1699.228618] ? lock_downgrade+0x6d0/0x6d0 [ 1699.229543] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1699.230588] ? wait_for_completion_io+0x270/0x270 [ 1699.231625] ? rcu_read_lock_any_held+0x75/0xa0 [ 1699.232623] ? vfs_write+0x354/0xb10 [ 1699.233430] ? fput_many+0x2f/0x1a0 [ 1699.234217] ? ksys_write+0x1a9/0x260 [ 1699.235041] ? __ia32_sys_read+0xb0/0xb0 [ 1699.235926] __x64_sys_sendmmsg+0x99/0x100 [ 1699.236837] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1699.237961] do_syscall_64+0x33/0x40 [ 1699.238771] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1699.239865] RIP: 0033:0x7fb74c37db19 [ 1699.240671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1699.244599] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1699.246241] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1699.247766] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1699.249301] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1699.250836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1699.252365] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1699.266755] FAULT_INJECTION: forcing a failure. 07:11:43 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1699.266755] name failslab, interval 1, probability 0, space 0, times 0 [ 1699.269637] CPU: 0 PID: 9462 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1699.271091] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1699.272857] Call Trace: [ 1699.273428] dump_stack+0x107/0x167 [ 1699.274232] should_fail.cold+0x5/0xa [ 1699.275039] ? io_wq_create+0xeb/0xc00 [ 1699.275861] should_failslab+0x5/0x20 [ 1699.276669] __kmalloc+0x72/0x390 [ 1699.277426] io_wq_create+0xeb/0xc00 [ 1699.278226] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1699.279309] ? io_import_iovec+0x1120/0x1120 [ 1699.280232] ? io_apoll_task_func+0x2d0/0x2d0 [ 1699.281181] ? __io_req_find_next+0x300/0x300 [ 1699.282129] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1699.283146] __io_uring_add_tctx_node+0x2c6/0x520 [ 1699.284160] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1699.285271] __do_sys_io_uring_enter+0x146f/0x1890 [ 1699.286300] ? find_held_lock+0x2c/0x110 [ 1699.287154] ? io_submit_sqes+0x8610/0x8610 [ 1699.288065] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1699.289076] ? wait_for_completion_io+0x270/0x270 [ 1699.290090] ? rcu_read_lock_any_held+0x75/0xa0 [ 1699.291060] ? vfs_write+0x354/0xb10 [ 1699.291841] ? fput_many+0x2f/0x1a0 [ 1699.292600] ? ksys_write+0x1a9/0x260 [ 1699.293414] ? __ia32_sys_read+0xb0/0xb0 [ 1699.294269] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1699.295359] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1699.296440] do_syscall_64+0x33/0x40 [ 1699.297233] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1699.298299] RIP: 0033:0x7fddac2fab19 [ 1699.299071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1699.302906] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1699.304510] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1699.306045] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1699.307566] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1699.309092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1699.310613] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:11:43 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:11:43 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 91) 07:11:43 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:43 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:43 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:11:43 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xe000000, 0x0, 0x0, 0x0) 07:11:43 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) [ 1699.444049] FAULT_INJECTION: forcing a failure. [ 1699.444049] name failslab, interval 1, probability 0, space 0, times 0 [ 1699.446753] CPU: 1 PID: 9470 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1699.448210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1699.449980] Call Trace: [ 1699.450566] dump_stack+0x107/0x167 [ 1699.451353] should_fail.cold+0x5/0xa [ 1699.452176] ? create_object.isra.0+0x3a/0xa20 [ 1699.453166] should_failslab+0x5/0x20 [ 1699.453986] kmem_cache_alloc+0x5b/0x310 [ 1699.454875] create_object.isra.0+0x3a/0xa20 [ 1699.455816] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1699.456915] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1699.458011] ? alloc_skb_with_frags+0x92/0x570 [ 1699.459002] __alloc_skb+0xb1/0x5b0 [ 1699.459796] alloc_skb_with_frags+0x92/0x570 [ 1699.460757] sock_alloc_send_pskb+0x7af/0x930 [ 1699.461746] ? sk_alloc+0x350/0x350 [ 1699.462541] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1699.463659] ? SOFTIRQ_verbose+0x10/0x10 [ 1699.464535] ? lock_release+0x680/0x680 [ 1699.465400] ? find_held_lock+0x2c/0x110 [ 1699.466285] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1699.467372] ? ip_frag_init+0x350/0x350 [ 1699.468235] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1699.469282] ? ip6_mtu+0x1e9/0x3d0 [ 1699.470042] ? ip6_setup_cork+0xfb7/0x1740 [ 1699.470954] ip6_make_skb+0x2df/0x4e0 [ 1699.471768] ? ip_frag_init+0x350/0x350 [ 1699.472628] ? ip_frag_init+0x350/0x350 [ 1699.473490] ? ip6_push_pending_frames+0xf0/0xf0 [ 1699.474510] ? ip6_dst_hoplimit+0x199/0x440 [ 1699.475437] ? lock_downgrade+0x6d0/0x6d0 [ 1699.476346] udpv6_sendmsg+0x2128/0x2b40 [ 1699.477240] ? ip_frag_init+0x350/0x350 [ 1699.478113] ? udp_v6_push_pending_frames+0x360/0x360 [ 1699.479232] ? perf_event_task_disable+0x390/0x390 [ 1699.480291] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1699.481340] ? lock_acquire+0x197/0x470 [ 1699.482189] ? find_held_lock+0x2c/0x110 [ 1699.483082] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1699.484202] ? sock_has_perm+0x1ea/0x280 [ 1699.485123] ? __import_iovec+0x458/0x590 [ 1699.486021] ? udp_v6_push_pending_frames+0x360/0x360 [ 1699.487128] inet6_sendmsg+0x105/0x140 [ 1699.487966] ? inet6_compat_ioctl+0x320/0x320 [ 1699.488943] __sock_sendmsg+0xf2/0x190 [ 1699.489788] ____sys_sendmsg+0x334/0x870 [ 1699.490663] ? sock_write_iter+0x3d0/0x3d0 [ 1699.491572] ? do_recvmmsg+0x6d0/0x6d0 [ 1699.492417] ? __lock_acquire+0x1657/0x5b00 [ 1699.493369] ___sys_sendmsg+0xf3/0x170 [ 1699.494212] ? sendmsg_copy_msghdr+0x160/0x160 [ 1699.495193] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1699.496148] ? _raw_spin_unlock_irq+0x27/0x30 [ 1699.497133] ? lock_acquire+0x197/0x470 [ 1699.497985] ? find_held_lock+0x2c/0x110 [ 1699.498865] ? __might_fault+0xd3/0x180 [ 1699.499719] ? lock_downgrade+0x6d0/0x6d0 [ 1699.500612] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1699.501801] __sys_sendmmsg+0x195/0x470 [ 1699.502655] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1699.503568] ? lock_downgrade+0x6d0/0x6d0 [ 1699.504464] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1699.505501] ? wait_for_completion_io+0x270/0x270 [ 1699.506532] ? rcu_read_lock_any_held+0x75/0xa0 [ 1699.507517] ? vfs_write+0x354/0xb10 [ 1699.508308] ? fput_many+0x2f/0x1a0 [ 1699.509096] ? ksys_write+0x1a9/0x260 [ 1699.509910] ? __ia32_sys_read+0xb0/0xb0 [ 1699.510781] __x64_sys_sendmmsg+0x99/0x100 [ 1699.511681] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1699.512767] do_syscall_64+0x33/0x40 [ 1699.513566] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1699.514653] RIP: 0033:0x7fb74c37db19 [ 1699.515446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1699.519321] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1699.520942] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1699.522458] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1699.523970] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1699.525491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1699.526998] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:11:43 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:58 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 07:11:58 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:58 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 92) 07:11:58 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x9, 0x0, 0x0, 0x0) 07:11:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:58 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x11000000, 0x0, 0x0, 0x0) 07:11:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:11:58 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1713.879457] FAULT_INJECTION: forcing a failure. [ 1713.879457] name failslab, interval 1, probability 0, space 0, times 0 [ 1713.882200] CPU: 1 PID: 9494 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1713.883692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1713.885520] Call Trace: [ 1713.886107] dump_stack+0x107/0x167 [ 1713.886907] should_fail.cold+0x5/0xa [ 1713.887762] ? create_object.isra.0+0x3a/0xa20 [ 1713.888769] should_failslab+0x5/0x20 [ 1713.889606] kmem_cache_alloc+0x5b/0x310 [ 1713.890496] ? lock_acquire+0x197/0x470 [ 1713.891367] create_object.isra.0+0x3a/0xa20 [ 1713.892332] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1713.893456] kmem_cache_alloc+0x159/0x310 [ 1713.894376] skb_clone+0x14f/0x3d0 [ 1713.895164] dev_queue_xmit_nit+0x3a7/0xb00 [ 1713.896132] dev_hard_start_xmit+0xab/0x6f0 [ 1713.897100] __dev_queue_xmit+0x179a/0x2690 [ 1713.898059] ? find_held_lock+0x2c/0x110 [ 1713.898956] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1713.900014] ? lock_downgrade+0x6d0/0x6d0 [ 1713.901028] ? find_held_lock+0x2c/0x110 [ 1713.901947] ? lockdep_hardirqs_on_prepare+0x129/0x3e0 [ 1713.903093] ip6_finish_output2+0x158f/0x1cf0 [ 1713.904082] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1713.905196] ip6_output+0x302/0x9e0 [ 1713.906033] ? __ip6_finish_output.part.0+0xbc0/0xbc0 [ 1713.907152] ip6_local_out+0xd2/0x4c0 [ 1713.907969] ip6_send_skb+0x117/0x460 [ 1713.908792] udp_v6_send_skb+0x7b7/0x1620 [ 1713.909709] udpv6_sendmsg+0x216b/0x2b40 [ 1713.910582] ? ip_frag_init+0x350/0x350 [ 1713.911449] ? udp_v6_push_pending_frames+0x360/0x360 [ 1713.912566] ? perf_event_task_disable+0x390/0x390 [ 1713.913631] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1713.914670] ? lock_acquire+0x197/0x470 [ 1713.915518] ? find_held_lock+0x2c/0x110 [ 1713.916400] ? sock_has_perm+0x1ea/0x280 [ 1713.917300] ? __import_iovec+0x458/0x590 [ 1713.918181] ? udp_v6_push_pending_frames+0x360/0x360 [ 1713.919273] inet6_sendmsg+0x105/0x140 [ 1713.920090] ? inet6_compat_ioctl+0x320/0x320 [ 1713.921042] __sock_sendmsg+0xf2/0x190 [ 1713.921873] ____sys_sendmsg+0x334/0x870 [ 1713.922735] ? sock_write_iter+0x3d0/0x3d0 [ 1713.923628] ? do_recvmmsg+0x6d0/0x6d0 [ 1713.924453] ? __lock_acquire+0x1657/0x5b00 [ 1713.925389] ___sys_sendmsg+0xf3/0x170 [ 1713.926215] ? sendmsg_copy_msghdr+0x160/0x160 [ 1713.927184] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1713.928130] ? _raw_spin_unlock_irq+0x27/0x30 [ 1713.929092] ? lock_acquire+0x197/0x470 [ 1713.929916] ? find_held_lock+0x2c/0x110 [ 1713.930770] ? __might_fault+0xd3/0x180 [ 1713.931598] ? lock_downgrade+0x6d0/0x6d0 [ 1713.932487] __sys_sendmmsg+0x195/0x470 [ 1713.933336] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1713.934237] ? lock_downgrade+0x6d0/0x6d0 [ 1713.935127] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1713.936146] ? wait_for_completion_io+0x270/0x270 [ 1713.937165] ? rcu_read_lock_any_held+0x75/0xa0 [ 1713.938137] ? vfs_write+0x354/0xb10 [ 1713.938295] FAULT_INJECTION: forcing a failure. [ 1713.938295] name failslab, interval 1, probability 0, space 0, times 0 [ 1713.938921] ? fput_many+0x2f/0x1a0 [ 1713.938962] ? ksys_write+0x1a9/0x260 [ 1713.943144] ? __ia32_sys_read+0xb0/0xb0 [ 1713.944006] __x64_sys_sendmmsg+0x99/0x100 [ 1713.944909] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1713.946008] do_syscall_64+0x33/0x40 [ 1713.946800] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1713.947875] RIP: 0033:0x7fb74c37db19 [ 1713.948640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1713.952508] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1713.954119] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1713.955603] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1713.957118] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1713.958609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1713.960120] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1713.961670] CPU: 0 PID: 9510 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1713.963153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1713.964937] Call Trace: [ 1713.965531] dump_stack+0x107/0x167 [ 1713.966313] should_fail.cold+0x5/0xa [ 1713.967137] ? create_object.isra.0+0x3a/0xa20 [ 1713.968118] should_failslab+0x5/0x20 [ 1713.968936] kmem_cache_alloc+0x5b/0x310 [ 1713.969842] ? io_uring_alloc_task_context+0xf5/0x6a0 [ 1713.970966] create_object.isra.0+0x3a/0xa20 [ 1713.971910] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1713.973011] __kmalloc+0x16e/0x390 [ 1713.973801] io_wq_create+0xeb/0xc00 [ 1713.974619] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1713.975715] ? io_import_iovec+0x1120/0x1120 [ 1713.976660] ? io_apoll_task_func+0x2d0/0x2d0 [ 1713.977644] ? __io_req_find_next+0x300/0x300 [ 1713.978612] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1713.979658] __io_uring_add_tctx_node+0x2c6/0x520 [ 1713.980703] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1713.981886] __do_sys_io_uring_enter+0x146f/0x1890 [ 1713.982955] ? find_held_lock+0x2c/0x110 [ 1713.983834] ? io_submit_sqes+0x8610/0x8610 [ 1713.984769] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1713.985837] ? wait_for_completion_io+0x270/0x270 [ 1713.986875] ? rcu_read_lock_any_held+0x75/0xa0 [ 1713.987872] ? vfs_write+0x354/0xb10 [ 1713.988670] ? fput_many+0x2f/0x1a0 [ 1713.989486] ? ksys_write+0x1a9/0x260 [ 1713.990295] ? __ia32_sys_read+0xb0/0xb0 [ 1713.991177] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1713.992311] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1713.993454] do_syscall_64+0x33/0x40 [ 1713.994266] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1713.995376] RIP: 0033:0x7fddac2fab19 [ 1713.996186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1714.000181] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1714.001852] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1714.003397] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1714.004945] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1714.006508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1714.008059] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:11:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:11:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:58 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x12000100, 0x0, 0x0, 0x0) 07:11:58 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:58 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x900, 0x0, 0x0, 0x0) 07:11:58 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:58 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:11:58 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) [ 1729.655149] FAULT_INJECTION: forcing a failure. [ 1729.655149] name failslab, interval 1, probability 0, space 0, times 0 [ 1729.657745] CPU: 1 PID: 9543 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1729.659225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1729.660991] Call Trace: [ 1729.661573] dump_stack+0x107/0x167 [ 1729.662351] should_fail.cold+0x5/0xa [ 1729.663179] ? create_object.isra.0+0x3a/0xa20 [ 1729.664141] should_failslab+0x5/0x20 [ 1729.664956] kmem_cache_alloc+0x5b/0x310 [ 1729.665828] create_object.isra.0+0x3a/0xa20 [ 1729.666762] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1729.667796] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1729.668863] ? alloc_skb_with_frags+0x92/0x570 [ 1729.669815] __alloc_skb+0xb1/0x5b0 [ 1729.670597] alloc_skb_with_frags+0x92/0x570 [ 1729.671530] sock_alloc_send_pskb+0x7af/0x930 [ 1729.672491] ? sk_alloc+0x350/0x350 [ 1729.673294] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1729.674337] ? SOFTIRQ_verbose+0x10/0x10 [ 1729.675197] ? lock_release+0x680/0x680 [ 1729.676029] ? find_held_lock+0x2c/0x110 [ 1729.676860] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1729.677916] ? ip_frag_init+0x350/0x350 07:12:13 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) 07:12:13 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) 07:12:13 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:12:13 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:13 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:13 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) 07:12:13 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 93) 07:12:13 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1729.679004] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1729.680190] ? ip6_mtu+0x1e9/0x3d0 [ 1729.681011] ? ip6_setup_cork+0xfb7/0x1740 [ 1729.681977] ip6_make_skb+0x2df/0x4e0 [ 1729.682836] ? ip_frag_init+0x350/0x350 [ 1729.683791] ? ip_frag_init+0x350/0x350 [ 1729.684705] ? ip6_push_pending_frames+0xf0/0xf0 [ 1729.685764] ? ip6_dst_hoplimit+0x199/0x440 [ 1729.686745] ? lock_downgrade+0x6d0/0x6d0 [ 1729.687692] ? ip6_dst_hoplimit+0x26d/0x440 [ 1729.688628] udpv6_sendmsg+0x2128/0x2b40 [ 1729.689597] ? ip_frag_init+0x350/0x350 [ 1729.690432] ? udp_v6_push_pending_frames+0x360/0x360 [ 1729.691526] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1729.692634] ? trace_hardirqs_on+0x5b/0x180 [ 1729.693580] ? lock_acquire+0x1b9/0x470 [ 1729.694414] ? find_held_lock+0x2c/0x110 [ 1729.695355] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1729.696524] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1729.697723] ? sock_has_perm+0x1ea/0x280 [ 1729.698676] ? __import_iovec+0x458/0x590 [ 1729.699577] ? udp_v6_push_pending_frames+0x360/0x360 [ 1729.700689] inet6_sendmsg+0x105/0x140 [ 1729.701538] ? inet6_compat_ioctl+0x320/0x320 [ 1729.702518] __sock_sendmsg+0xf2/0x190 [ 1729.703363] ____sys_sendmsg+0x334/0x870 [ 1729.704215] ? sock_write_iter+0x3d0/0x3d0 [ 1729.705094] ? do_recvmmsg+0x6d0/0x6d0 [ 1729.705960] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1729.707080] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1729.708211] ? trace_hardirqs_on+0x5b/0x180 [ 1729.709116] ___sys_sendmsg+0xf3/0x170 [ 1729.709934] ? sendmsg_copy_msghdr+0x160/0x160 [ 1729.710886] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1729.711826] ? _raw_spin_unlock_irq+0x27/0x30 [ 1729.712775] ? finish_task_switch+0x126/0x5d0 [ 1729.713704] ? finish_task_switch+0xef/0x5d0 [ 1729.714613] ? __switch_to+0x572/0xf70 [ 1729.715407] ? __switch_to_asm+0x3a/0x60 [ 1729.716245] ? __switch_to_asm+0x34/0x60 [ 1729.717092] ? __schedule+0x82c/0x1ea0 [ 1729.717918] ? io_schedule_timeout+0x140/0x140 [ 1729.718883] __sys_sendmmsg+0x195/0x470 [ 1729.719720] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1729.720622] ? lock_downgrade+0x6d0/0x6d0 [ 1729.721508] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1729.722511] ? wait_for_completion_io+0x270/0x270 [ 1729.723515] ? rcu_read_lock_any_held+0x75/0xa0 [ 1729.724468] ? vfs_write+0x354/0xb10 [ 1729.725239] ? fput_many+0x2f/0x1a0 [ 1729.726008] ? ksys_write+0x1a9/0x260 [ 1729.726798] ? __ia32_sys_read+0xb0/0xb0 [ 1729.727651] __x64_sys_sendmmsg+0x99/0x100 [ 1729.728532] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1729.729606] do_syscall_64+0x33/0x40 [ 1729.730383] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1729.731449] RIP: 0033:0x7fb74c37db19 [ 1729.732233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1729.736078] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1729.737673] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1729.739150] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1729.740634] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1729.742122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1729.743600] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1729.766449] FAULT_INJECTION: forcing a failure. [ 1729.766449] name failslab, interval 1, probability 0, space 0, times 0 [ 1729.768837] CPU: 1 PID: 9558 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1729.770250] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1729.771952] Call Trace: [ 1729.772496] dump_stack+0x107/0x167 [ 1729.773244] should_fail.cold+0x5/0xa [ 1729.774046] ? io_wq_create+0x6ef/0xc00 [ 1729.774869] should_failslab+0x5/0x20 [ 1729.775672] kmem_cache_alloc_node_trace+0x59/0x340 [ 1729.776703] io_wq_create+0x6ef/0xc00 [ 1729.777497] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1729.778539] ? io_import_iovec+0x1120/0x1120 [ 1729.779432] ? io_apoll_task_func+0x2d0/0x2d0 [ 1729.780345] ? __io_req_find_next+0x300/0x300 [ 1729.781278] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1729.782267] __io_uring_add_tctx_node+0x2c6/0x520 [ 1729.783259] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1729.784339] __do_sys_io_uring_enter+0x146f/0x1890 [ 1729.785358] ? find_held_lock+0x2c/0x110 [ 1729.786192] ? io_submit_sqes+0x8610/0x8610 [ 1729.787095] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1729.788080] ? wait_for_completion_io+0x270/0x270 [ 1729.789046] ? rcu_read_lock_any_held+0x75/0xa0 [ 1729.790003] ? vfs_write+0x354/0xb10 [ 1729.790740] ? fput_many+0x2f/0x1a0 [ 1729.791472] ? ksys_write+0x1a9/0x260 [ 1729.792253] ? __ia32_sys_read+0xb0/0xb0 [ 1729.793084] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1729.794133] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1729.795169] do_syscall_64+0x33/0x40 [ 1729.795919] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1729.796965] RIP: 0033:0x7fddac2fab19 [ 1729.797732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1729.801434] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1729.802960] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1729.804375] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1729.805821] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1729.807231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1729.808650] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:12:14 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:14 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) clone3(&(0x7f00000004c0)={0x110000600, &(0x7f00000001c0), &(0x7f0000000240), &(0x7f0000000280), {}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000300)=""/141, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:14 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0) 07:12:14 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:14 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x36000000, 0x0, 0x0, 0x0) 07:12:14 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) readv(0xffffffffffffffff, &(0x7f0000003700)=[{0x0}, {&(0x7f00000003c0)=""/121, 0x79}, {0x0}, {&(0x7f00000014c0)=""/160, 0xa0}, {0x0}], 0x5) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:14 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:12:28 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:28 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) 07:12:28 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x9000000, 0x0, 0x0, 0x0) 07:12:28 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xe, 0x0, 0x0, 0x0) 07:12:28 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 94) 07:12:28 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xeaffffff, 0x0, 0x0, 0x0) 07:12:28 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:28 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:28 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1744.190246] FAULT_INJECTION: forcing a failure. [ 1744.190246] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.192387] CPU: 1 PID: 9599 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1744.193609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.195086] Call Trace: [ 1744.195561] dump_stack+0x107/0x167 [ 1744.196219] should_fail.cold+0x5/0xa [ 1744.196902] ? __alloc_skb+0x6d/0x5b0 [ 1744.197590] should_failslab+0x5/0x20 [ 1744.198275] kmem_cache_alloc_node+0x55/0x330 [ 1744.199081] __alloc_skb+0x6d/0x5b0 [ 1744.199736] alloc_skb_with_frags+0x92/0x570 [ 1744.200531] sock_alloc_send_pskb+0x7af/0x930 [ 1744.201341] ? sk_alloc+0x350/0x350 [ 1744.202009] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1744.202942] ? SOFTIRQ_verbose+0x10/0x10 [ 1744.203673] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1744.204577] ? ip_frag_init+0x350/0x350 [ 1744.205296] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1744.206165] ? ip6_mtu+0x1e9/0x3d0 [ 1744.206803] ? ip6_setup_cork+0xfb7/0x1740 [ 1744.207566] ip6_make_skb+0x2df/0x4e0 [ 1744.208246] ? ip_frag_init+0x350/0x350 [ 1744.208964] ? ip_frag_init+0x350/0x350 [ 1744.209679] ? ip6_push_pending_frames+0xf0/0xf0 [ 1744.210536] ? ip6_dst_hoplimit+0x199/0x440 [ 1744.211286] ? lock_downgrade+0x6d0/0x6d0 [ 1744.212027] udpv6_sendmsg+0x2128/0x2b40 [ 1744.212746] ? ip_frag_init+0x350/0x350 [ 1744.213467] ? udp_v6_push_pending_frames+0x360/0x360 [ 1744.214386] ? perf_event_task_disable+0x390/0x390 [ 1744.215257] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1744.216115] ? lock_acquire+0x197/0x470 [ 1744.216815] ? find_held_lock+0x2c/0x110 [ 1744.217561] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1744.218514] ? sock_has_perm+0x1ea/0x280 [ 1744.219259] ? __import_iovec+0x458/0x590 [ 1744.220007] ? udp_v6_push_pending_frames+0x360/0x360 [ 1744.220920] inet6_sendmsg+0x105/0x140 [ 1744.221617] ? inet6_compat_ioctl+0x320/0x320 [ 1744.222418] __sock_sendmsg+0xf2/0x190 [ 1744.223119] ____sys_sendmsg+0x334/0x870 [ 1744.223839] ? sock_write_iter+0x3d0/0x3d0 [ 1744.224576] ? do_recvmmsg+0x6d0/0x6d0 [ 1744.225275] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.226207] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1744.227163] ? trace_hardirqs_on+0x5b/0x180 [ 1744.227939] ___sys_sendmsg+0xf3/0x170 [ 1744.228625] ? sendmsg_copy_msghdr+0x160/0x160 [ 1744.229438] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1744.230221] ? _raw_spin_unlock_irq+0x27/0x30 [ 1744.231005] ? finish_task_switch+0x126/0x5d0 [ 1744.231751] ? finish_task_switch+0xef/0x5d0 [ 1744.232472] ? __switch_to+0x572/0xf70 [ 1744.233134] ? __switch_to_asm+0x3a/0x60 [ 1744.233819] ? __switch_to_asm+0x34/0x60 [ 1744.234505] ? __schedule+0x82c/0x1ea0 [ 1744.235143] ? io_schedule_timeout+0x140/0x140 [ 1744.235917] __sys_sendmmsg+0x195/0x470 [ 1744.236574] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1744.237249] ? lock_downgrade+0x6d0/0x6d0 [ 1744.237913] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.238673] ? wait_for_completion_io+0x270/0x270 [ 1744.239461] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.240243] ? vfs_write+0x354/0xb10 [ 1744.240834] ? fput_many+0x2f/0x1a0 [ 1744.241410] ? ksys_write+0x1a9/0x260 [ 1744.242021] ? __ia32_sys_read+0xb0/0xb0 [ 1744.242666] __x64_sys_sendmmsg+0x99/0x100 [ 1744.243323] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.244117] do_syscall_64+0x33/0x40 [ 1744.244690] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.245491] RIP: 0033:0x7fb74c37db19 [ 1744.246097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.249084] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1744.250320] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1744.251508] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1744.252668] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.253825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1744.254978] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1744.260282] FAULT_INJECTION: forcing a failure. [ 1744.260282] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.262959] CPU: 0 PID: 9604 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1744.264528] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.266427] Call Trace: [ 1744.267031] dump_stack+0x107/0x167 [ 1744.267872] should_fail.cold+0x5/0xa [ 1744.268740] ? io_wq_create+0x6ef/0xc00 07:12:28 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) [ 1744.269662] should_failslab+0x5/0x20 [ 1744.270695] kmem_cache_alloc_node_trace+0x59/0x340 [ 1744.271832] io_wq_create+0x6ef/0xc00 [ 1744.272702] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1744.273862] ? io_import_iovec+0x1120/0x1120 [ 1744.274854] ? io_apoll_task_func+0x2d0/0x2d0 [ 1744.275863] ? __io_req_find_next+0x300/0x300 [ 1744.276875] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1744.277987] __io_uring_add_tctx_node+0x2c6/0x520 [ 1744.279063] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1744.280266] __do_sys_io_uring_enter+0x146f/0x1890 [ 1744.281378] ? find_held_lock+0x2c/0x110 [ 1744.282313] ? io_submit_sqes+0x8610/0x8610 [ 1744.283298] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.284389] ? wait_for_completion_io+0x270/0x270 [ 1744.285484] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.286539] ? vfs_write+0x354/0xb10 [ 1744.287383] ? fput_many+0x2f/0x1a0 [ 1744.288211] ? ksys_write+0x1a9/0x260 [ 1744.289072] ? __ia32_sys_read+0xb0/0xb0 [ 1744.289999] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.291170] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.292343] do_syscall_64+0x33/0x40 [ 1744.293183] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.294352] RIP: 0033:0x7fddac2fab19 [ 1744.295204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.299414] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1744.301166] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1744.302810] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1744.304434] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.306077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1744.307710] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:12:28 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 95) [ 1744.391409] FAULT_INJECTION: forcing a failure. [ 1744.391409] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.392948] CPU: 1 PID: 9615 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1744.393833] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.394889] Call Trace: [ 1744.395223] dump_stack+0x107/0x167 [ 1744.395679] should_fail.cold+0x5/0xa [ 1744.396158] should_failslab+0x5/0x20 [ 1744.396634] __kmalloc_track_caller+0x79/0x370 [ 1744.397201] ? ip6_setup_cork+0x518/0x1740 [ 1744.397735] kmemdup+0x23/0x50 [ 1744.398135] ip6_setup_cork+0x518/0x1740 [ 1744.398647] ip6_make_skb+0x22c/0x4e0 [ 1744.399119] ? ip_frag_init+0x350/0x350 [ 1744.399613] ? ip6_push_pending_frames+0xf0/0xf0 [ 1744.400207] ? ip6_dst_hoplimit+0x199/0x440 [ 1744.400744] ? lock_downgrade+0x6d0/0x6d0 [ 1744.401271] udpv6_sendmsg+0x2128/0x2b40 [ 1744.401783] ? ip_frag_init+0x350/0x350 [ 1744.402282] ? udp_v6_push_pending_frames+0x360/0x360 [ 1744.402929] ? lock_acquire+0x197/0x470 [ 1744.403423] ? find_held_lock+0x2c/0x110 [ 1744.403932] ? lock_acquire+0x197/0x470 [ 1744.404424] ? find_held_lock+0x2c/0x110 [ 1744.404936] ? sock_has_perm+0x1ea/0x280 [ 1744.405460] ? __import_iovec+0x458/0x590 [ 1744.405977] ? udp_v6_push_pending_frames+0x360/0x360 [ 1744.406614] inet6_sendmsg+0x105/0x140 [ 1744.407095] ? inet6_compat_ioctl+0x320/0x320 [ 1744.407648] __sock_sendmsg+0xf2/0x190 [ 1744.408131] ____sys_sendmsg+0x334/0x870 [ 1744.408637] ? sock_write_iter+0x3d0/0x3d0 [ 1744.409158] ? do_recvmmsg+0x6d0/0x6d0 [ 1744.409648] ? __lock_acquire+0x1657/0x5b00 [ 1744.410192] ___sys_sendmsg+0xf3/0x170 [ 1744.410676] ? sendmsg_copy_msghdr+0x160/0x160 [ 1744.411240] ? vmacache_find+0x55/0x2a0 [ 1744.411738] ? lock_acquire+0x197/0x470 [ 1744.412226] ? find_held_lock+0x2c/0x110 [ 1744.412727] ? __might_fault+0xd3/0x180 [ 1744.413215] ? lock_downgrade+0x6d0/0x6d0 [ 1744.413747] ? asm_exc_page_fault+0x1e/0x30 [ 1744.414291] __sys_sendmmsg+0x195/0x470 [ 1744.414786] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1744.415314] ? lock_downgrade+0x6d0/0x6d0 [ 1744.415867] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.416636] ? wait_for_completion_io+0x270/0x270 [ 1744.417372] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.418048] ? vfs_write+0x354/0xb10 [ 1744.418595] ? fput_many+0x2f/0x1a0 [ 1744.419130] ? ksys_write+0x1a9/0x260 [ 1744.419648] ? __ia32_sys_read+0xb0/0xb0 [ 1744.420152] __x64_sys_sendmmsg+0x99/0x100 [ 1744.420696] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.421330] do_syscall_64+0x33/0x40 [ 1744.421863] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.422500] RIP: 0033:0x7fb74c37db19 [ 1744.422956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.425195] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1744.426128] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1744.427004] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1744.427869] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.428729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1744.429604] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:12:28 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:28 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xffffffea, 0x0, 0x0, 0x0) 07:12:28 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:28 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:28 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x11, 0x0, 0x0, 0x0) 07:12:28 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xeaffffff, 0x0, 0x0, 0x0) 07:12:28 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x36, 0x0, 0x0, 0x0) 07:12:41 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 96) 07:12:41 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) 07:12:41 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:12:41 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xffffffea, 0x0, 0x0, 0x0) 07:12:41 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xe, 0x0, 0x0) 07:12:41 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:41 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:41 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xe00, 0x0, 0x0, 0x0) [ 1757.672906] FAULT_INJECTION: forcing a failure. [ 1757.672906] name failslab, interval 1, probability 0, space 0, times 0 [ 1757.675489] CPU: 0 PID: 9645 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1757.676969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1757.678778] Call Trace: [ 1757.679352] dump_stack+0x107/0x167 [ 1757.680146] should_fail.cold+0x5/0xa [ 1757.680981] ? create_object.isra.0+0x3a/0xa20 [ 1757.681985] should_failslab+0x5/0x20 [ 1757.682816] kmem_cache_alloc+0x5b/0x310 [ 1757.683705] create_object.isra.0+0x3a/0xa20 [ 1757.684664] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1757.685779] kmem_cache_alloc_node+0x169/0x330 [ 1757.686774] __alloc_skb+0x6d/0x5b0 [ 1757.687567] alloc_skb_with_frags+0x92/0x570 [ 1757.688533] sock_alloc_send_pskb+0x7af/0x930 [ 1757.689512] ? sk_alloc+0x350/0x350 [ 1757.690317] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1757.691449] ? SOFTIRQ_verbose+0x10/0x10 [ 1757.692321] ? lock_release+0x680/0x680 [ 1757.693175] ? find_held_lock+0x2c/0x110 [ 1757.694062] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1757.695153] ? ip_frag_init+0x350/0x350 [ 1757.696023] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1757.697182] ? trace_hardirqs_on+0x5b/0x180 [ 1757.698122] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1757.699170] ip6_make_skb+0x2df/0x4e0 [ 1757.699992] ? ip_frag_init+0x350/0x350 [ 1757.700852] ? ip_frag_init+0x350/0x350 [ 1757.701774] ? ip6_push_pending_frames+0xf0/0xf0 [ 1757.702808] ? ip6_dst_hoplimit+0x199/0x440 [ 1757.703750] ? lock_downgrade+0x6d0/0x6d0 [ 1757.704673] udpv6_sendmsg+0x2128/0x2b40 [ 1757.705559] ? ip_frag_init+0x350/0x350 [ 1757.706448] ? udp_v6_push_pending_frames+0x360/0x360 [ 1757.707575] ? perf_event_task_disable+0x390/0x390 [ 1757.708649] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1757.709707] ? lock_acquire+0x197/0x470 [ 1757.710572] ? find_held_lock+0x2c/0x110 [ 1757.711471] ? sock_has_perm+0x1ea/0x280 [ 1757.712381] ? __import_iovec+0x458/0x590 [ 1757.713285] ? udp_v6_push_pending_frames+0x360/0x360 [ 1757.714419] inet6_sendmsg+0x105/0x140 [ 1757.715265] ? inet6_compat_ioctl+0x320/0x320 [ 1757.716246] __sock_sendmsg+0xf2/0x190 [ 1757.717096] ____sys_sendmsg+0x334/0x870 [ 1757.717998] ? sock_write_iter+0x3d0/0x3d0 [ 1757.718919] ? do_recvmmsg+0x6d0/0x6d0 [ 1757.719765] ? __lock_acquire+0x1657/0x5b00 [ 1757.720715] ___sys_sendmsg+0xf3/0x170 [ 1757.721564] ? sendmsg_copy_msghdr+0x160/0x160 [ 1757.722569] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1757.723546] ? _raw_spin_unlock_irq+0x27/0x30 [ 1757.724531] ? lock_acquire+0x197/0x470 [ 1757.725396] ? find_held_lock+0x2c/0x110 [ 1757.726289] ? __might_fault+0xd3/0x180 [ 1757.727147] ? lock_downgrade+0x6d0/0x6d0 [ 1757.728062] __sys_sendmmsg+0x195/0x470 [ 1757.728929] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1757.729865] ? lock_downgrade+0x6d0/0x6d0 [ 1757.730775] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1757.731817] ? wait_for_completion_io+0x270/0x270 [ 1757.732859] ? rcu_read_lock_any_held+0x75/0xa0 [ 1757.733869] ? vfs_write+0x354/0xb10 [ 1757.734672] ? fput_many+0x2f/0x1a0 [ 1757.735459] ? ksys_write+0x1a9/0x260 [ 1757.736281] ? __ia32_sys_read+0xb0/0xb0 [ 1757.737169] __x64_sys_sendmmsg+0x99/0x100 [ 1757.738091] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1757.739202] do_syscall_64+0x33/0x40 [ 1757.740011] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1757.741116] RIP: 0033:0x7fb74c37db19 [ 1757.741940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1757.745936] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1757.747587] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1757.749132] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1757.750685] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1757.752229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1757.753779] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1757.757726] FAULT_INJECTION: forcing a failure. [ 1757.757726] name failslab, interval 1, probability 0, space 0, times 0 [ 1757.760187] CPU: 0 PID: 9664 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1757.761678] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1757.763481] Call Trace: [ 1757.764054] dump_stack+0x107/0x167 [ 1757.764856] should_fail.cold+0x5/0xa [ 1757.765690] ? __io_uring_add_tctx_node+0x15c/0x520 [ 1757.766768] should_failslab+0x5/0x20 [ 1757.767592] kmem_cache_alloc_trace+0x55/0x320 [ 1757.768576] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1757.769631] __io_uring_add_tctx_node+0x15c/0x520 [ 1757.770674] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1757.771821] __do_sys_io_uring_enter+0x146f/0x1890 [ 1757.772885] ? find_held_lock+0x2c/0x110 [ 1757.773776] ? io_submit_sqes+0x8610/0x8610 [ 1757.774715] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1757.775758] ? wait_for_completion_io+0x270/0x270 [ 1757.776803] ? rcu_read_lock_any_held+0x75/0xa0 [ 1757.777820] ? vfs_write+0x354/0xb10 [ 1757.778627] ? fput_many+0x2f/0x1a0 [ 1757.779416] ? ksys_write+0x1a9/0x260 [ 1757.780241] ? __ia32_sys_read+0xb0/0xb0 [ 1757.781124] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1757.782266] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1757.783384] do_syscall_64+0x33/0x40 [ 1757.784190] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1757.785297] RIP: 0033:0x7fddac2fab19 [ 1757.786111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1757.790113] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1757.791766] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1757.793316] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1757.794880] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1757.796434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1757.797998] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:12:42 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:42 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:42 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x1100, 0x0, 0x0, 0x0) 07:12:42 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x9, 0x0, 0x0) 07:12:42 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x11, 0x0, 0x0) 07:12:42 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:12:42 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 97) [ 1758.104459] FAULT_INJECTION: forcing a failure. [ 1758.104459] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.106995] CPU: 0 PID: 9686 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1758.108477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.110293] Call Trace: [ 1758.110871] dump_stack+0x107/0x167 [ 1758.111668] should_fail.cold+0x5/0xa [ 1758.112503] ? __alloc_skb+0x6d/0x5b0 [ 1758.113336] should_failslab+0x5/0x20 [ 1758.114175] kmem_cache_alloc_node+0x55/0x330 [ 1758.115159] __alloc_skb+0x6d/0x5b0 [ 1758.115962] alloc_skb_with_frags+0x92/0x570 [ 1758.116935] sock_alloc_send_pskb+0x7af/0x930 [ 1758.117937] ? sk_alloc+0x350/0x350 [ 1758.118741] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1758.119883] ? SOFTIRQ_verbose+0x10/0x10 [ 1758.120771] ? lock_release+0x680/0x680 [ 1758.121645] ? find_held_lock+0x2c/0x110 [ 1758.122535] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1758.123640] ? ip_frag_init+0x350/0x350 [ 1758.124521] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1758.125572] ? ip6_mtu+0x1e9/0x3d0 [ 1758.126354] ? ip6_setup_cork+0xfb7/0x1740 [ 1758.127278] ip6_make_skb+0x2df/0x4e0 [ 1758.128108] ? ip_frag_init+0x350/0x350 [ 1758.128982] ? ip_frag_init+0x350/0x350 [ 1758.129860] ? ip6_push_pending_frames+0xf0/0xf0 [ 1758.130881] ? ip6_dst_hoplimit+0x199/0x440 [ 1758.131797] ? lock_downgrade+0x6d0/0x6d0 [ 1758.132692] udpv6_sendmsg+0x2128/0x2b40 [ 1758.133561] ? ip_frag_init+0x350/0x350 [ 1758.134424] ? udp_v6_push_pending_frames+0x360/0x360 [ 1758.135529] ? perf_event_task_disable+0x390/0x390 [ 1758.136579] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1758.137621] ? lock_acquire+0x197/0x470 [ 1758.138464] ? find_held_lock+0x2c/0x110 [ 1758.139341] ? sock_has_perm+0x1ea/0x280 [ 1758.140235] ? __import_iovec+0x458/0x590 [ 1758.141115] ? udp_v6_push_pending_frames+0x360/0x360 [ 1758.142221] inet6_sendmsg+0x105/0x140 [ 1758.143045] ? inet6_compat_ioctl+0x320/0x320 [ 1758.143995] __sock_sendmsg+0xf2/0x190 [ 1758.144822] ____sys_sendmsg+0x334/0x870 [ 1758.145694] ? sock_write_iter+0x3d0/0x3d0 [ 1758.146591] ? do_recvmmsg+0x6d0/0x6d0 [ 1758.147420] ? __lock_acquire+0x1657/0x5b00 [ 1758.148350] ___sys_sendmsg+0xf3/0x170 [ 1758.149181] ? sendmsg_copy_msghdr+0x160/0x160 [ 1758.150162] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1758.151112] ? _raw_spin_unlock_irq+0x27/0x30 [ 1758.152071] ? lock_acquire+0x197/0x470 [ 1758.152921] ? find_held_lock+0x2c/0x110 [ 1758.153802] ? __might_fault+0xd3/0x180 [ 1758.154650] ? lock_downgrade+0x6d0/0x6d0 [ 1758.155555] __sys_sendmmsg+0x195/0x470 [ 1758.156406] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1758.157323] ? lock_downgrade+0x6d0/0x6d0 [ 1758.158235] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1758.159261] ? wait_for_completion_io+0x270/0x270 [ 1758.160277] ? rcu_read_lock_any_held+0x75/0xa0 [ 1758.161266] ? vfs_write+0x354/0xb10 [ 1758.162073] ? fput_many+0x2f/0x1a0 [ 1758.162851] ? ksys_write+0x1a9/0x260 [ 1758.163663] ? __ia32_sys_read+0xb0/0xb0 [ 1758.164535] __x64_sys_sendmmsg+0x99/0x100 [ 1758.165440] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.166540] do_syscall_64+0x33/0x40 [ 1758.167328] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.168415] RIP: 0033:0x7fb74c37db19 [ 1758.169199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.173110] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1758.174737] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1758.176251] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1758.177773] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.179284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1758.180797] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:12:55 executing program 1: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:55 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 98) 07:12:55 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:12:55 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) 07:12:56 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x36, 0x0, 0x0) 07:12:56 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) 07:12:56 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:56 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x900, 0x0, 0x0) 07:12:56 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1771.759831] FAULT_INJECTION: forcing a failure. [ 1771.759831] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.761740] CPU: 1 PID: 9710 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1771.762830] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.764156] Call Trace: [ 1771.764590] dump_stack+0x107/0x167 [ 1771.765181] should_fail.cold+0x5/0xa [ 1771.765800] ? create_object.isra.0+0x3a/0xa20 [ 1771.766397] FAULT_INJECTION: forcing a failure. [ 1771.766397] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.766522] should_failslab+0x5/0x20 [ 1771.766537] kmem_cache_alloc+0x5b/0x310 [ 1771.766570] create_object.isra.0+0x3a/0xa20 [ 1771.771041] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1771.771851] kmem_cache_alloc_trace+0x151/0x320 [ 1771.772578] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1771.773354] __io_uring_add_tctx_node+0x15c/0x520 [ 1771.774130] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1771.774979] __do_sys_io_uring_enter+0x146f/0x1890 [ 1771.775756] ? find_held_lock+0x2c/0x110 [ 1771.776399] ? io_submit_sqes+0x8610/0x8610 [ 1771.777063] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1771.777841] ? wait_for_completion_io+0x270/0x270 [ 1771.778599] ? rcu_read_lock_any_held+0x75/0xa0 [ 1771.779357] ? vfs_write+0x354/0xb10 [ 1771.779945] ? fput_many+0x2f/0x1a0 [ 1771.780528] ? ksys_write+0x1a9/0x260 [ 1771.781132] ? __ia32_sys_read+0xb0/0xb0 [ 1771.781785] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1771.782607] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1771.783421] do_syscall_64+0x33/0x40 [ 1771.784007] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.784832] RIP: 0033:0x7fddac2fab19 [ 1771.785410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.788379] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1771.789579] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1771.790698] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1771.791832] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.792953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1771.794103] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 [ 1771.795252] CPU: 0 PID: 9702 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1771.796868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.798841] Call Trace: [ 1771.799461] dump_stack+0x107/0x167 07:12:56 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) [ 1771.800321] should_fail.cold+0x5/0xa [ 1771.801337] ? create_object.isra.0+0x3a/0xa20 [ 1771.802407] should_failslab+0x5/0x20 [ 1771.803283] kmem_cache_alloc+0x5b/0x310 [ 1771.804238] create_object.isra.0+0x3a/0xa20 [ 1771.805252] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1771.806441] kmem_cache_alloc_trace+0x151/0x320 [ 1771.807518] ip6_setup_cork+0x1e4/0x1740 [ 1771.808467] ip6_make_skb+0x22c/0x4e0 [ 1771.809346] ? ip_frag_init+0x350/0x350 [ 1771.810282] ? ip6_push_pending_frames+0xf0/0xf0 [ 1771.811382] ? ip6_dst_hoplimit+0x199/0x440 [ 1771.812382] ? lock_downgrade+0x6d0/0x6d0 [ 1771.813365] udpv6_sendmsg+0x2128/0x2b40 [ 1771.814317] ? ip_frag_init+0x350/0x350 [ 1771.815250] ? udp_v6_push_pending_frames+0x360/0x360 [ 1771.816447] ? perf_event_task_disable+0x390/0x390 [ 1771.817589] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1771.818720] ? lock_acquire+0x197/0x470 [ 1771.819635] ? find_held_lock+0x2c/0x110 [ 1771.820590] ? sock_has_perm+0x1ea/0x280 [ 1771.821567] ? __import_iovec+0x458/0x590 [ 1771.822544] ? udp_v6_push_pending_frames+0x360/0x360 [ 1771.823742] inet6_sendmsg+0x105/0x140 [ 1771.824648] ? inet6_compat_ioctl+0x320/0x320 [ 1771.825689] __sock_sendmsg+0xf2/0x190 [ 1771.826608] ____sys_sendmsg+0x334/0x870 [ 1771.827549] ? sock_write_iter+0x3d0/0x3d0 [ 1771.828515] ? do_recvmmsg+0x6d0/0x6d0 [ 1771.829425] ? __lock_acquire+0x1657/0x5b00 [ 1771.830439] ___sys_sendmsg+0xf3/0x170 [ 1771.831344] ? sendmsg_copy_msghdr+0x160/0x160 [ 1771.832418] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1771.833452] ? _raw_spin_unlock_irq+0x27/0x30 [ 1771.834507] ? lock_acquire+0x197/0x470 [ 1771.835431] ? find_held_lock+0x2c/0x110 [ 1771.836374] ? __might_fault+0xd3/0x180 [ 1771.837280] ? lock_downgrade+0x6d0/0x6d0 [ 1771.838263] __sys_sendmmsg+0x195/0x470 [ 1771.839176] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1771.840162] ? lock_downgrade+0x6d0/0x6d0 [ 1771.841125] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1771.842239] ? wait_for_completion_io+0x270/0x270 [ 1771.843344] ? rcu_read_lock_any_held+0x75/0xa0 [ 1771.844412] ? vfs_write+0x354/0xb10 [ 1771.845270] ? fput_many+0x2f/0x1a0 [ 1771.846123] ? ksys_write+0x1a9/0x260 [ 1771.847001] ? __ia32_sys_read+0xb0/0xb0 [ 1771.847938] __x64_sys_sendmmsg+0x99/0x100 [ 1771.848905] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1771.850086] do_syscall_64+0x33/0x40 [ 1771.850939] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.852109] RIP: 0033:0x7fb74c37db19 [ 1771.852961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.857173] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1771.858931] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1771.860564] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1771.862209] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.863848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1771.865495] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 07:12:56 executing program 1: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:56 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:12:56 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x3600, 0x0, 0x0, 0x0) 07:12:56 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xe00, 0x0, 0x0) 07:12:56 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:12:56 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0) 07:13:10 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) 07:13:10 executing program 1: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:10 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 99) 07:13:10 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x10012, 0x0, 0x0, 0x0) 07:13:10 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x1100, 0x0, 0x0) 07:13:10 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:10 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x9000000, 0x0, 0x0) 07:13:10 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) [ 1786.441793] FAULT_INJECTION: forcing a failure. [ 1786.441793] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.443619] CPU: 1 PID: 9744 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1786.444657] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.445932] Call Trace: [ 1786.446336] dump_stack+0x107/0x167 [ 1786.446883] should_fail.cold+0x5/0xa [ 1786.447453] ? create_object.isra.0+0x3a/0xa20 [ 1786.448137] should_failslab+0x5/0x20 [ 1786.448708] kmem_cache_alloc+0x5b/0x310 [ 1786.449321] create_object.isra.0+0x3a/0xa20 [ 1786.450008] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.450782] kmem_cache_alloc_node+0x169/0x330 [ 1786.451482] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.452262] __alloc_skb+0x6d/0x5b0 [ 1786.452816] alloc_skb_with_frags+0x92/0x570 [ 1786.453480] sock_alloc_send_pskb+0x7af/0x930 [ 1786.454184] ? sk_alloc+0x350/0x350 [ 1786.454746] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1786.455532] ? SOFTIRQ_verbose+0x10/0x10 [ 1786.456146] ? find_held_lock+0x2c/0x110 [ 1786.456773] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1786.457527] ? ip_frag_init+0x350/0x350 [ 1786.458148] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1786.458868] ? ip6_mtu+0x1e9/0x3d0 07:13:10 executing program 1: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1786.459396] ? ip6_setup_cork+0xfb7/0x1740 [ 1786.460266] ip6_make_skb+0x2df/0x4e0 [ 1786.460847] ? ip_frag_init+0x350/0x350 [ 1786.461443] ? ip_frag_init+0x350/0x350 [ 1786.462055] ? ip6_push_pending_frames+0xf0/0xf0 [ 1786.462768] ? ip6_dst_hoplimit+0x199/0x440 [ 1786.463428] ? lock_downgrade+0x6d0/0x6d0 [ 1786.464085] udpv6_sendmsg+0x2128/0x2b40 [ 1786.464712] ? ip_frag_init+0x350/0x350 [ 1786.465348] ? udp_v6_push_pending_frames+0x360/0x360 [ 1786.466152] ? perf_event_task_disable+0x390/0x390 [ 1786.466886] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1786.467605] ? lock_acquire+0x197/0x470 [ 1786.468191] ? find_held_lock+0x2c/0x110 [ 1786.468810] ? sock_has_perm+0x1ea/0x280 [ 1786.469448] ? __import_iovec+0x458/0x590 [ 1786.470084] ? udp_v6_push_pending_frames+0x360/0x360 [ 1786.470842] inet6_sendmsg+0x105/0x140 [ 1786.471413] ? inet6_compat_ioctl+0x320/0x320 [ 1786.472073] __sock_sendmsg+0xf2/0x190 [ 1786.472653] ____sys_sendmsg+0x334/0x870 [ 1786.473252] ? sock_write_iter+0x3d0/0x3d0 [ 1786.473884] ? do_recvmmsg+0x6d0/0x6d0 [ 1786.474469] ? __lock_acquire+0x1657/0x5b00 [ 1786.475121] ___sys_sendmsg+0xf3/0x170 [ 1786.475706] ? sendmsg_copy_msghdr+0x160/0x160 [ 1786.476399] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1786.477066] ? _raw_spin_unlock_irq+0x27/0x30 [ 1786.477736] ? lock_acquire+0x197/0x470 [ 1786.478330] ? find_held_lock+0x2c/0x110 [ 1786.478933] ? __might_fault+0xd3/0x180 [ 1786.479535] ? lock_downgrade+0x6d0/0x6d0 [ 1786.480169] __sys_sendmmsg+0x195/0x470 [ 1786.480770] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1786.481418] ? lock_downgrade+0x6d0/0x6d0 [ 1786.482051] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1786.482757] ? wait_for_completion_io+0x270/0x270 [ 1786.483476] ? rcu_read_lock_any_held+0x75/0xa0 [ 1786.484164] ? vfs_write+0x354/0xb10 [ 1786.484715] ? fput_many+0x2f/0x1a0 [ 1786.485278] ? ksys_write+0x1a9/0x260 [ 1786.485848] ? __ia32_sys_read+0xb0/0xb0 [ 1786.486470] __x64_sys_sendmmsg+0x99/0x100 [ 1786.487093] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.487865] do_syscall_64+0x33/0x40 [ 1786.488414] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.489176] RIP: 0033:0x7fb74c37db19 [ 1786.489725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.492449] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1786.493583] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1786.494643] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1786.495692] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1786.496754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1786.497811] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1786.499821] FAULT_INJECTION: forcing a failure. [ 1786.499821] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.501773] CPU: 1 PID: 9765 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1786.502793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.504012] Call Trace: [ 1786.504410] dump_stack+0x107/0x167 [ 1786.504948] should_fail.cold+0x5/0xa [ 1786.505508] ? xas_alloc+0x336/0x440 [ 1786.506062] should_failslab+0x5/0x20 [ 1786.506616] kmem_cache_alloc+0x5b/0x310 [ 1786.507217] ? stack_trace_consume_entry+0x160/0x160 [ 1786.507964] xas_alloc+0x336/0x440 [ 1786.508485] xas_create+0x34a/0x10d0 [ 1786.509051] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1786.509816] xas_store+0x8c/0x1c40 [ 1786.510369] __xa_store+0x164/0x2d0 [ 1786.510903] ? xa_delete_node+0x280/0x280 [ 1786.511518] ? trace_hardirqs_on+0x5b/0x180 [ 1786.512150] xa_store+0x31/0x50 [ 1786.512637] __io_uring_add_tctx_node+0x1cf/0x520 [ 1786.513348] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1786.514132] __do_sys_io_uring_enter+0x146f/0x1890 [ 1786.514854] ? find_held_lock+0x2c/0x110 [ 1786.515464] ? io_submit_sqes+0x8610/0x8610 [ 1786.516100] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1786.516807] ? wait_for_completion_io+0x270/0x270 [ 1786.517518] ? rcu_read_lock_any_held+0x75/0xa0 [ 1786.518201] ? vfs_write+0x354/0xb10 [ 1786.518743] ? fput_many+0x2f/0x1a0 [ 1786.519279] ? ksys_write+0x1a9/0x260 [ 1786.519837] ? __ia32_sys_read+0xb0/0xb0 [ 1786.520435] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.521201] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.521962] do_syscall_64+0x33/0x40 [ 1786.522520] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.523264] RIP: 0033:0x7fddac2fab19 [ 1786.523814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.526512] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1786.527621] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1786.528660] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1786.529696] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1786.530752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1786.531795] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 [ 1786.547205] FAULT_INJECTION: forcing a failure. [ 1786.547205] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.550135] CPU: 0 PID: 9756 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1786.551642] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.553739] Call Trace: [ 1786.554367] dump_stack+0x107/0x167 [ 1786.555295] should_fail.cold+0x5/0xa [ 1786.556205] should_failslab+0x5/0x20 [ 1786.557190] kmem_cache_alloc_bulk+0x4b/0x320 [ 1786.558208] io_submit_sqes+0x6fe6/0x8610 [ 1786.559306] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1786.560390] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1786.561597] ? find_held_lock+0x2c/0x110 [ 1786.562440] ? io_submit_sqes+0x8610/0x8610 [ 1786.563325] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1786.564303] ? wait_for_completion_io+0x270/0x270 [ 1786.565293] ? rcu_read_lock_any_held+0x75/0xa0 [ 1786.566279] ? vfs_write+0x354/0xb10 [ 1786.567062] ? fput_many+0x2f/0x1a0 [ 1786.567983] ? ksys_write+0x1a9/0x260 [ 1786.568769] ? __ia32_sys_read+0xb0/0xb0 [ 1786.569600] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.570688] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.571778] do_syscall_64+0x33/0x40 [ 1786.572733] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.573824] RIP: 0033:0x7f9b3748ab19 [ 1786.574593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.578361] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1786.579925] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1786.581384] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1786.582864] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1786.584431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1786.586263] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 07:13:10 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 07:13:10 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) (fail_nth: 100) 07:13:10 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:10 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) 07:13:10 executing program 1: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:10 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 07:13:11 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x34000, 0x0, 0x0, 0x0) [ 1786.694014] FAULT_INJECTION: forcing a failure. [ 1786.694014] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.695719] CPU: 1 PID: 9773 Comm: syz-executor.6 Not tainted 5.10.240 #1 [ 1786.696676] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.697824] Call Trace: [ 1786.698203] dump_stack+0x107/0x167 [ 1786.698715] should_fail.cold+0x5/0xa [ 1786.699250] ? create_object.isra.0+0x3a/0xa20 [ 1786.699885] should_failslab+0x5/0x20 [ 1786.700411] kmem_cache_alloc+0x5b/0x310 [ 1786.700972] create_object.isra.0+0x3a/0xa20 [ 1786.701576] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.702284] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1786.702982] ? alloc_skb_with_frags+0x92/0x570 [ 1786.703614] __alloc_skb+0xb1/0x5b0 [ 1786.704116] alloc_skb_with_frags+0x92/0x570 [ 1786.704729] sock_alloc_send_pskb+0x7af/0x930 [ 1786.705350] ? sk_alloc+0x350/0x350 [ 1786.705855] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1786.706579] ? SOFTIRQ_verbose+0x10/0x10 [ 1786.707135] ? lock_release+0x680/0x680 [ 1786.707677] ? find_held_lock+0x2c/0x110 [ 1786.708236] __ip6_append_data.isra.0+0x1cd4/0x3b90 [ 1786.708933] ? ip_frag_init+0x350/0x350 [ 1786.709494] ? ip6_sk_dst_lookup_flow+0x6f0/0x6f0 [ 1786.710162] ? ip6_mtu+0x1e9/0x3d0 [ 1786.710648] ? ip6_setup_cork+0xfb7/0x1740 [ 1786.711227] ip6_make_skb+0x2df/0x4e0 [ 1786.711750] ? ip_frag_init+0x350/0x350 [ 1786.712297] ? ip_frag_init+0x350/0x350 [ 1786.712837] ? ip6_push_pending_frames+0xf0/0xf0 [ 1786.713486] ? ip6_dst_hoplimit+0x199/0x440 [ 1786.714080] ? lock_downgrade+0x6d0/0x6d0 [ 1786.714655] udpv6_sendmsg+0x2128/0x2b40 [ 1786.715212] ? ip_frag_init+0x350/0x350 [ 1786.715765] ? udp_v6_push_pending_frames+0x360/0x360 [ 1786.716470] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.717213] ? lock_acquire+0x197/0x470 [ 1786.717753] ? find_held_lock+0x2c/0x110 [ 1786.718323] ? sock_has_perm+0x1ea/0x280 [ 1786.718894] ? __import_iovec+0x458/0x590 [ 1786.719460] ? udp_v6_push_pending_frames+0x360/0x360 [ 1786.720174] inet6_sendmsg+0x105/0x140 [ 1786.720705] ? inet6_compat_ioctl+0x320/0x320 [ 1786.721315] __sock_sendmsg+0xf2/0x190 [ 1786.721857] ____sys_sendmsg+0x334/0x870 [ 1786.722418] ? sock_write_iter+0x3d0/0x3d0 [ 1786.722999] ? do_recvmmsg+0x6d0/0x6d0 [ 1786.723538] ? __lock_acquire+0x1657/0x5b00 [ 1786.724134] ___sys_sendmsg+0xf3/0x170 [ 1786.724665] ? sendmsg_copy_msghdr+0x160/0x160 [ 1786.725285] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.726021] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1786.726631] ? trace_hardirqs_on+0x5b/0x180 [ 1786.727225] ? lock_acquire+0x197/0x470 [ 1786.727764] ? find_held_lock+0x2c/0x110 [ 1786.728323] ? __might_fault+0xd3/0x180 [ 1786.728864] ? lock_downgrade+0x6d0/0x6d0 [ 1786.729445] __sys_sendmmsg+0x195/0x470 [ 1786.729995] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1786.730582] ? lock_downgrade+0x6d0/0x6d0 [ 1786.731173] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1786.731834] ? wait_for_completion_io+0x270/0x270 [ 1786.732493] ? rcu_read_lock_any_held+0x75/0xa0 [ 1786.733129] ? vfs_write+0x354/0xb10 [ 1786.733632] ? fput_many+0x2f/0x1a0 [ 1786.734135] ? ksys_write+0x1a9/0x260 [ 1786.734653] ? __ia32_sys_read+0xb0/0xb0 [ 1786.735206] __x64_sys_sendmmsg+0x99/0x100 [ 1786.735778] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.736484] do_syscall_64+0x33/0x40 [ 1786.736991] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.737687] RIP: 0033:0x7fb74c37db19 [ 1786.738197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.740671] RSP: 002b:00007fb7498f3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1786.741699] RAX: ffffffffffffffda RBX: 00007fb74c490f60 RCX: 00007fb74c37db19 [ 1786.742670] RDX: 0400000000000070 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1786.743626] RBP: 00007fb7498f31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1786.744593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1786.745555] R13: 00007fff42ae589f R14: 00007fb7498f3300 R15: 0000000000022000 [ 1786.813332] FAULT_INJECTION: forcing a failure. [ 1786.813332] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.814916] CPU: 1 PID: 9786 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1786.815804] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.816899] Call Trace: [ 1786.817256] dump_stack+0x107/0x167 [ 1786.817740] should_fail.cold+0x5/0xa [ 1786.818251] ? create_object.isra.0+0x3a/0xa20 [ 1786.818851] should_failslab+0x5/0x20 [ 1786.819362] kmem_cache_alloc+0x5b/0x310 [ 1786.819907] create_object.isra.0+0x3a/0xa20 [ 1786.820491] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.821165] kmem_cache_alloc_bulk+0x168/0x320 [ 1786.821780] io_submit_sqes+0x6fe6/0x8610 [ 1786.822349] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1786.822998] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1786.823631] ? find_held_lock+0x2c/0x110 [ 1786.824175] ? io_submit_sqes+0x8610/0x8610 [ 1786.824740] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1786.825366] ? wait_for_completion_io+0x270/0x270 [ 1786.826000] ? rcu_read_lock_any_held+0x75/0xa0 [ 1786.826603] ? vfs_write+0x354/0xb10 [ 1786.827087] ? fput_many+0x2f/0x1a0 [ 1786.827565] ? ksys_write+0x1a9/0x260 [ 1786.828061] ? __ia32_sys_read+0xb0/0xb0 [ 1786.828595] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.829289] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.829970] do_syscall_64+0x33/0x40 [ 1786.830460] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.831128] RIP: 0033:0x7f9b3748ab19 [ 1786.831620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.834050] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1786.835059] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1786.835995] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1786.836920] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1786.837858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1786.838794] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 07:13:24 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000070, 0x0) 07:13:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, 0x0, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:24 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xeaffffff, 0x0, 0x0) 07:13:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3600, 0x0, 0x0) 07:13:24 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) 07:13:24 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) 07:13:24 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:24 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x400300, 0x0, 0x0, 0x0) [ 1800.312159] FAULT_INJECTION: forcing a failure. [ 1800.312159] name failslab, interval 1, probability 0, space 0, times 0 [ 1800.313781] CPU: 1 PID: 9801 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1800.314700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1800.315799] Call Trace: [ 1800.316154] dump_stack+0x107/0x167 [ 1800.316636] should_fail.cold+0x5/0xa [ 1800.317151] ? create_object.isra.0+0x3a/0xa20 [ 1800.317763] should_failslab+0x5/0x20 [ 1800.318265] kmem_cache_alloc+0x5b/0x310 [ 1800.318806] ? mark_held_locks+0x9e/0xe0 [ 1800.319345] create_object.isra.0+0x3a/0xa20 [ 1800.319921] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1800.320588] kmem_cache_alloc_bulk+0x168/0x320 [ 1800.321197] io_submit_sqes+0x6fe6/0x8610 [ 1800.321769] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1800.322431] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1800.323064] ? find_held_lock+0x2c/0x110 [ 1800.323600] ? io_submit_sqes+0x8610/0x8610 [ 1800.324172] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1800.324806] ? wait_for_completion_io+0x270/0x270 [ 1800.325447] ? rcu_read_lock_any_held+0x75/0xa0 [ 1800.326067] ? vfs_write+0x354/0xb10 [ 1800.326558] ? fput_many+0x2f/0x1a0 [ 1800.327039] ? ksys_write+0x1a9/0x260 [ 1800.327547] ? __ia32_sys_read+0xb0/0xb0 [ 1800.328092] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1800.328786] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1800.329478] do_syscall_64+0x33/0x40 [ 1800.329978] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1800.330668] RIP: 0033:0x7f9b3748ab19 [ 1800.331158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1800.333583] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1800.334585] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1800.335543] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1800.336484] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1800.337418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1800.338360] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 [ 1800.357967] FAULT_INJECTION: forcing a failure. [ 1800.357967] name failslab, interval 1, probability 0, space 0, times 0 [ 1800.359493] CPU: 1 PID: 9812 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1800.360394] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1800.361483] Call Trace: [ 1800.361826] dump_stack+0x107/0x167 [ 1800.362311] should_fail.cold+0x5/0xa [ 1800.362819] ? xas_alloc+0x336/0x440 [ 1800.363304] should_failslab+0x5/0x20 [ 1800.363795] kmem_cache_alloc+0x5b/0x310 [ 1800.364333] ? stack_trace_consume_entry+0x160/0x160 [ 1800.364996] xas_alloc+0x336/0x440 [ 1800.365459] xas_create+0x34a/0x10d0 [ 1800.365952] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1800.366644] xas_store+0x8c/0x1c40 [ 1800.367120] __xa_store+0x164/0x2d0 [ 1800.367600] ? xa_delete_node+0x280/0x280 [ 1800.368146] ? trace_hardirqs_on+0x5b/0x180 [ 1800.368728] xa_store+0x31/0x50 [ 1800.369165] __io_uring_add_tctx_node+0x1cf/0x520 [ 1800.369798] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1800.370499] __do_sys_io_uring_enter+0x146f/0x1890 [ 1800.371137] ? find_held_lock+0x2c/0x110 [ 1800.371676] ? io_submit_sqes+0x8610/0x8610 [ 1800.372244] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1800.372871] ? wait_for_completion_io+0x270/0x270 [ 1800.373507] ? rcu_read_lock_any_held+0x75/0xa0 [ 1800.374136] ? vfs_write+0x354/0xb10 [ 1800.374621] ? fput_many+0x2f/0x1a0 [ 1800.375097] ? ksys_write+0x1a9/0x260 [ 1800.375593] ? __ia32_sys_read+0xb0/0xb0 [ 1800.376126] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1800.376818] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1800.377499] do_syscall_64+0x33/0x40 [ 1800.377990] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1800.378657] RIP: 0033:0x7fddac2fab19 [ 1800.379141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1800.381524] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1800.382514] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1800.383428] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1800.384354] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1800.385290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1800.386214] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:13:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:24 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) 07:13:24 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x10012, 0x0, 0x0) 07:13:24 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1800.444293] FAULT_INJECTION: forcing a failure. [ 1800.444293] name failslab, interval 1, probability 0, space 0, times 0 [ 1800.445831] CPU: 1 PID: 9816 Comm: syz-executor.5 Not tainted 5.10.240 #1 07:13:24 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0) [ 1800.446685] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1800.447902] Call Trace: [ 1800.448234] dump_stack+0x107/0x167 [ 1800.448683] should_fail.cold+0x5/0xa [ 1800.449158] ? create_object.isra.0+0x3a/0xa20 [ 1800.449722] should_failslab+0x5/0x20 [ 1800.450210] kmem_cache_alloc+0x5b/0x310 [ 1800.450712] ? mark_held_locks+0x9e/0xe0 [ 1800.451225] create_object.isra.0+0x3a/0xa20 [ 1800.451767] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1800.452393] kmem_cache_alloc_bulk+0x168/0x320 [ 1800.452963] io_submit_sqes+0x6fe6/0x8610 [ 1800.453496] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1800.454119] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1800.454714] ? find_held_lock+0x2c/0x110 [ 1800.455221] ? io_submit_sqes+0x8610/0x8610 [ 1800.455754] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1800.456348] ? wait_for_completion_io+0x270/0x270 [ 1800.456944] ? rcu_read_lock_any_held+0x75/0xa0 [ 1800.457511] ? vfs_write+0x354/0xb10 [ 1800.457967] ? fput_many+0x2f/0x1a0 [ 1800.458422] ? ksys_write+0x1a9/0x260 [ 1800.458895] ? __ia32_sys_read+0xb0/0xb0 [ 1800.459396] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1800.460039] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1800.460668] do_syscall_64+0x33/0x40 [ 1800.461125] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1800.461751] RIP: 0033:0x7f9b3748ab19 [ 1800.462217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1800.464463] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1800.465391] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1800.466270] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1800.467149] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1800.468022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1800.468895] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 07:13:24 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xffffffea, 0x0, 0x0) 07:13:24 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:24 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:24 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000002, 0x0) 07:13:24 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) 07:13:24 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1800.598986] FAULT_INJECTION: forcing a failure. [ 1800.598986] name failslab, interval 1, probability 0, space 0, times 0 [ 1800.600366] CPU: 1 PID: 9835 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1800.601151] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1800.602124] Call Trace: [ 1800.602431] dump_stack+0x107/0x167 [ 1800.602852] should_fail.cold+0x5/0xa [ 1800.603296] ? create_object.isra.0+0x3a/0xa20 [ 1800.603821] should_failslab+0x5/0x20 [ 1800.604264] kmem_cache_alloc+0x5b/0x310 [ 1800.604731] ? mark_held_locks+0x9e/0xe0 [ 1800.605197] create_object.isra.0+0x3a/0xa20 [ 1800.605705] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1800.606299] kmem_cache_alloc_bulk+0x168/0x320 [ 1800.606825] io_submit_sqes+0x6fe6/0x8610 [ 1800.607317] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1800.607888] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1800.608439] ? find_held_lock+0x2c/0x110 [ 1800.608909] ? io_submit_sqes+0x8610/0x8610 [ 1800.609409] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1800.609969] ? wait_for_completion_io+0x270/0x270 [ 1800.610534] ? rcu_read_lock_any_held+0x75/0xa0 [ 1800.611072] ? vfs_write+0x354/0xb10 [ 1800.611508] ? fput_many+0x2f/0x1a0 [ 1800.611926] ? ksys_write+0x1a9/0x260 [ 1800.612364] ? __ia32_sys_read+0xb0/0xb0 [ 1800.612836] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1800.613437] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1800.614023] do_syscall_64+0x33/0x40 [ 1800.614459] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1800.615045] RIP: 0033:0x7f9b3748ab19 [ 1800.615467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1800.617564] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1800.618442] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1800.619263] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1800.620081] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1800.620900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1800.621719] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 07:13:24 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0) 07:13:39 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x34000, 0x0, 0x0) 07:13:39 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) 07:13:39 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000003, 0x0) 07:13:39 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:39 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xe000000, 0x0, 0x0, 0x0) 07:13:39 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 07:13:39 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x10000000000, 0x0, 0x0) 07:13:39 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1815.498234] FAULT_INJECTION: forcing a failure. [ 1815.498234] name failslab, interval 1, probability 0, space 0, times 0 [ 1815.499719] CPU: 0 PID: 9873 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1815.500571] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1815.501591] Call Trace: [ 1815.501923] dump_stack+0x107/0x167 [ 1815.502385] should_fail.cold+0x5/0xa [ 1815.502859] ? xas_alloc+0x336/0x440 [ 1815.503322] should_failslab+0x5/0x20 [ 1815.503788] kmem_cache_alloc+0x5b/0x310 [ 1815.504288] xas_alloc+0x336/0x440 [ 1815.504727] xas_create+0x34a/0x10d0 [ 1815.505197] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1815.505844] xas_store+0x8c/0x1c40 [ 1815.506299] __xa_store+0x164/0x2d0 [ 1815.506748] ? xa_delete_node+0x280/0x280 [ 1815.507261] ? trace_hardirqs_on+0x5b/0x180 [ 1815.507795] xa_store+0x31/0x50 [ 1815.508203] __io_uring_add_tctx_node+0x1cf/0x520 [ 1815.508792] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1815.509443] __do_sys_io_uring_enter+0x146f/0x1890 [ 1815.510051] ? find_held_lock+0x2c/0x110 07:13:39 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1815.510564] ? io_submit_sqes+0x8610/0x8610 [ 1815.511319] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1815.511916] ? wait_for_completion_io+0x270/0x270 [ 1815.512514] ? rcu_read_lock_any_held+0x75/0xa0 [ 1815.513083] ? vfs_write+0x354/0xb10 [ 1815.513540] ? fput_many+0x2f/0x1a0 [ 1815.513989] ? ksys_write+0x1a9/0x260 [ 1815.514468] ? __ia32_sys_read+0xb0/0xb0 [ 1815.514968] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1815.515611] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1815.516243] do_syscall_64+0x33/0x40 [ 1815.516701] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1815.517333] RIP: 0033:0x7fddac2fab19 [ 1815.517790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1815.520048] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1815.520983] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1815.521857] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1815.522738] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1815.523611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1815.524489] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:13:39 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x400300, 0x0, 0x0) [ 1815.534405] FAULT_INJECTION: forcing a failure. [ 1815.534405] name failslab, interval 1, probability 0, space 0, times 0 [ 1815.536920] CPU: 1 PID: 9869 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1815.538425] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1815.540240] Call Trace: [ 1815.540822] dump_stack+0x107/0x167 [ 1815.541621] should_fail.cold+0x5/0xa [ 1815.542468] ? create_object.isra.0+0x3a/0xa20 [ 1815.543464] should_failslab+0x5/0x20 [ 1815.544294] kmem_cache_alloc+0x5b/0x310 [ 1815.545182] ? mark_held_locks+0x9e/0xe0 [ 1815.546072] create_object.isra.0+0x3a/0xa20 [ 1815.547026] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1815.548132] kmem_cache_alloc_bulk+0x168/0x320 [ 1815.549143] io_submit_sqes+0x6fe6/0x8610 [ 1815.550083] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1815.551179] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1815.552238] ? find_held_lock+0x2c/0x110 [ 1815.553134] ? io_submit_sqes+0x8610/0x8610 [ 1815.554086] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1815.555151] ? wait_for_completion_io+0x270/0x270 [ 1815.556208] ? rcu_read_lock_any_held+0x75/0xa0 [ 1815.557221] ? vfs_write+0x354/0xb10 [ 1815.558033] ? fput_many+0x2f/0x1a0 [ 1815.558837] ? ksys_write+0x1a9/0x260 [ 1815.559667] ? __ia32_sys_read+0xb0/0xb0 [ 1815.560557] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1815.561698] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1815.562830] do_syscall_64+0x33/0x40 [ 1815.563647] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1815.564763] RIP: 0033:0x7f9b3748ab19 [ 1815.565577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1815.569572] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1815.571231] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1815.572778] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1815.574332] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1815.575881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1815.577427] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 07:13:55 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:55 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) 07:13:55 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x7ffffffff000, 0x0, 0x0) 07:13:55 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:55 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x11000000, 0x0, 0x0, 0x0) 07:13:55 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0) 07:13:55 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) 07:13:55 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000004, 0x0) 07:13:55 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1830.762616] FAULT_INJECTION: forcing a failure. [ 1830.762616] name failslab, interval 1, probability 0, space 0, times 0 [ 1830.765206] CPU: 1 PID: 9904 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1830.766729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1830.768575] Call Trace: [ 1830.769169] dump_stack+0x107/0x167 [ 1830.769998] should_fail.cold+0x5/0xa [ 1830.770863] ? create_object.isra.0+0x3a/0xa20 [ 1830.771894] should_failslab+0x5/0x20 [ 1830.772749] kmem_cache_alloc+0x5b/0x310 [ 1830.773667] ? mark_held_locks+0x9e/0xe0 [ 1830.774591] create_object.isra.0+0x3a/0xa20 [ 1830.775571] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1830.776736] kmem_cache_alloc_bulk+0x168/0x320 [ 1830.777777] io_submit_sqes+0x6fe6/0x8610 [ 1830.778756] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1830.779870] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1830.780955] ? find_held_lock+0x2c/0x110 07:13:55 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1830.781874] ? io_submit_sqes+0x8610/0x8610 [ 1830.783152] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1830.784233] ? wait_for_completion_io+0x270/0x270 07:13:55 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000005, 0x0) [ 1830.785323] ? rcu_read_lock_any_held+0x75/0xa0 [ 1830.786479] ? vfs_write+0x354/0xb10 [ 1830.787318] ? fput_many+0x2f/0x1a0 [ 1830.788141] ? ksys_write+0x1a9/0x260 [ 1830.789001] ? __ia32_sys_read+0xb0/0xb0 [ 1830.789921] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1830.791124] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1830.792283] do_syscall_64+0x33/0x40 [ 1830.793121] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1830.794265] RIP: 0033:0x7f9b3748ab19 [ 1830.795109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1830.796207] FAULT_INJECTION: forcing a failure. [ 1830.796207] name failslab, interval 1, probability 0, space 0, times 0 [ 1830.799266] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1830.799289] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1830.799308] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1830.805653] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1830.807251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1830.808849] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 [ 1830.810495] CPU: 0 PID: 9913 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1830.811414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1830.812511] Call Trace: [ 1830.812882] dump_stack+0x107/0x167 [ 1830.813365] should_fail.cold+0x5/0xa [ 1830.813886] ? create_object.isra.0+0x3a/0xa20 [ 1830.814496] should_failslab+0x5/0x20 [ 1830.814995] kmem_cache_alloc+0x5b/0x310 [ 1830.815533] ? mark_held_locks+0x9e/0xe0 [ 1830.816088] create_object.isra.0+0x3a/0xa20 [ 1830.816678] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1830.817355] kmem_cache_alloc+0x159/0x310 [ 1830.817912] xas_alloc+0x336/0x440 [ 1830.818394] xas_create+0x34a/0x10d0 [ 1830.818894] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1830.819581] xas_store+0x8c/0x1c40 [ 1830.820067] __xa_store+0x164/0x2d0 [ 1830.820547] ? xa_delete_node+0x280/0x280 [ 1830.821113] ? trace_hardirqs_on+0x5b/0x180 [ 1830.821699] xa_store+0x31/0x50 [ 1830.822140] __io_uring_add_tctx_node+0x1cf/0x520 [ 1830.822793] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1830.823501] __do_sys_io_uring_enter+0x146f/0x1890 [ 1830.824152] ? find_held_lock+0x2c/0x110 [ 1830.824698] ? io_submit_sqes+0x8610/0x8610 [ 1830.825273] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1830.825918] ? wait_for_completion_io+0x270/0x270 [ 1830.826562] ? rcu_read_lock_any_held+0x75/0xa0 [ 1830.827173] ? vfs_write+0x354/0xb10 [ 1830.827666] ? fput_many+0x2f/0x1a0 [ 1830.828143] ? ksys_write+0x1a9/0x260 [ 1830.828648] ? __ia32_sys_read+0xb0/0xb0 [ 1830.829185] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1830.829875] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1830.830555] do_syscall_64+0x33/0x40 [ 1830.831040] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1830.831716] RIP: 0033:0x7fddac2fab19 [ 1830.832218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1830.834642] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1830.835644] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1830.836581] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1830.837509] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1830.838443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1830.839376] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:13:55 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x80000000000000, 0x0, 0x0) 07:13:55 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0) 07:13:55 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:13:55 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000006, 0x0) 07:13:55 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x12000100, 0x0, 0x0, 0x0) 07:13:55 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:10 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:10 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xe000000, 0x0, 0x0) 07:14:10 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xf0ffffff7f0000, 0x0, 0x0) 07:14:11 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) 07:14:11 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:11 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000007, 0x0) 07:14:11 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) 07:14:11 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) [ 1846.754800] FAULT_INJECTION: forcing a failure. [ 1846.754800] name failslab, interval 1, probability 0, space 0, times 0 [ 1846.757335] CPU: 0 PID: 9965 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1846.758788] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1846.760532] Call Trace: [ 1846.761094] dump_stack+0x107/0x167 [ 1846.761863] should_fail.cold+0x5/0xa [ 1846.762673] ? create_object.isra.0+0x3a/0xa20 [ 1846.763627] should_failslab+0x5/0x20 [ 1846.764424] kmem_cache_alloc+0x5b/0x310 [ 1846.765275] ? mark_held_locks+0x9e/0xe0 [ 1846.766128] create_object.isra.0+0x3a/0xa20 [ 1846.767056] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1846.768123] kmem_cache_alloc_bulk+0x168/0x320 [ 1846.769097] io_submit_sqes+0x6fe6/0x8610 [ 1846.769999] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1846.771051] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1846.772065] ? find_held_lock+0x2c/0x110 [ 1846.772926] ? io_submit_sqes+0x8610/0x8610 [ 1846.773835] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1846.774862] ? wait_for_completion_io+0x270/0x270 [ 1846.775877] ? rcu_read_lock_any_held+0x75/0xa0 [ 1846.776845] ? vfs_write+0x354/0xb10 [ 1846.777622] ? fput_many+0x2f/0x1a0 [ 1846.778387] ? ksys_write+0x1a9/0x260 [ 1846.779199] ? __ia32_sys_read+0xb0/0xb0 [ 1846.780053] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1846.781147] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1846.782230] do_syscall_64+0x33/0x40 [ 1846.783026] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1846.784102] RIP: 0033:0x7f9b3748ab19 [ 1846.784882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1846.788742] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1846.790341] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1846.791842] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1846.793344] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1846.794853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1846.796346] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 [ 1846.809171] FAULT_INJECTION: forcing a failure. [ 1846.809171] name failslab, interval 1, probability 0, space 0, times 0 [ 1846.811864] CPU: 1 PID: 9966 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1846.813459] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1846.815595] Call Trace: [ 1846.816320] dump_stack+0x107/0x167 [ 1846.817382] should_fail.cold+0x5/0xa [ 1846.818279] ? xas_alloc+0x336/0x440 [ 1846.819176] should_failslab+0x5/0x20 [ 1846.820075] kmem_cache_alloc+0x5b/0x310 [ 1846.821043] xas_alloc+0x336/0x440 [ 1846.821892] xas_create+0x34a/0x10d0 [ 1846.822810] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1846.824071] xas_store+0x8c/0x1c40 [ 1846.824944] __xa_store+0x164/0x2d0 [ 1846.825820] ? xa_delete_node+0x280/0x280 [ 1846.826833] ? trace_hardirqs_on+0x5b/0x180 [ 1846.827876] xa_store+0x31/0x50 [ 1846.828672] __io_uring_add_tctx_node+0x1cf/0x520 [ 1846.829835] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1846.831129] __do_sys_io_uring_enter+0x146f/0x1890 [ 1846.832322] ? find_held_lock+0x2c/0x110 [ 1846.833315] ? io_submit_sqes+0x8610/0x8610 [ 1846.834363] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1846.835447] ? wait_for_completion_io+0x270/0x270 [ 1846.836567] ? rcu_read_lock_any_held+0x75/0xa0 [ 1846.837580] ? vfs_write+0x354/0xb10 [ 1846.838391] ? fput_many+0x2f/0x1a0 [ 1846.839192] ? ksys_write+0x1a9/0x260 [ 1846.840096] ? __ia32_sys_read+0xb0/0xb0 [ 1846.841006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1846.842237] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1846.843392] do_syscall_64+0x33/0x40 [ 1846.844279] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1846.845413] RIP: 0033:0x7fddac2fab19 [ 1846.846228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1846.850367] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1846.852112] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1846.853791] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1846.855367] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1846.857027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1846.858628] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:14:11 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x11000000, 0x0, 0x0) 07:14:11 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:11 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x36000000, 0x0, 0x0, 0x0) 07:14:11 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x900000000000000, 0x0, 0x0) 07:14:11 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000008, 0x0) 07:14:11 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) [ 1847.037588] FAULT_INJECTION: forcing a failure. [ 1847.037588] name failslab, interval 1, probability 0, space 0, times 0 [ 1847.040142] CPU: 0 PID: 9986 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1847.041619] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1847.043409] Call Trace: [ 1847.043978] dump_stack+0x107/0x167 [ 1847.044761] should_fail.cold+0x5/0xa [ 1847.045591] ? create_object.isra.0+0x3a/0xa20 [ 1847.046581] should_failslab+0x5/0x20 [ 1847.047401] kmem_cache_alloc+0x5b/0x310 [ 1847.048280] ? mark_held_locks+0x9e/0xe0 [ 1847.049161] create_object.isra.0+0x3a/0xa20 [ 1847.050109] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1847.051223] kmem_cache_alloc_bulk+0x168/0x320 [ 1847.052216] io_submit_sqes+0x6fe6/0x8610 [ 1847.053150] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1847.054228] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1847.055277] ? find_held_lock+0x2c/0x110 [ 1847.056156] ? io_submit_sqes+0x8610/0x8610 [ 1847.057093] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1847.058131] ? wait_for_completion_io+0x270/0x270 [ 1847.059178] ? rcu_read_lock_any_held+0x75/0xa0 [ 1847.060189] ? vfs_write+0x354/0xb10 [ 1847.060993] ? fput_many+0x2f/0x1a0 [ 1847.061778] ? ksys_write+0x1a9/0x260 [ 1847.062606] ? __ia32_sys_read+0xb0/0xb0 [ 1847.063482] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1847.064613] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1847.065724] do_syscall_64+0x33/0x40 [ 1847.066524] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1847.067634] RIP: 0033:0x7f9b3748ab19 [ 1847.068431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1847.072384] RSP: 002b:00007f9b34a00188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1847.074016] RAX: ffffffffffffffda RBX: 00007f9b3759df60 RCX: 00007f9b3748ab19 [ 1847.075554] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1847.077082] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1847.078619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1847.080150] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 07:14:27 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) 07:14:27 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0) 07:14:27 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) 07:14:27 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:27 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:27 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xeaffffff, 0x0, 0x0, 0x0) 07:14:27 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x12000100, 0x0, 0x0) 07:14:27 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000009, 0x0) [ 1862.773432] FAULT_INJECTION: forcing a failure. [ 1862.773432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1862.776548] CPU: 0 PID: 10004 Comm: syz-executor.5 Not tainted 5.10.240 #1 [ 1862.778327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1862.780469] Call Trace: [ 1862.781146] dump_stack+0x107/0x167 [ 1862.782090] should_fail.cold+0x5/0xa [ 1862.783096] _copy_to_user+0x2e/0x180 [ 1862.784100] simple_read_from_buffer+0xcc/0x160 [ 1862.785300] proc_fail_nth_read+0x198/0x230 [ 1862.786431] ? proc_sessionid_read+0x230/0x230 [ 1862.787619] ? security_file_permission+0xb1/0xe0 [ 1862.788875] ? proc_sessionid_read+0x230/0x230 [ 1862.790043] vfs_read+0x228/0x620 [ 1862.791015] ksys_read+0x12d/0x260 [ 1862.791786] ? vfs_write+0xb10/0xb10 [ 1862.792764] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1862.794107] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1862.795460] do_syscall_64+0x33/0x40 [ 1862.796421] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1862.797739] RIP: 0033:0x7f9b3743d69c [ 1862.798589] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1862.803320] RSP: 002b:00007f9b34a00170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1862.805012] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9b3743d69c [ 1862.806524] RDX: 000000000000000f RSI: 00007f9b34a001e0 RDI: 0000000000000006 [ 1862.808039] RBP: 00007f9b34a001d0 R08: 0000000000000000 R09: 0000000000000000 [ 1862.809552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1862.811073] R13: 00007ffdfb036b7f R14: 00007f9b34a00300 R15: 0000000000022000 07:14:27 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1862.817157] FAULT_INJECTION: forcing a failure. [ 1862.817157] name failslab, interval 1, probability 0, space 0, times 0 [ 1862.820062] CPU: 0 PID: 10010 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1862.821846] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1862.824010] Call Trace: [ 1862.824694] dump_stack+0x107/0x167 [ 1862.825643] should_fail.cold+0x5/0xa [ 1862.826636] ? create_object.isra.0+0x3a/0xa20 [ 1862.827810] should_failslab+0x5/0x20 [ 1862.828795] kmem_cache_alloc+0x5b/0x310 [ 1862.829855] ? mark_held_locks+0x9e/0xe0 [ 1862.830913] create_object.isra.0+0x3a/0xa20 [ 1862.832051] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1862.833365] kmem_cache_alloc+0x159/0x310 [ 1862.834429] xas_alloc+0x336/0x440 [ 1862.835279] xas_create+0x34a/0x10d0 [ 1862.836242] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1862.837594] xas_store+0x8c/0x1c40 [ 1862.838529] __xa_store+0x164/0x2d0 [ 1862.839491] ? xa_delete_node+0x280/0x280 [ 1862.840579] ? trace_hardirqs_on+0x5b/0x180 [ 1862.841696] xa_store+0x31/0x50 [ 1862.842557] __io_uring_add_tctx_node+0x1cf/0x520 [ 1862.843814] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1862.845183] __do_sys_io_uring_enter+0x146f/0x1890 [ 1862.846320] ? find_held_lock+0x2c/0x110 [ 1862.847380] ? io_submit_sqes+0x8610/0x8610 [ 1862.848322] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1862.849369] ? wait_for_completion_io+0x270/0x270 [ 1862.850408] ? rcu_read_lock_any_held+0x75/0xa0 [ 1862.851423] ? vfs_write+0x354/0xb10 [ 1862.852226] ? fput_many+0x2f/0x1a0 [ 1862.853012] ? ksys_write+0x1a9/0x260 [ 1862.853832] ? __ia32_sys_read+0xb0/0xb0 [ 1862.854713] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1862.855851] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1862.856960] do_syscall_64+0x33/0x40 [ 1862.857764] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1862.858870] RIP: 0033:0x7fddac2fab19 [ 1862.859676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1862.863635] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1862.865266] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1862.866824] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1862.868360] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1862.869909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1862.871453] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:14:27 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:27 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000000a, 0x0) 07:14:27 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xeaffffff00000000, 0x0, 0x0) 07:14:27 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 07:14:27 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:27 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:27 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xffffffea, 0x0, 0x0, 0x0) 07:14:42 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x9) 07:14:42 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:42 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180), &(0x7f0000000140)=0x0) r2 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:42 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:14:42 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xe, 0x0, 0x0) 07:14:42 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) 07:14:42 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x36000000, 0x0, 0x0) 07:14:42 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000000b, 0x0) 07:14:42 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1878.125854] FAULT_INJECTION: forcing a failure. [ 1878.125854] name failslab, interval 1, probability 0, space 0, times 0 [ 1878.128257] CPU: 0 PID: 10063 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1878.129690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1878.131424] Call Trace: [ 1878.131980] dump_stack+0x107/0x167 [ 1878.132738] should_fail.cold+0x5/0xa [ 1878.133535] ? xas_alloc+0x336/0x440 [ 1878.134320] should_failslab+0x5/0x20 [ 1878.135122] kmem_cache_alloc+0x5b/0x310 [ 1878.135980] xas_alloc+0x336/0x440 [ 1878.136731] xas_create+0x34a/0x10d0 [ 1878.137535] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1878.138629] xas_store+0x8c/0x1c40 [ 1878.139397] __xa_store+0x164/0x2d0 [ 1878.140160] ? xa_delete_node+0x280/0x280 [ 1878.141039] ? trace_hardirqs_on+0x5b/0x180 [ 1878.141947] xa_store+0x31/0x50 [ 1878.142646] __io_uring_add_tctx_node+0x1cf/0x520 [ 1878.143667] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1878.144779] __do_sys_io_uring_enter+0x146f/0x1890 [ 1878.145805] ? find_held_lock+0x2c/0x110 [ 1878.146662] ? io_submit_sqes+0x8610/0x8610 [ 1878.147576] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1878.148577] ? wait_for_completion_io+0x270/0x270 [ 1878.149590] ? rcu_read_lock_any_held+0x75/0xa0 [ 1878.150557] ? vfs_write+0x354/0xb10 [ 1878.151345] ? fput_many+0x2f/0x1a0 [ 1878.152102] ? ksys_write+0x1a9/0x260 [ 1878.152904] ? __ia32_sys_read+0xb0/0xb0 [ 1878.153760] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1878.154863] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1878.155959] do_syscall_64+0x33/0x40 [ 1878.156724] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1878.157795] RIP: 0033:0x7fddac2fab19 [ 1878.158572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1878.162392] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1878.163993] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1878.165476] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1878.166974] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1878.168473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1878.169966] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:14:42 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x11, 0x0, 0x0) 07:14:42 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000000c, 0x0) 07:14:42 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:42 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xeaffffff, 0x0, 0x0) 07:14:42 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x900) 07:14:42 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:14:42 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:42 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:42 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x36, 0x0, 0x0) 07:14:42 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000000d, 0x0) 07:14:42 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xffffffea, 0x0, 0x0) 07:14:42 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x9, 0x0, 0x0, 0x0) 07:14:59 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) 07:14:59 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000) 07:14:59 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000000e, 0x0) 07:14:59 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x10000000000, 0x0, 0x0) 07:14:59 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:59 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:59 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xe00, 0x0, 0x0) 07:14:59 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x900, 0x0, 0x0, 0x0) 07:14:59 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:59 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x7ffffffff000, 0x0, 0x0) [ 1895.227595] FAULT_INJECTION: forcing a failure. [ 1895.227595] name failslab, interval 1, probability 0, space 0, times 0 [ 1895.229643] CPU: 0 PID: 10139 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1895.230890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1895.232405] Call Trace: [ 1895.232893] dump_stack+0x107/0x167 [ 1895.233560] should_fail.cold+0x5/0xa [ 1895.234248] ? create_object.isra.0+0x3a/0xa20 [ 1895.235075] should_failslab+0x5/0x20 [ 1895.235773] kmem_cache_alloc+0x5b/0x310 [ 1895.236512] ? mark_held_locks+0x9e/0xe0 [ 1895.237252] create_object.isra.0+0x3a/0xa20 [ 1895.238039] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1895.238953] kmem_cache_alloc+0x159/0x310 [ 1895.239720] xas_alloc+0x336/0x440 [ 1895.240367] xas_create+0x34a/0x10d0 [ 1895.241061] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1895.242016] xas_store+0x8c/0x1c40 [ 1895.242685] __xa_store+0x164/0x2d0 [ 1895.243362] ? xa_delete_node+0x280/0x280 [ 1895.244124] ? trace_hardirqs_on+0x5b/0x180 07:14:59 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000) [ 1895.244919] xa_store+0x31/0x50 [ 1895.245664] __io_uring_add_tctx_node+0x1cf/0x520 [ 1895.246549] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1895.247520] __do_sys_io_uring_enter+0x146f/0x1890 [ 1895.248431] ? find_held_lock+0x2c/0x110 [ 1895.249184] ? io_submit_sqes+0x8610/0x8610 [ 1895.249981] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1895.250870] ? wait_for_completion_io+0x270/0x270 07:14:59 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:14:59 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) [ 1895.251768] ? rcu_read_lock_any_held+0x75/0xa0 [ 1895.252654] ? vfs_write+0x354/0xb10 [ 1895.253340] ? fput_many+0x2f/0x1a0 [ 1895.254010] ? ksys_write+0x1a9/0x260 [ 1895.254706] ? __ia32_sys_read+0xb0/0xb0 [ 1895.255478] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1895.256440] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1895.257406] do_syscall_64+0x33/0x40 [ 1895.258087] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1895.259021] RIP: 0033:0x7fddac2fab19 [ 1895.259709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1895.263039] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1895.264434] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1895.265739] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1895.267041] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1895.268343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1895.269650] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:14:59 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x1100, 0x0, 0x0) 07:14:59 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000000f, 0x0) 07:15:14 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 07:15:14 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000010, 0x0) 07:15:14 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x40030000000000, 0x0, 0x0) 07:15:14 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:14 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) 07:15:14 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x9000000) 07:15:14 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0) 07:15:14 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1910.409801] FAULT_INJECTION: forcing a failure. [ 1910.409801] name failslab, interval 1, probability 0, space 0, times 0 [ 1910.412274] CPU: 1 PID: 10195 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1910.413721] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1910.415474] Call Trace: [ 1910.416033] dump_stack+0x107/0x167 [ 1910.416798] should_fail.cold+0x5/0xa [ 1910.417606] ? create_object.isra.0+0x3a/0xa20 [ 1910.418562] should_failslab+0x5/0x20 [ 1910.419365] kmem_cache_alloc+0x5b/0x310 [ 1910.420219] ? mark_held_locks+0x9e/0xe0 [ 1910.421075] create_object.isra.0+0x3a/0xa20 [ 1910.422008] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1910.423089] kmem_cache_alloc+0x159/0x310 [ 1910.423982] xas_alloc+0x336/0x440 [ 1910.424738] xas_create+0x34a/0x10d0 [ 1910.425549] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1910.426649] xas_store+0x8c/0x1c40 [ 1910.427424] __xa_store+0x164/0x2d0 [ 1910.428189] ? xa_delete_node+0x280/0x280 [ 1910.429059] ? trace_hardirqs_on+0x5b/0x180 [ 1910.429981] xa_store+0x31/0x50 [ 1910.430681] __io_uring_add_tctx_node+0x1cf/0x520 [ 1910.431710] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1910.432831] __do_sys_io_uring_enter+0x146f/0x1890 [ 1910.433881] ? find_held_lock+0x2c/0x110 [ 1910.434738] ? io_submit_sqes+0x8610/0x8610 [ 1910.435664] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1910.436680] ? wait_for_completion_io+0x270/0x270 [ 1910.437691] ? rcu_read_lock_any_held+0x75/0xa0 [ 1910.438670] ? vfs_write+0x354/0xb10 [ 1910.439476] ? fput_many+0x2f/0x1a0 [ 1910.440241] ? ksys_write+0x1a9/0x260 [ 1910.441036] ? __ia32_sys_read+0xb0/0xb0 [ 1910.441889] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1910.443002] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1910.444089] do_syscall_64+0x33/0x40 [ 1910.444886] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1910.445963] RIP: 0033:0x7fddac2fab19 [ 1910.446756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1910.450601] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1910.452209] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1910.453722] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1910.455225] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1910.456719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1910.458227] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:15:14 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:14 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:14 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000011, 0x0) 07:15:14 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000) 07:15:14 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x80000000000000, 0x0, 0x0) 07:15:14 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3600, 0x0, 0x0) 07:15:14 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x9000000, 0x0, 0x0, 0x0) 07:15:14 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:31 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) 07:15:31 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:31 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:31 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x10012, 0x0, 0x0) 07:15:31 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xf0ffffff7f0000, 0x0, 0x0) 07:15:31 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xeaffffff) 07:15:31 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) 07:15:31 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000012, 0x0) 07:15:31 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:31 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x100000000000000, 0x0, 0x0) 07:15:31 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:15:31 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x34000, 0x0, 0x0) [ 1927.627093] FAULT_INJECTION: forcing a failure. [ 1927.627093] name failslab, interval 1, probability 0, space 0, times 0 [ 1927.628501] CPU: 1 PID: 10250 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1927.629300] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1927.630261] Call Trace: [ 1927.630576] dump_stack+0x107/0x167 [ 1927.631005] should_fail.cold+0x5/0xa [ 1927.631449] ? create_object.isra.0+0x3a/0xa20 [ 1927.632006] should_failslab+0x5/0x20 [ 1927.632454] kmem_cache_alloc+0x5b/0x310 [ 1927.632930] ? mark_held_locks+0x9e/0xe0 [ 1927.633401] create_object.isra.0+0x3a/0xa20 [ 1927.633918] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1927.634512] kmem_cache_alloc+0x159/0x310 [ 1927.635000] xas_alloc+0x336/0x440 [ 1927.635411] xas_create+0x34a/0x10d0 [ 1927.635859] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1927.636469] xas_store+0x8c/0x1c40 [ 1927.636889] __xa_store+0x164/0x2d0 [ 1927.637317] ? xa_delete_node+0x280/0x280 [ 1927.637816] ? trace_hardirqs_on+0x5b/0x180 [ 1927.638310] xa_store+0x31/0x50 [ 1927.638700] __io_uring_add_tctx_node+0x1cf/0x520 [ 1927.639264] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1927.639902] __do_sys_io_uring_enter+0x146f/0x1890 [ 1927.640471] ? find_held_lock+0x2c/0x110 [ 1927.640939] ? io_submit_sqes+0x8610/0x8610 [ 1927.641442] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1927.642005] ? wait_for_completion_io+0x270/0x270 [ 1927.642564] ? rcu_read_lock_any_held+0x75/0xa0 [ 1927.643109] ? vfs_write+0x354/0xb10 [ 1927.643561] ? fput_many+0x2f/0x1a0 [ 1927.643984] ? ksys_write+0x1a9/0x260 [ 1927.644430] ? __ia32_sys_read+0xb0/0xb0 [ 1927.644912] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1927.645522] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1927.646117] do_syscall_64+0x33/0x40 [ 1927.646548] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1927.647144] RIP: 0033:0x7fddac2fab19 [ 1927.647598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1927.649735] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1927.650624] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1927.651451] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1927.652295] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1927.653119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1927.653946] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:15:31 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xeaffffff, 0x0, 0x0, 0x0) 07:15:32 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffea) 07:15:32 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000013, 0x0) 07:15:32 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:52 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:52 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xe00000000000000, 0x0, 0x0) 07:15:52 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 07:15:52 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000014, 0x0) 07:15:52 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:15:52 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x400300, 0x0, 0x0) 07:15:52 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x10000000000) 07:15:52 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0xffffffea, 0x0, 0x0, 0x0) [ 1948.059681] FAULT_INJECTION: forcing a failure. [ 1948.059681] name failslab, interval 1, probability 0, space 0, times 0 [ 1948.062215] CPU: 1 PID: 10307 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1948.063671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.065448] Call Trace: [ 1948.066004] dump_stack+0x107/0x167 [ 1948.066779] should_fail.cold+0x5/0xa [ 1948.067596] ? xas_alloc+0x336/0x440 [ 1948.068386] should_failslab+0x5/0x20 [ 1948.069197] kmem_cache_alloc+0x5b/0x310 [ 1948.070061] xas_alloc+0x336/0x440 [ 1948.070801] xas_create+0x34a/0x10d0 [ 1948.071602] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1948.072700] xas_store+0x8c/0x1c40 [ 1948.073470] __xa_store+0x164/0x2d0 [ 1948.074255] ? xa_delete_node+0x280/0x280 [ 1948.075135] ? trace_hardirqs_on+0x5b/0x180 [ 1948.076066] xa_store+0x31/0x50 [ 1948.076767] __io_uring_add_tctx_node+0x1cf/0x520 [ 1948.077780] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1948.078888] __do_sys_io_uring_enter+0x146f/0x1890 [ 1948.079943] ? find_held_lock+0x2c/0x110 [ 1948.080804] ? io_submit_sqes+0x8610/0x8610 [ 1948.081727] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1948.082747] ? wait_for_completion_io+0x270/0x270 [ 1948.083756] ? rcu_read_lock_any_held+0x75/0xa0 [ 1948.084738] ? vfs_write+0x354/0xb10 [ 1948.085519] ? fput_many+0x2f/0x1a0 [ 1948.086276] ? ksys_write+0x1a9/0x260 [ 1948.087080] ? __ia32_sys_read+0xb0/0xb0 [ 1948.087938] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.089030] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.090106] do_syscall_64+0x33/0x40 [ 1948.090876] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.091957] RIP: 0033:0x7fddac2fab19 [ 1948.092732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.096579] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1948.098183] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1948.099685] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1948.101188] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1948.102687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.104199] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:15:52 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 07:15:52 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:15:52 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000015, 0x0) 07:15:52 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x1100000000000000, 0x0, 0x0) 07:15:52 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x9, 0x0, 0x0) 07:15:52 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0) 07:15:52 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x7ffffffff000) 07:16:08 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) 07:16:08 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000016, 0x0) 07:16:08 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x1200010000000000, 0x0, 0x0) 07:16:08 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:16:08 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0) 07:16:08 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000000000000) 07:16:08 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:08 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x900, 0x0, 0x0) 07:16:08 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xe000000, 0x0, 0x0) [ 1963.979034] FAULT_INJECTION: forcing a failure. [ 1963.979034] name failslab, interval 1, probability 0, space 0, times 0 [ 1963.981383] CPU: 0 PID: 10360 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1963.982862] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1963.984616] Call Trace: [ 1963.985188] dump_stack+0x107/0x167 [ 1963.985973] should_fail.cold+0x5/0xa [ 1963.986800] ? create_object.isra.0+0x3a/0xa20 [ 1963.987780] should_failslab+0x5/0x20 [ 1963.988605] kmem_cache_alloc+0x5b/0x310 [ 1963.989474] ? mark_held_locks+0x9e/0xe0 [ 1963.990347] create_object.isra.0+0x3a/0xa20 [ 1963.991272] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1963.992369] kmem_cache_alloc+0x159/0x310 [ 1963.993263] xas_alloc+0x336/0x440 [ 1963.994031] xas_create+0x34a/0x10d0 [ 1963.994849] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1963.995992] xas_store+0x8c/0x1c40 [ 1963.996777] __xa_store+0x164/0x2d0 [ 1963.997560] ? xa_delete_node+0x280/0x280 [ 1963.998457] ? trace_hardirqs_on+0x5b/0x180 [ 1963.999391] xa_store+0x31/0x50 [ 1964.000109] __io_uring_add_tctx_node+0x1cf/0x520 [ 1964.001121] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1964.002206] __do_sys_io_uring_enter+0x146f/0x1890 [ 1964.003209] ? find_held_lock+0x2c/0x110 [ 1964.004052] ? io_submit_sqes+0x8610/0x8610 [ 1964.004955] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1964.005941] ? wait_for_completion_io+0x270/0x270 [ 1964.006943] ? rcu_read_lock_any_held+0x75/0xa0 [ 1964.007895] ? vfs_write+0x354/0xb10 [ 1964.008657] ? fput_many+0x2f/0x1a0 [ 1964.009416] ? ksys_write+0x1a9/0x260 [ 1964.010223] ? __ia32_sys_read+0xb0/0xb0 [ 1964.011091] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.012215] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.013265] do_syscall_64+0x33/0x40 [ 1964.014056] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.015121] RIP: 0033:0x7fddac2fab19 [ 1964.015916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.019825] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1964.021439] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1964.022895] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1964.024371] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1964.025852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1964.027314] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:16:08 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) 07:16:08 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0) 07:16:08 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000017, 0x0) 07:16:08 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:08 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xf0ffffff7f0000) 07:16:08 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000015, 0x0) 07:16:08 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x11000000, 0x0, 0x0) 07:16:20 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3600000000000000, 0x0, 0x0) 07:16:20 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) 07:16:20 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x12000100, 0x0, 0x0) 07:16:20 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0) 07:16:21 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:21 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:21 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x900000000000000) 07:16:21 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000018, 0x0) [ 1976.738530] FAULT_INJECTION: forcing a failure. [ 1976.738530] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.739874] CPU: 0 PID: 10412 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1976.740677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.741648] Call Trace: [ 1976.741957] dump_stack+0x107/0x167 [ 1976.742372] should_fail.cold+0x5/0xa [ 1976.742823] ? xas_alloc+0x336/0x440 [ 1976.743258] should_failslab+0x5/0x20 [ 1976.743697] kmem_cache_alloc+0x5b/0x310 [ 1976.744172] xas_alloc+0x336/0x440 [ 1976.744580] xas_create+0x34a/0x10d0 [ 1976.745013] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1976.745625] xas_store+0x8c/0x1c40 [ 1976.746045] __xa_store+0x164/0x2d0 [ 1976.746465] ? xa_delete_node+0x280/0x280 [ 1976.746943] ? trace_hardirqs_on+0x5b/0x180 [ 1976.747440] xa_store+0x31/0x50 [ 1976.747823] __io_uring_add_tctx_node+0x1cf/0x520 [ 1976.748389] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1976.748993] __do_sys_io_uring_enter+0x146f/0x1890 [ 1976.749569] ? find_held_lock+0x2c/0x110 [ 1976.750041] ? io_submit_sqes+0x8610/0x8610 [ 1976.750545] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1976.751079] ? wait_for_completion_io+0x270/0x270 [ 1976.751637] ? rcu_read_lock_any_held+0x75/0xa0 [ 1976.752192] ? vfs_write+0x354/0xb10 [ 1976.752617] ? fput_many+0x2f/0x1a0 [ 1976.753046] ? ksys_write+0x1a9/0x260 [ 1976.753475] ? __ia32_sys_read+0xb0/0xb0 [ 1976.753933] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.754543] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.755145] do_syscall_64+0x33/0x40 [ 1976.755571] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.756180] RIP: 0033:0x7fddac2fab19 [ 1976.756609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.758738] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1976.759614] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 07:16:21 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 1976.760463] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1976.761451] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1976.762280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.763113] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:16:21 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x9000000, 0x0, 0x0) 07:16:21 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:21 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 07:16:21 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xeaffffff00000000, 0x0, 0x0) 07:16:21 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000) 07:16:21 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 07:16:21 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:21 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000019, 0x0) 07:16:36 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000017, 0x0) 07:16:36 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:36 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) 07:16:36 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000001a, 0x0) 07:16:36 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x36000000, 0x0, 0x0) 07:16:36 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xe) 07:16:36 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xeaffffff00000000) 07:16:36 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xeaffffff, 0x0, 0x0) [ 1991.997030] FAULT_INJECTION: forcing a failure. [ 1991.997030] name failslab, interval 1, probability 0, space 0, times 0 [ 1991.999577] CPU: 1 PID: 10471 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 1992.001096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1992.002898] Call Trace: [ 1992.003479] dump_stack+0x107/0x167 [ 1992.004285] should_fail.cold+0x5/0xa [ 1992.005116] ? create_object.isra.0+0x3a/0xa20 [ 1992.006100] should_failslab+0x5/0x20 [ 1992.006919] kmem_cache_alloc+0x5b/0x310 [ 1992.007812] ? mark_held_locks+0x9e/0xe0 [ 1992.008711] create_object.isra.0+0x3a/0xa20 [ 1992.009664] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1992.010786] kmem_cache_alloc+0x159/0x310 [ 1992.011700] xas_alloc+0x336/0x440 [ 1992.012484] xas_create+0x34a/0x10d0 [ 1992.013311] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1992.014459] xas_store+0x8c/0x1c40 [ 1992.015253] __xa_store+0x164/0x2d0 [ 1992.016055] ? xa_delete_node+0x280/0x280 [ 1992.016974] ? trace_hardirqs_on+0x5b/0x180 [ 1992.017928] xa_store+0x31/0x50 [ 1992.018658] __io_uring_add_tctx_node+0x1cf/0x520 [ 1992.019717] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1992.020896] __do_sys_io_uring_enter+0x146f/0x1890 [ 1992.021969] ? find_held_lock+0x2c/0x110 [ 1992.022860] ? io_submit_sqes+0x8610/0x8610 [ 1992.023807] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1992.024873] ? wait_for_completion_io+0x270/0x270 [ 1992.025923] ? rcu_read_lock_any_held+0x75/0xa0 [ 1992.026933] ? vfs_write+0x354/0xb10 [ 1992.027740] ? fput_many+0x2f/0x1a0 [ 1992.028534] ? ksys_write+0x1a9/0x260 [ 1992.029354] ? __ia32_sys_read+0xb0/0xb0 [ 1992.030235] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1992.031369] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1992.032510] do_syscall_64+0x33/0x40 [ 1992.033318] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1992.034435] RIP: 0033:0x7fddac2fab19 [ 1992.035249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1992.039271] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1992.040918] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 1992.042460] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1992.044011] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1992.045567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1992.047115] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:16:36 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) read(r6, &(0x7f0000019340)=""/102400, 0x19000) getsockopt$IP_SET_OP_GET_BYNAME(r6, 0x1, 0x53, &(0x7f0000000280)={0x6, 0x7, 'syz2\x00'}, &(0x7f00000002c0)=0x28) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x7, &(0x7f00000001c0)={0x77359400}, 0x1, 0x1, 0x1}, 0x9) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 07:16:36 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:36 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xeaffffff, 0x0, 0x0) 07:16:36 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xffffffea, 0x0, 0x0) 07:16:36 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x11) 07:16:36 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000001b, 0x0) 07:16:36 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xffffffea, 0x0, 0x0) 07:16:36 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x400000000000012, 0x0) 07:16:36 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x36) 07:16:52 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) read(r7, &(0x7f0000019340)=""/102400, 0x19000) fchmod(r7, 0x10) 07:16:52 executing program 7: r0 = syz_io_uring_setup(0x132, &(0x7f0000000180), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r4, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) 07:16:52 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:52 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000001c, 0x0) 07:16:52 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xe00) 07:16:52 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x10000000000, 0x0, 0x0) 07:16:52 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 07:16:52 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x10000000000, 0x0, 0x0) [ 2007.814953] FAULT_INJECTION: forcing a failure. [ 2007.814953] name failslab, interval 1, probability 0, space 0, times 0 [ 2007.817346] CPU: 0 PID: 10521 Comm: syz-executor.3 Not tainted 5.10.240 #1 [ 2007.818724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2007.820374] Call Trace: [ 2007.820910] dump_stack+0x107/0x167 [ 2007.821639] should_fail.cold+0x5/0xa [ 2007.822401] should_failslab+0x5/0x20 [ 2007.823153] kmem_cache_alloc_bulk+0x4b/0x320 [ 2007.824047] io_submit_sqes+0x6fe6/0x8610 [ 2007.824905] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2007.825885] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2007.826839] ? find_held_lock+0x2c/0x110 [ 2007.827651] ? io_submit_sqes+0x8610/0x8610 [ 2007.828520] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2007.829476] ? wait_for_completion_io+0x270/0x270 [ 2007.830434] ? rcu_read_lock_any_held+0x75/0xa0 [ 2007.831358] ? vfs_write+0x354/0xb10 [ 2007.832094] ? fput_many+0x2f/0x1a0 [ 2007.832831] ? ksys_write+0x1a9/0x260 [ 2007.833590] ? __ia32_sys_read+0xb0/0xb0 [ 2007.834397] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2007.835425] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2007.836454] do_syscall_64+0x33/0x40 [ 2007.837186] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2007.838195] RIP: 0033:0x7fd72a449b19 [ 2007.838929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2007.842569] RSP: 002b:00007fd7279bf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2007.844055] RAX: ffffffffffffffda RBX: 00007fd72a55cf60 RCX: 00007fd72a449b19 [ 2007.845498] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 2007.846880] RBP: 00007fd7279bf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2007.848268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2007.849665] R13: 00007ffc16ea385f R14: 00007fd7279bf300 R15: 0000000000022000 [ 2007.859157] FAULT_INJECTION: forcing a failure. [ 2007.859157] name failslab, interval 1, probability 0, space 0, times 0 [ 2007.861378] CPU: 0 PID: 10530 Comm: syz-executor.7 Not tainted 5.10.240 #1 [ 2007.862742] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2007.864375] Call Trace: [ 2007.864897] dump_stack+0x107/0x167 [ 2007.865606] should_fail.cold+0x5/0xa [ 2007.866348] ? create_object.isra.0+0x3a/0xa20 [ 2007.867234] should_failslab+0x5/0x20 [ 2007.867979] kmem_cache_alloc+0x5b/0x310 [ 2007.868783] ? mark_held_locks+0x9e/0xe0 [ 2007.869575] create_object.isra.0+0x3a/0xa20 [ 2007.870424] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2007.871406] kmem_cache_alloc+0x159/0x310 [ 2007.872220] xas_alloc+0x336/0x440 [ 2007.872917] xas_create+0x34a/0x10d0 [ 2007.873651] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 07:16:52 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@routing={0x2b, 0x2, 0x2, 0x69, 0x0, [@private0]}, 0x18) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x40000000000001d, 0x0) [ 2007.874835] xas_store+0x8c/0x1c40 [ 2007.875553] __xa_store+0x164/0x2d0 [ 2007.876262] ? xa_delete_node+0x280/0x280 [ 2007.877082] ? trace_hardirqs_on+0x5b/0x180 [ 2007.877932] xa_store+0x31/0x50 [ 2007.878576] __io_uring_add_tctx_node+0x1cf/0x520 [ 2007.879514] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2007.880559] __do_sys_io_uring_enter+0x146f/0x1890 [ 2007.881518] ? find_held_lock+0x2c/0x110 [ 2007.882309] ? io_submit_sqes+0x8610/0x8610 [ 2007.883153] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2007.884087] ? wait_for_completion_io+0x270/0x270 [ 2007.885024] ? rcu_read_lock_any_held+0x75/0xa0 [ 2007.885913] ? vfs_write+0x354/0xb10 [ 2007.886627] ? fput_many+0x2f/0x1a0 [ 2007.887327] ? ksys_write+0x1a9/0x260 [ 2007.888059] ? __ia32_sys_read+0xb0/0xb0 [ 2007.888851] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2007.889864] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2007.890853] do_syscall_64+0x33/0x40 [ 2007.891574] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2007.892567] RIP: 0033:0x7fddac2fab19 [ 2007.893279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2007.896820] RSP: 002b:00007fdda984f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2007.898286] RAX: ffffffffffffffda RBX: 00007fddac40e020 RCX: 00007fddac2fab19 [ 2007.899651] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 2007.901029] RBP: 00007fdda984f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2007.902401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2007.903766] R13: 00007ffeb23cf71f R14: 00007fdda984f300 R15: 0000000000022000 07:16:52 executing program 0: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x7ffffffff000, 0x0, 0x0) 07:16:52 executing program 5: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x7ffffffff000, 0x0, 0x0) 07:16:52 executing program 1: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, 0x0, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) 07:16:52 executing program 4: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1100) 07:16:52 executing program 2: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x4, 0x4, 0x4, 0x2, {0xa, 0x4e22, 0x1, @ipv4={'\x00', '\xff\xff', @empty}, 0x16f2}}}, 0x0, 0x0, 0x1, {0x0, r4}}, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mknodat$null(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x800, 0x103) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r5, &(0x7f0000000040)={0x11, 0x8, r7, 0x1, 0x8, 0x6, @broadcast}, 0x14) bind$packet(r3, &(0x7f0000000240)={0x11, 0xf5, r7, 0x1, 0x81, 0x6, @random="3f5c7e1d2567"}, 0x14) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xac87, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_NOP={0x0, 0x5}, 0xff0) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000380)="ed9e9672484e172c8db217a6863f36f230266fa6fb68e366fe087da2ffba1cc8c38140328ee05237de19dbc2ddfdcd7af1abc7921cfd4a2db21f99b48a10659031ec1f3c03230e36a0d61b22a97d564a6668fb54d59b1f20e6dab2469729e3bb4bc3b35eb78ec6de491e5b1288a4e1d668219dbcdfc337", 0x77}, {&(0x7f0000000400)="57f98be76d0a9efac842e0f8feac0cbe35e0c230f9bc29bcda71ec80a3a9f2cc6b8e7b6517cdf06d757cedf1a0022b52f0293690e86bda9d35174d8431dc0462bf7d12b55fbcfc5a093ce14b9bffdff111de75c87b8bef08aabe387fa2e6cc534fb57c01ff80b34051143c4069e3235164b8a6c8d8455e2260585e17529892da512c60b7611a0067897aee39031b9559a757e02f57e96e220f4593fdf06f505c94878aac3dbd64bda95297ba4d234303ae16e1ea3706196fd9755e65e5053082113514af27d7dc2c96b7810a5ed3222615803b", 0xd3}, {&(0x7f0000000500)="ebf372280f4fd77be36aba523e124fe81b874c2ef85297522518a8c71231ec3be4b48f71b29b5ff0f6334358857b18f614442560", 0x34}, {&(0x7f0000000540)="ae2ab0ad3bc35e106fafa2f52d3f4f39145c4b1bb3fee89790b207463b2a1f390530b0c872059ada80018292ca93865bb1011e700e5eb631581d6ffd14d8e98a2c828495766cb3a2631eae95a9ea63ad131c35eb2f1e88cd5a3078f3be468d3ed2b220d5d7eb5be1db4e3593b9b42901195d1dc1fd62dd7aaca5122051ad2975029c0a078241395343df2f7258a406286c5a356123f2ff541239f36d9b9f9346a8e47362d0199afb026ff6c15c7baff983f1f88d628243e753f97d36ad57b56e91acaf2fa6d916dd9500", 0xca}, {&(0x7f0000000640)="c4449f356359982feb32bcafd28165ba76267c642efa1140927505800e8a2e4896dbb9955ba2baa7812ff9b0bd25e61d5204d23e09d1f5215553f609a1dcd6415ee4407ccdc464374b28ef425bcedef9514e86daea786dc4315532fef9ad5b1cd64a3f1fe0e2f6609be8552543b4e149595a65a5d05d31f9b3408d9a7aba2cddd7102c6f00d97d205ed9bd415de6f076a1e910b9d25216ae", 0x98}, {&(0x7f0000000700)="f6170be9df3eea37309f1eaf513c0329d248c3b181aa542c2d6b4e47f78e4a485549da296ed5df0679655b871938a1f64f9ee96b53a34006075d6c13d6ec6d8a431ae3b2", 0x44}], 0x6, &(0x7f0000000800)=[@hoplimit={{0x14, 0x29, 0x34, 0x6}}, @flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x30}, 0x4004) r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) creat(&(0x7f00000002c0)='./file1\x00', 0x28) 07:16:52 executing program 3: r0 = syz_io_uring_setup(0x4c4f, &(0x7f0000000080), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) r3 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) [ 2008.131720] FAULT_INJECTION: forcing a failure. [ 2008.131720] name failslab, interval 1, probability 0, space 0, times 0 [ 2008.133671] CPU: 0 PID: 10554 Comm: syz-executor.3 Not tainted 5.10.240 #1 [ 2008.134823] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2008.136211] Call Trace: [ 2008.136673] dump_stack+0x107/0x167 [ 2008.137289] should_fail.cold+0x5/0xa [ 2008.137951] ? create_object.isra.0+0x3a/0xa20 [ 2008.138724] should_failslab+0x5/0x20 [ 2008.139369] kmem_cache_alloc+0x5b/0x310 [ 2008.140060] create_object.isra.0+0x3a/0xa20 [ 2008.140805] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2008.141644] kmem_cache_alloc_bulk+0x168/0x320 [ 2008.142413] io_submit_sqes+0x6fe6/0x8610 [ 2008.143110] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2008.143936] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2008.144735] ? find_held_lock+0x2c/0x110 [ 2008.145423] ? io_submit_sqes+0x8610/0x8610 [ 2008.146149] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2008.146935] ? wait_for_completion_io+0x270/0x270 [ 2008.147746] ? rcu_read_lock_any_held+0x75/0xa0 [ 2008.148518] ? vfs_write+0x354/0xb10 [ 2008.149127] ? fput_many+0x2f/0x1a0 [ 2008.149712] ? ksys_write+0x1a9/0x260 [ 2008.150337] ? __ia32_sys_read+0xb0/0xb0 [ 2008.151010] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2008.151872] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2008.152732] do_syscall_64+0x33/0x40 [ 2008.153344] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2008.154189] RIP: 0033:0x7fd72a449b19 [ 2008.154812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2008.157828] RSP: 002b:00007fd7279bf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2008.159070] RAX: ffffffffffffffda RBX: 00007fd72a55cf60 RCX: 00007fd72a449b19 [ 2008.160224] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 2008.161391] RBP: 00007fd7279bf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2008.162561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2008.163730] R13: 00007ffc16ea385f R14: 00007fd7279bf300 R15: 0000000000022000 BUG: leak checking failed VM DIAGNOSIS: 07:16:53 Registers: info registers vcpu 0 RAX=ffffffff83e953c0 RBX=0000000000000000 RCX=ffffffff83e7d02c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e95b88 RBP=0000000000000000 RSP=ffffffff84e07e38 R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001 R12=0000000000000000 R13=ffffffff85679448 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e953ce RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d825000 CR3=0000000046bfc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=fffffbfff0acf289 RBX=fffffbfff0acf28a RCX=ffffffff8127598f RDX=fffffbfff0acf28a RSI=0000000000000008 RDI=ffffffff85679448 RBP=fffffbfff0acf289 RSP=ffff88800d5374a8 R8 =0000000000000000 R9 =ffffffff8567944f R10=fffffbfff0acf289 R11=0000000000000001 R12=0000000000000002 R13=0000000000000000 R14=ffffffff84ff9960 R15=0000000000000000 RIP=ffffffff816cdb55 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3a2e7488c0 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005577bbf32008 CR3=000000000daf0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=00007f3a2e00317570632f302f716d2f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00005577bbeff47000005577bbeeff90 XMM06=00005577bbef3a500000000000000003 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000