ffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:25 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:25 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:25 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:25 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:25 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:25 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:25 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:25 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000540)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(0xffffffffffffffff, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
r4 = dup3(0xffffffffffffffff, r2, 0x80000)
pread64(r4, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:39 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:39 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:39 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:39 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:39 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r2, 0x0, &(0x7f00000005c0))
dup3(r0, r1, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:39 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:39 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:39 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:53 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:53 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:53 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:53 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:13:53 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:53 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:53 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:53 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x0, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:53 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:13:54 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:13:54 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))

11:13:54 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:06 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:06 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:06 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:06 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:07 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:07 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:07 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:07 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:07 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:07 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:07 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:07 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, 0x0)
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, 0x0)
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:21 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a2"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:21 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:21 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a2"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:21 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, 0x0)
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:21 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a2"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:21 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a2"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:22 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:22 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a2"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:22 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52e"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:22 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a2"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:22 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r2, 0x0, &(0x7f00000005c0))
r3 = dup3(r0, r1, 0x80000)
pread64(r3, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:35 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:35 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52e"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:35 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:35 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000540))
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r2, 0x0, &(0x7f00000005c0))
r3 = dup3(r0, r1, 0x80000)
pread64(r3, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:35 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:35 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r2, 0x0, &(0x7f00000005c0))
r3 = dup3(r0, r1, 0x80000)
pread64(r3, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:35 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r2, 0x0, &(0x7f00000005c0))
r3 = dup3(r0, r1, 0x80000)
pread64(r3, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a2"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:36 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52e"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:36 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:36 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:50 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:50 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:50 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:50 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:50 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db8"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:50 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758a"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:50 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758a"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:50 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:50 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
r4 = dup3(r0, 0xffffffffffffffff, 0x80000)
pread64(r4, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:50 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758a"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:50 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
r4 = dup3(r0, 0xffffffffffffffff, 0x80000)
pread64(r4, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:14:50 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758a"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:14:50 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:15:04 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
r4 = dup3(r0, 0xffffffffffffffff, 0x80000)
pread64(r4, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758a"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:15:04 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:15:04 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
r4 = dup3(r0, 0xffffffffffffffff, 0x80000)
pread64(r4, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:15:04 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))

11:15:04 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:15:04 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
r4 = dup3(r0, r3, 0x80000)
pread64(r4, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:04 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x5c, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SG_IO(r1, 0x227d, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, @buffer={0x300, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

11:15:20 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:15:20 executing program 4:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
r4 = dup3(r0, r3, 0x80000)
pread64(r4, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x0)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))

11:15:20 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:20 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 1)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 7:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

11:15:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000280))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r2, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r3, 0xffffffffffffffff)
epoll_create1(0x80000)
mkdirat(r4, &(0x7f0000000200)='./file0\x00', 0x86)

11:15:35 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000000000000000000000000000000000000000000000000000000000000000000040000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86)

[ 2917.075840] FAULT_INJECTION: forcing a failure.
[ 2917.075840] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2917.078660] CPU: 0 PID: 17225 Comm: syz-executor.5 Not tainted 5.10.168 #1
[ 2917.080197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.082045] Call Trace:
[ 2917.082621]  dump_stack+0x107/0x167
[ 2917.083421]  should_fail.cold+0x5/0xa
[ 2917.084230]  _copy_from_user+0x2e/0x1b0
[ 2917.085051]  __copy_msghdr_from_user+0x91/0x4b0
[ 2917.085996]  ? __ia32_sys_shutdown+0x80/0x80
[ 2917.086899]  ? __lock_acquire+0xbb1/0x5b00
[ 2917.087762]  sendmsg_copy_msghdr+0xa1/0x160
[ 2917.088650]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.089446]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.090511]  ? mark_lock+0xf5/0x2df0
[ 2917.091274]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.092361]  ? __lock_acquire+0x1657/0x5b00
[ 2917.093255]  ___sys_sendmsg+0xc6/0x170
[ 2917.094047]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.094986]  ? __fget_files+0x26d/0x480
[ 2917.095799]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.096699]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.097574]  ? __fget_files+0x296/0x480
[ 2917.098390]  ? __fget_light+0xea/0x290
[ 2917.099189]  __sys_sendmmsg+0x195/0x470
[ 2917.100023]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.100902]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.101744]  ? ksys_write+0x12d/0x260
[ 2917.102526]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.103697]  ? wait_for_completion_io+0x270/0x270
[ 2917.104688]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.105626]  ? vfs_write+0x354/0xa30
[ 2917.106379]  ? fput_many+0x2f/0x1a0
[ 2917.107119]  ? ksys_write+0x1a9/0x260
[ 2917.107935]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.108801]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.109838]  do_syscall_64+0x33/0x40
[ 2917.110600]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.111639] RIP: 0033:0x7ff64c115b19
[ 2917.112437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.116123] RSP: 002b:00007ff64968b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.117647] RAX: ffffffffffffffda RBX: 00007ff64c228f60 RCX: 00007ff64c115b19
[ 2917.119076] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.120520] RBP: 00007ff64968b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.121946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.123371] R13: 00007ffe9cc6971f R14: 00007ff64968b300 R15: 0000000000022000
[ 2917.141131] FAULT_INJECTION: forcing a failure.
[ 2917.141131] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2917.142556] CPU: 1 PID: 17229 Comm: syz-executor.2 Not tainted 5.10.168 #1
[ 2917.143341] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.144287] Call Trace:
[ 2917.144611]  dump_stack+0x107/0x167
[ 2917.145032]  should_fail.cold+0x5/0xa
[ 2917.145489]  _copy_from_user+0x2e/0x1b0
[ 2917.145958]  __copy_msghdr_from_user+0x91/0x4b0
[ 2917.146505]  ? __ia32_sys_shutdown+0x80/0x80
[ 2917.147024]  ? __lock_acquire+0xbb1/0x5b00
[ 2917.147522]  sendmsg_copy_msghdr+0xa1/0x160
[ 2917.148032]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.148271] FAULT_INJECTION: forcing a failure.
[ 2917.148271] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2917.148481]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.148502]  ? mark_lock+0xf5/0x2df0
[ 2917.152312]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.152914]  ? __lock_acquire+0x1657/0x5b00
[ 2917.153443]  ___sys_sendmsg+0xc6/0x170
[ 2917.153935]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.154474]  ? __fget_files+0x26d/0x480
[ 2917.154983]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.155465]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.156019]  ? __fget_files+0x296/0x480
[ 2917.156487]  ? __fget_light+0xea/0x290
[ 2917.156998]  __sys_sendmmsg+0x195/0x470
[ 2917.157464]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.157987]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.158483]  ? ksys_write+0x12d/0x260
[ 2917.158947]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.159534]  ? wait_for_completion_io+0x270/0x270
[ 2917.160114]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.160667]  ? vfs_write+0x354/0xa30
[ 2917.161111]  ? fput_many+0x2f/0x1a0
[ 2917.161543]  ? ksys_write+0x1a9/0x260
[ 2917.161993]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.162498]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.163102]  do_syscall_64+0x33/0x40
[ 2917.163545]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.164158] RIP: 0033:0x7fb714b40b19
[ 2917.164597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.166698] RSP: 002b:00007fb7120b6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.167571] RAX: ffffffffffffffda RBX: 00007fb714c53f60 RCX: 00007fb714b40b19
[ 2917.168408] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.169233] RBP: 00007fb7120b61d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.170053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.170863] R13: 00007fff0324c81f R14: 00007fb7120b6300 R15: 0000000000022000
[ 2917.171721] CPU: 0 PID: 17241 Comm: syz-executor.3 Not tainted 5.10.168 #1
[ 2917.173437] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.175294] Call Trace:
[ 2917.175896]  dump_stack+0x107/0x167
[ 2917.176723]  should_fail.cold+0x5/0xa
[ 2917.177576]  _copy_from_user+0x2e/0x1b0
[ 2917.178462]  __copy_msghdr_from_user+0x91/0x4b0
[ 2917.179487]  ? __ia32_sys_shutdown+0x80/0x80
[ 2917.180474]  ? mark_lock+0xf5/0x2df0
[ 2917.181303]  ? __lock_acquire+0xbb1/0x5b00
[ 2917.182243]  sendmsg_copy_msghdr+0xa1/0x160
[ 2917.183178]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.184047]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.185211]  ? mark_lock+0xf5/0x2df0
[ 2917.186036]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.187163]  ? __lock_acquire+0x1657/0x5b00
[ 2917.188112]  ___sys_sendmsg+0xc6/0x170
[ 2917.188951]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.189968]  ? __fget_files+0x26d/0x480
[ 2917.190842]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.191745]  ? irqentry_enter+0x26/0x60
[ 2917.192634]  ? __fget_files+0x296/0x480
[ 2917.193503]  ? __fget_light+0xea/0x290
[ 2917.194351]  __sys_sendmmsg+0x195/0x470
[ 2917.195220]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.196170]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.197068]  ? ksys_write+0x12d/0x260
[ 2917.197904]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.198951]  ? wait_for_completion_io+0x270/0x270
[ 2917.200015]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.201018]  ? vfs_write+0x354/0xa30
[ 2917.201840]  ? fput_many+0x2f/0x1a0
[ 2917.202632]  ? ksys_write+0x1a9/0x260
[ 2917.203476]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.204423]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.205599]  do_syscall_64+0x33/0x40
[ 2917.206427]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.207569] RIP: 0033:0x7fd1a3bd9b19
[ 2917.208416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.212535] RSP: 002b:00007fd1a114f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.214231] RAX: ffffffffffffffda RBX: 00007fd1a3cecf60 RCX: 00007fd1a3bd9b19
[ 2917.215822] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.217421] RBP: 00007fd1a114f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.219008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.220599] R13: 00007ffe93ea535f R14: 00007fd1a114f300 R15: 0000000000022000
11:15:35 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 1)

11:15:35 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2917.450724] FAULT_INJECTION: forcing a failure.
[ 2917.450724] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2917.453371] CPU: 0 PID: 17251 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2917.454761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.456411] Call Trace:
[ 2917.456967]  dump_stack+0x107/0x167
[ 2917.457688]  should_fail.cold+0x5/0xa
[ 2917.458488]  _copy_from_user+0x2e/0x1b0
[ 2917.459281]  __copy_msghdr_from_user+0x91/0x4b0
[ 2917.460261]  ? __ia32_sys_shutdown+0x80/0x80
[ 2917.461144]  ? __lock_acquire+0xbb1/0x5b00
[ 2917.462014]  sendmsg_copy_msghdr+0xa1/0x160
[ 2917.462858]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.463663]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.464715]  ? mark_lock+0xf5/0x2df0
[ 2917.465480]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.466507]  ? __lock_acquire+0x1657/0x5b00
[ 2917.467382]  ___sys_sendmsg+0xc6/0x170
[ 2917.468189]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.469113]  ? __fget_files+0x26d/0x480
[ 2917.469920]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.470766]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.471608]  ? __fget_files+0x296/0x480
[ 2917.472429]  ? __fget_light+0xea/0x290
[ 2917.473226]  __sys_sendmmsg+0x195/0x470
[ 2917.474034]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.474907]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.475757]  ? ksys_write+0x12d/0x260
[ 2917.476548]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.477528]  ? wait_for_completion_io+0x270/0x270
[ 2917.478506]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.479429]  ? vfs_write+0x354/0xa30
[ 2917.480169]  ? fput_many+0x2f/0x1a0
[ 2917.480899]  ? ksys_write+0x1a9/0x260
[ 2917.481541] FAULT_INJECTION: forcing a failure.
[ 2917.481541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2917.481682]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.481700]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.481718]  do_syscall_64+0x33/0x40
[ 2917.481748]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.487961] RIP: 0033:0x7fc11dcebb19
[ 2917.488718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.492435] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.493981] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2917.495422] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.496872] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.498312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.499753] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 2917.501232] CPU: 1 PID: 17253 Comm: syz-executor.1 Not tainted 5.10.168 #1
[ 2917.502840] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.504694] Call Trace:
[ 2917.505286]  dump_stack+0x107/0x167
[ 2917.506094]  should_fail.cold+0x5/0xa
[ 2917.506943]  _copy_from_user+0x2e/0x1b0
[ 2917.507832]  __copy_msghdr_from_user+0x91/0x4b0
[ 2917.508871]  ? __ia32_sys_shutdown+0x80/0x80
[ 2917.509860]  ? __lock_acquire+0xbb1/0x5b00
[ 2917.510803]  sendmsg_copy_msghdr+0xa1/0x160
[ 2917.511762]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.512654]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.513823]  ? mark_lock+0xf5/0x2df0
[ 2917.514653]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.515822]  ? __lock_acquire+0x1657/0x5b00
[ 2917.516795]  ___sys_sendmsg+0xc6/0x170
[ 2917.517662]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.518675]  ? __fget_files+0x26d/0x480
[ 2917.519562]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.520472]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.521300]  ? __fget_files+0x296/0x480
[ 2917.522093]  ? __fget_light+0xea/0x290
[ 2917.522872]  __sys_sendmmsg+0x195/0x470
[ 2917.523660]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.524533]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.525356]  ? ksys_write+0x12d/0x260
[ 2917.526120]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.527068]  ? wait_for_completion_io+0x270/0x270
[ 2917.528033]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.529037]  ? vfs_write+0x354/0xa30
[ 2917.529869]  ? fput_many+0x2f/0x1a0
[ 2917.530673]  ? ksys_write+0x1a9/0x260
[ 2917.531530]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.532479]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.533645]  do_syscall_64+0x33/0x40
[ 2917.534486]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.535626] RIP: 0033:0x7fb82f171b19
[ 2917.536475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.540541] RSP: 002b:00007fb82c6e7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.542228] RAX: ffffffffffffffda RBX: 00007fb82f284f60 RCX: 00007fb82f171b19
[ 2917.543806] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.545305] RBP: 00007fb82c6e71d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.546718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.548146] R13: 00007ffd1a7b2a6f R14: 00007fb82c6e7300 R15: 0000000000022000
11:15:35 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 2)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:35 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2917.631401] FAULT_INJECTION: forcing a failure.
[ 2917.631401] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2917.634166] CPU: 1 PID: 17261 Comm: syz-executor.3 Not tainted 5.10.168 #1
[ 2917.635559] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.635608] FAULT_INJECTION: forcing a failure.
[ 2917.635608] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2917.637209] Call Trace:
[ 2917.637235]  dump_stack+0x107/0x167
[ 2917.637257]  should_fail.cold+0x5/0xa
[ 2917.637281]  _copy_from_user+0x2e/0x1b0
[ 2917.637300]  iovec_from_user+0x141/0x400
[ 2917.637321]  __import_iovec+0x67/0x590
[ 2917.637337]  ? __ia32_sys_shutdown+0x80/0x80
[ 2917.637363]  import_iovec+0x83/0xb0
[ 2917.637385]  sendmsg_copy_msghdr+0x131/0x160
[ 2917.637401]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.637422]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.637441]  ? mark_lock+0xf5/0x2df0
[ 2917.637462]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.637478]  ? __lock_acquire+0x1657/0x5b00
[ 2917.637498]  ___sys_sendmsg+0xc6/0x170
[ 2917.637523]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.653934]  ? __fget_files+0x26d/0x480
[ 2917.654818]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.655755]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.656700]  ? __fget_files+0x296/0x480
[ 2917.657606]  ? __fget_light+0xea/0x290
[ 2917.658485]  __sys_sendmmsg+0x195/0x470
[ 2917.659399]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.660378]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.661310]  ? ksys_write+0x12d/0x260
[ 2917.662167]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.663248]  ? wait_for_completion_io+0x270/0x270
[ 2917.664329]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.665365]  ? vfs_write+0x354/0xa30
[ 2917.666201]  ? fput_many+0x2f/0x1a0
[ 2917.666965]  ? ksys_write+0x1a9/0x260
[ 2917.667726]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.668579]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.669598]  do_syscall_64+0x33/0x40
[ 2917.670346]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.671358] RIP: 0033:0x7fd1a3bd9b19
[ 2917.672123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.675773] RSP: 002b:00007fd1a114f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.677749] RAX: ffffffffffffffda RBX: 00007fd1a3cecf60 RCX: 00007fd1a3bd9b19
[ 2917.679396] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.681094] RBP: 00007fd1a114f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.682777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.684476] R13: 00007ffe93ea535f R14: 00007fd1a114f300 R15: 0000000000022000
[ 2917.686195] CPU: 0 PID: 17260 Comm: syz-executor.5 Not tainted 5.10.168 #1
[ 2917.687625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.689305] Call Trace:
[ 2917.689849]  dump_stack+0x107/0x167
[ 2917.690587]  should_fail.cold+0x5/0xa
[ 2917.691364]  _copy_from_user+0x2e/0x1b0
[ 2917.692174]  iovec_from_user+0x141/0x400
[ 2917.692998]  __import_iovec+0x67/0x590
[ 2917.693782]  ? __ia32_sys_shutdown+0x80/0x80
[ 2917.694678]  import_iovec+0x83/0xb0
[ 2917.695431]  sendmsg_copy_msghdr+0x131/0x160
[ 2917.696333]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.697139]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.698195]  ? mark_lock+0xf5/0x2df0
[ 2917.698955]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.700017]  ? __lock_acquire+0x1657/0x5b00
[ 2917.700898]  ___sys_sendmsg+0xc6/0x170
[ 2917.701687]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.702609]  ? __fget_files+0x26d/0x480
[ 2917.703410]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.704246]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.705087]  ? __fget_files+0x296/0x480
[ 2917.705893]  ? __fget_light+0xea/0x290
[ 2917.706681]  __sys_sendmmsg+0x195/0x470
[ 2917.707485]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.708363]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.709204]  ? ksys_write+0x12d/0x260
[ 2917.709982]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.710954]  ? wait_for_completion_io+0x270/0x270
[ 2917.711941]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.712880]  ? vfs_write+0x354/0xa30
[ 2917.713633]  ? fput_many+0x2f/0x1a0
[ 2917.714373]  ? ksys_write+0x1a9/0x260
[ 2917.715146]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.716008]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.717043]  do_syscall_64+0x33/0x40
[ 2917.717790]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.718817] RIP: 0033:0x7ff64c115b19
[ 2917.719564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.723260] RSP: 002b:00007ff64968b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.724808] RAX: ffffffffffffffda RBX: 00007ff64c228f60 RCX: 00007ff64c115b19
[ 2917.726241] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.727670] RBP: 00007ff64968b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.729108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.730539] R13: 00007ffe9cc6971f R14: 00007ff64968b300 R15: 0000000000022000
[ 2917.744781] FAULT_INJECTION: forcing a failure.
[ 2917.744781] name failslab, interval 1, probability 0, space 0, times 1
[ 2917.747439] CPU: 0 PID: 17255 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2917.748836] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.750520] Call Trace:
[ 2917.751063]  dump_stack+0x107/0x167
[ 2917.751805]  should_fail.cold+0x5/0xa
[ 2917.752608]  ? getname_flags.part.0+0x50/0x4f0
[ 2917.753529]  should_failslab+0x5/0x20
[ 2917.754306]  kmem_cache_alloc+0x5b/0x360
[ 2917.755136]  getname_flags.part.0+0x50/0x4f0
[ 2917.756032]  ? wait_for_completion_io+0x270/0x270
[ 2917.757014]  getname_flags+0x9a/0xe0
[ 2917.757765]  do_mkdirat+0x8d/0x2a0
[ 2917.758488]  ? user_path_create+0xf0/0xf0
[ 2917.759330]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2917.760394]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.761445]  do_syscall_64+0x33/0x40
[ 2917.762200]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.763247] RIP: 0033:0x7fd3579f1b19
[ 2917.764017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.767702] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2917.769247] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2917.770699] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2917.772171] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.773628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.775085] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
[ 2917.775718] FAULT_INJECTION: forcing a failure.
[ 2917.775718] name failslab, interval 1, probability 0, space 0, times 1
[ 2917.779694] CPU: 1 PID: 17265 Comm: syz-executor.3 Not tainted 5.10.168 #1
[ 2917.781253] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.783088] Call Trace:
[ 2917.783803]  dump_stack+0x107/0x167
[ 2917.784656]  should_fail.cold+0x5/0xa
[ 2917.785674]  ? __alloc_skb+0x6d/0x5b0
[ 2917.786525]  ? __alloc_skb+0x6d/0x5b0
[ 2917.787546]  should_failslab+0x5/0x20
[ 2917.788414]  kmem_cache_alloc_node+0x55/0x370
[ 2917.789620]  __alloc_skb+0x6d/0x5b0
[ 2917.790443]  alloc_skb_with_frags+0x92/0x570
[ 2917.791630]  ? find_held_lock+0x2c/0x110
[ 2917.792567]  sock_alloc_send_pskb+0x7af/0x930
[ 2917.793781]  ? sk_alloc+0x350/0x350
[ 2917.794608]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.795986]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2917.797344]  ? ip6_mtu+0x1bb/0x370
[ 2917.798153]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.799262]  ? ip_frag_init+0x350/0x350
[ 2917.800182]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2917.800504] FAULT_INJECTION: forcing a failure.
[ 2917.800504] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2917.801425]  ? ip6_mtu+0x1e9/0x370
[ 2917.801447]  ? ip6_setup_cork+0xfb7/0x1740
[ 2917.801479]  ip6_make_skb+0x2de/0x4e0
[ 2917.806520]  ? ip_frag_init+0x350/0x350
[ 2917.807451]  ? ip_frag_init+0x350/0x350
[ 2917.808411]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2917.809524]  ? ip6_dst_check+0x379/0x820
[ 2917.810482]  ? sk_dst_check+0x235/0x460
[ 2917.811425]  udpv6_sendmsg+0x2043/0x29b0
[ 2917.812408]  ? ip_frag_init+0x350/0x350
[ 2917.813350]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2917.814579]  ? find_held_lock+0x2c/0x110
[ 2917.815532]  ? __might_fault+0xd3/0x180
[ 2917.816515]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2917.817663]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2917.818928]  ? trace_hardirqs_on+0x5b/0x180
[ 2917.819947]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2917.821225]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2917.822560]  inet6_sendmsg+0x105/0x140
[ 2917.823431]  ? inet6_compat_ioctl+0x320/0x320
[ 2917.824643]  sock_sendmsg+0xf2/0x190
[ 2917.825478]  ____sys_sendmsg+0x334/0x870
[ 2917.826565]  ? kernel_sendmsg+0x50/0x50
[ 2917.827449]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.828498]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.829668]  ? mark_lock+0xf5/0x2df0
[ 2917.830670]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.831835]  ? __lock_acquire+0x1657/0x5b00
[ 2917.833020]  ___sys_sendmsg+0xf3/0x170
[ 2917.833892]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.835123]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.836069]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.837189]  ? __fget_files+0x296/0x480
[ 2917.838094]  ? __fget_light+0xea/0x290
[ 2917.839142]  __sys_sendmmsg+0x195/0x470
[ 2917.840050]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.841127]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.842095]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.843232]  ? wait_for_completion_io+0x270/0x270
[ 2917.844371]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.845469]  ? vfs_write+0x354/0xa30
[ 2917.846342]  ? fput_many+0x2f/0x1a0
[ 2917.847204]  ? ksys_write+0x1a9/0x260
[ 2917.848157]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.849116]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.850291]  do_syscall_64+0x33/0x40
[ 2917.851136]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.852338] RIP: 0033:0x7fd1a3bd9b19
[ 2917.853186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.857543] RSP: 002b:00007fd1a114f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.859234] RAX: ffffffffffffffda RBX: 00007fd1a3cecf60 RCX: 00007fd1a3bd9b19
[ 2917.860946] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.862547] RBP: 00007fd1a114f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.864161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.865741] R13: 00007ffe93ea535f R14: 00007fd1a114f300 R15: 0000000000022000
[ 2917.867362] CPU: 0 PID: 17268 Comm: syz-executor.2 Not tainted 5.10.168 #1
[ 2917.868826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2917.870547] Call Trace:
[ 2917.871103]  dump_stack+0x107/0x167
[ 2917.871863]  should_fail.cold+0x5/0xa
[ 2917.872668]  _copy_from_user+0x2e/0x1b0
[ 2917.873473]  iovec_from_user+0x141/0x400
[ 2917.874294]  __import_iovec+0x67/0x590
[ 2917.875081]  ? __ia32_sys_shutdown+0x80/0x80
[ 2917.875988]  import_iovec+0x83/0xb0
11:15:35 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 3)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2917.876726]  sendmsg_copy_msghdr+0x131/0x160
[ 2917.877803]  ? do_recvmmsg+0x6d0/0x6d0
[ 2917.878589]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.879644]  ? mark_lock+0xf5/0x2df0
[ 2917.880408]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2917.881462]  ? __lock_acquire+0x1657/0x5b00
[ 2917.882333]  ___sys_sendmsg+0xc6/0x170
[ 2917.883115]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2917.884051]  ? __fget_files+0x26d/0x480
[ 2917.884856]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.885697]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.886534]  ? __fget_files+0x296/0x480
[ 2917.887345]  ? __fget_light+0xea/0x290
[ 2917.888155]  __sys_sendmmsg+0x195/0x470
[ 2917.888960]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2917.889824]  ? lock_downgrade+0x6d0/0x6d0
[ 2917.890667]  ? ksys_write+0x12d/0x260
[ 2917.891442]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2917.892442]  ? wait_for_completion_io+0x270/0x270
[ 2917.893412]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2917.894341]  ? vfs_write+0x354/0xa30
[ 2917.895090]  ? fput_many+0x2f/0x1a0
[ 2917.895819]  ? ksys_write+0x1a9/0x260
[ 2917.896603]  __x64_sys_sendmmsg+0x99/0x100
[ 2917.897454]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2917.898497]  do_syscall_64+0x33/0x40
[ 2917.899252]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2917.900299] RIP: 0033:0x7fb714b40b19
[ 2917.901049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2917.904766] RSP: 002b:00007fb7120b6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2917.906291] RAX: ffffffffffffffda RBX: 00007fb714c53f60 RCX: 00007fb714b40b19
[ 2917.907718] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2917.909165] RBP: 00007fb7120b61d0 R08: 0000000000000000 R09: 0000000000000000
[ 2917.910607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2917.912059] R13: 00007fff0324c81f R14: 00007fb7120b6300 R15: 0000000000022000
[ 2931.770686] FAULT_INJECTION: forcing a failure.
[ 2931.770686] name failslab, interval 1, probability 0, space 0, times 0
[ 2931.773648] CPU: 1 PID: 17288 Comm: syz-executor.5 Not tainted 5.10.168 #1
[ 2931.775127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2931.776898] Call Trace:
[ 2931.777468]  dump_stack+0x107/0x167
[ 2931.778247]  should_fail.cold+0x5/0xa
[ 2931.779053]  ? __alloc_skb+0x6d/0x5b0
[ 2931.779867]  ? __alloc_skb+0x6d/0x5b0
[ 2931.780707]  should_failslab+0x5/0x20
[ 2931.781524]  kmem_cache_alloc_node+0x55/0x370
[ 2931.782492]  __alloc_skb+0x6d/0x5b0
[ 2931.783296]  alloc_skb_with_frags+0x92/0x570
[ 2931.784274]  ? find_held_lock+0x2c/0x110
[ 2931.785168]  sock_alloc_send_pskb+0x7af/0x930
[ 2931.786134]  ? sk_alloc+0x350/0x350
[ 2931.786915]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.788340]  __ip6_append_data.isra.0+0x1c12/0x3a70
11:15:49 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 2)

11:15:49 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x0, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:49 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:49 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:49 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 4)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:49 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:49 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2931.789563]  ? ip6_mtu+0x1bb/0x370
[ 2931.790404]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.791314]  ? ip_frag_init+0x350/0x350
[ 2931.792223]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2931.793222]  ? ip6_mtu+0x1e9/0x370
[ 2931.794011]  ? ip6_setup_cork+0xfb7/0x1740
[ 2931.794922]  ip6_make_skb+0x2de/0x4e0
[ 2931.795727]  ? ip_frag_init+0x350/0x350
[ 2931.796623]  ? ip_frag_init+0x350/0x350
[ 2931.797486]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2931.798534]  ? ip6_dst_check+0x379/0x820
[ 2931.799416]  ? sk_dst_check+0x235/0x460
[ 2931.800326]  udpv6_sendmsg+0x2043/0x29b0
[ 2931.801239]  ? ip_frag_init+0x350/0x350
[ 2931.802123]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2931.803276]  ? find_held_lock+0x2c/0x110
[ 2931.804213]  ? __might_fault+0xd3/0x180
[ 2931.805121]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2931.806208]  ? __import_iovec+0x458/0x590
[ 2931.807120]  ? udp_v6_push_pending_frames+0x360/0x360
11:15:49 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2931.808249]  inet6_sendmsg+0x105/0x140
[ 2931.809192]  ? inet6_compat_ioctl+0x320/0x320
[ 2931.810167]  sock_sendmsg+0xf2/0x190
[ 2931.810983]  ____sys_sendmsg+0x334/0x870
[ 2931.811858]  ? kernel_sendmsg+0x50/0x50
[ 2931.812753]  ? do_recvmmsg+0x6d0/0x6d0
[ 2931.813598]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.814722]  ? mark_lock+0xf5/0x2df0
[ 2931.815546]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.816557] FAULT_INJECTION: forcing a failure.
[ 2931.816557] name failslab, interval 1, probability 0, space 0, times 0
[ 2931.816675]  ? __lock_acquire+0x1657/0x5b00
[ 2931.816700]  ___sys_sendmsg+0xf3/0x170
[ 2931.820772]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2931.821764]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.822664]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.823566]  ? __fget_files+0x296/0x480
[ 2931.824456]  ? __fget_light+0xea/0x290
[ 2931.825306]  __sys_sendmmsg+0x195/0x470
[ 2931.826169]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2931.827089]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.828002]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2931.829053]  ? wait_for_completion_io+0x270/0x270
[ 2931.830108]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2931.831105]  ? vfs_write+0x354/0xa30
[ 2931.831911]  ? fput_many+0x2f/0x1a0
[ 2931.832716]  ? ksys_write+0x1a9/0x260
[ 2931.833549]  __x64_sys_sendmmsg+0x99/0x100
[ 2931.834458]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2931.835565]  do_syscall_64+0x33/0x40
[ 2931.836385]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2931.837490] RIP: 0033:0x7ff64c115b19
[ 2931.838307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2931.842254] RSP: 002b:00007ff64968b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2931.843878] RAX: ffffffffffffffda RBX: 00007ff64c228f60 RCX: 00007ff64c115b19
[ 2931.845427] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2931.846962] RBP: 00007ff64968b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2931.848495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2931.850020] R13: 00007ffe9cc6971f R14: 00007ff64968b300 R15: 0000000000022000
[ 2931.851565] CPU: 0 PID: 17295 Comm: syz-executor.2 Not tainted 5.10.168 #1
[ 2931.853019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2931.854732] Call Trace:
[ 2931.855281]  dump_stack+0x107/0x167
[ 2931.856034]  should_fail.cold+0x5/0xa
[ 2931.856834]  ? __alloc_skb+0x6d/0x5b0
[ 2931.857623]  should_failslab+0x5/0x20
[ 2931.858408]  kmem_cache_alloc_node+0x55/0x370
[ 2931.858546] FAULT_INJECTION: forcing a failure.
[ 2931.858546] name failslab, interval 1, probability 0, space 0, times 0
[ 2931.859325]  __alloc_skb+0x6d/0x5b0
[ 2931.859348]  alloc_skb_with_frags+0x92/0x570
[ 2931.859370]  ? find_held_lock+0x2c/0x110
[ 2931.859395]  sock_alloc_send_pskb+0x7af/0x930
[ 2931.859426]  ? sk_alloc+0x350/0x350
[ 2931.859453]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.866958]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2931.867991]  ? ip6_mtu+0x1bb/0x370
[ 2931.868734]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.869585]  ? ip_frag_init+0x350/0x350
[ 2931.870414]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2931.871363]  ? ip6_mtu+0x1e9/0x370
[ 2931.872094]  ? ip6_setup_cork+0xfb7/0x1740
[ 2931.872965]  ip6_make_skb+0x2de/0x4e0
[ 2931.873743]  ? ip_frag_init+0x350/0x350
[ 2931.874561]  ? ip_frag_init+0x350/0x350
[ 2931.875380]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2931.876377]  ? ip6_dst_check+0x379/0x820
[ 2931.877213]  ? sk_dst_check+0x235/0x460
[ 2931.878036]  udpv6_sendmsg+0x2043/0x29b0
[ 2931.878867]  ? ip_frag_init+0x350/0x350
[ 2931.879690]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2931.880766]  ? find_held_lock+0x2c/0x110
[ 2931.881612]  ? __might_fault+0xd3/0x180
[ 2931.882449]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2931.883459]  ? __import_iovec+0x458/0x590
[ 2931.884314]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2931.885370]  inet6_sendmsg+0x105/0x140
[ 2931.886168]  ? inet6_compat_ioctl+0x320/0x320
[ 2931.887078]  sock_sendmsg+0xf2/0x190
[ 2931.887839]  ____sys_sendmsg+0x334/0x870
[ 2931.888705]  ? kernel_sendmsg+0x50/0x50
[ 2931.889516]  ? do_recvmmsg+0x6d0/0x6d0
[ 2931.890312]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.891382]  ? mark_lock+0xf5/0x2df0
[ 2931.892153]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.893222]  ? __lock_acquire+0x1657/0x5b00
[ 2931.894104]  ___sys_sendmsg+0xf3/0x170
[ 2931.894898]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2931.895835]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.896704]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.897559]  ? __fget_files+0x296/0x480
[ 2931.898405]  ? __fget_light+0xea/0x290
[ 2931.899204]  __sys_sendmmsg+0x195/0x470
[ 2931.900025]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2931.900912]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.901777]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2931.902759]  ? wait_for_completion_io+0x270/0x270
[ 2931.903759]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2931.904716]  ? vfs_write+0x354/0xa30
[ 2931.905491]  ? fput_many+0x2f/0x1a0
[ 2931.906233]  ? ksys_write+0x1a9/0x260
[ 2931.907017]  __x64_sys_sendmmsg+0x99/0x100
[ 2931.907877]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2931.908949]  do_syscall_64+0x33/0x40
[ 2931.909706]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2931.910751] RIP: 0033:0x7fb714b40b19
[ 2931.911501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2931.915262] RSP: 002b:00007fb7120b6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2931.916808] RAX: ffffffffffffffda RBX: 00007fb714c53f60 RCX: 00007fb714b40b19
[ 2931.918291] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2931.919740] RBP: 00007fb7120b61d0 R08: 0000000000000000 R09: 0000000000000000
[ 2931.921221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2931.922688] R13: 00007fff0324c81f R14: 00007fb7120b6300 R15: 0000000000022000
[ 2931.924198] CPU: 1 PID: 17294 Comm: syz-executor.3 Not tainted 5.10.168 #1
[ 2931.925678] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2931.927441] Call Trace:
[ 2931.928006]  dump_stack+0x107/0x167
[ 2931.928768]  should_fail.cold+0x5/0xa
[ 2931.929536]  ? create_object.isra.0+0x3a/0xa20
[ 2931.930444]  should_failslab+0x5/0x20
[ 2931.931197]  kmem_cache_alloc+0x5b/0x360
[ 2931.932001]  ? __lock_acquire+0xbb1/0x5b00
[ 2931.932865]  create_object.isra.0+0x3a/0xa20
[ 2931.933740]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2931.934748]  kmem_cache_alloc_node+0x169/0x370
[ 2931.935657]  __alloc_skb+0x6d/0x5b0
[ 2931.936390]  alloc_skb_with_frags+0x92/0x570
[ 2931.937265]  ? find_held_lock+0x2c/0x110
[ 2931.938075]  sock_alloc_send_pskb+0x7af/0x930
[ 2931.938981]  ? sk_alloc+0x350/0x350
[ 2931.939713]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.940773]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2931.941776]  ? ip6_mtu+0x1bb/0x370
[ 2931.942484]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.943313]  ? ip_frag_init+0x350/0x350
[ 2931.944143]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2931.945251]  ? ip6_mtu+0x1e9/0x370
[ 2931.945968]  ? ip6_setup_cork+0xfb7/0x1740
[ 2931.946974]  ip6_make_skb+0x2de/0x4e0
[ 2931.947872]  ? ip_frag_init+0x350/0x350
[ 2931.948826]  ? ip_frag_init+0x350/0x350
[ 2931.949777]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2931.950908]  ? ip6_dst_check+0x379/0x820
[ 2931.951888]  ? sk_dst_check+0x235/0x460
[ 2931.952789]  udpv6_sendmsg+0x2043/0x29b0
[ 2931.953600]  ? ip_frag_init+0x350/0x350
[ 2931.954415]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2931.955464]  ? find_held_lock+0x2c/0x110
[ 2931.956296]  ? __might_fault+0xd3/0x180
[ 2931.957096]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2931.958069]  ? __import_iovec+0x458/0x590
[ 2931.958892]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2931.959912]  inet6_sendmsg+0x105/0x140
[ 2931.960690]  ? inet6_compat_ioctl+0x320/0x320
[ 2931.961571]  sock_sendmsg+0xf2/0x190
[ 2931.962310]  ____sys_sendmsg+0x334/0x870
[ 2931.963117]  ? kernel_sendmsg+0x50/0x50
[ 2931.963903]  ? do_recvmmsg+0x6d0/0x6d0
[ 2931.964688]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.965725]  ? mark_lock+0xf5/0x2df0
[ 2931.966466]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2931.967498]  ? __lock_acquire+0x1657/0x5b00
[ 2931.968366]  ___sys_sendmsg+0xf3/0x170
[ 2931.969137]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2931.970043]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.970867]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.971689]  ? __fget_files+0x296/0x480
[ 2931.972494]  ? __fget_light+0xea/0x290
[ 2931.973272]  __sys_sendmmsg+0x195/0x470
[ 2931.974061]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2931.974913]  ? lock_downgrade+0x6d0/0x6d0
[ 2931.975751]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2931.976722]  ? wait_for_completion_io+0x270/0x270
[ 2931.977685]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2931.978617]  ? vfs_write+0x354/0xa30
[ 2931.979371]  ? fput_many+0x2f/0x1a0
[ 2931.980104]  ? ksys_write+0x1a9/0x260
[ 2931.980879]  __x64_sys_sendmmsg+0x99/0x100
[ 2931.981714]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2931.982731]  do_syscall_64+0x33/0x40
[ 2931.983469]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2931.984509] RIP: 0033:0x7fd1a3bd9b19
[ 2931.985250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2931.988962] RSP: 002b:00007fd1a114f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2931.990495] RAX: ffffffffffffffda RBX: 00007fd1a3cecf60 RCX: 00007fd1a3bd9b19
[ 2931.991336] FAULT_INJECTION: forcing a failure.
[ 2931.991336] name failslab, interval 1, probability 0, space 0, times 0
[ 2931.991909] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2931.991920] RBP: 00007fd1a114f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2931.991930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2931.991940] R13: 00007ffe93ea535f R14: 00007fd1a114f300 R15: 0000000000022000
[ 2932.001768] CPU: 0 PID: 17303 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2932.003288] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.005026] Call Trace:
[ 2932.005576]  dump_stack+0x107/0x167
[ 2932.006341]  should_fail.cold+0x5/0xa
[ 2932.007129]  ? create_object.isra.0+0x3a/0xa20
[ 2932.008090]  should_failslab+0x5/0x20
[ 2932.008894]  kmem_cache_alloc+0x5b/0x360
[ 2932.009737]  ? ksys_write+0x21a/0x260
[ 2932.010527]  create_object.isra.0+0x3a/0xa20
[ 2932.011437]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2932.011658] FAULT_INJECTION: forcing a failure.
[ 2932.011658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2932.012494]  kmem_cache_alloc+0x159/0x360
[ 2932.012522]  getname_flags.part.0+0x50/0x4f0
[ 2932.012541]  ? wait_for_completion_io+0x270/0x270
[ 2932.012563]  getname_flags+0x9a/0xe0
[ 2932.012580]  do_mkdirat+0x8d/0x2a0
[ 2932.012598]  ? user_path_create+0xf0/0xf0
[ 2932.012622]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2932.012638]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.012660]  do_syscall_64+0x33/0x40
[ 2932.012680]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.012692] RIP: 0033:0x7fd3579f1b19
[ 2932.012711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.012721] RSP: 002b:00007fd354f46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2932.012741] RAX: ffffffffffffffda RBX: 00007fd357b05020 RCX: 00007fd3579f1b19
[ 2932.012752] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2932.012762] RBP: 00007fd354f461d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.012781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.035847] R13: 00007ffc675ec60f R14: 00007fd354f46300 R15: 0000000000022000
[ 2932.037342] CPU: 1 PID: 17306 Comm: syz-executor.1 Not tainted 5.10.168 #1
[ 2932.038762] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.040426] Call Trace:
[ 2932.040976]  dump_stack+0x107/0x167
[ 2932.041715]  should_fail.cold+0x5/0xa
[ 2932.042493]  _copy_from_user+0x2e/0x1b0
[ 2932.043293]  iovec_from_user+0x141/0x400
[ 2932.044129]  __import_iovec+0x67/0x590
[ 2932.044906]  ? __ia32_sys_shutdown+0x80/0x80
[ 2932.045791]  import_iovec+0x83/0xb0
[ 2932.046533]  sendmsg_copy_msghdr+0x131/0x160
[ 2932.047406]  ? do_recvmmsg+0x6d0/0x6d0
[ 2932.048213]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.049257]  ? mark_lock+0xf5/0x2df0
[ 2932.050014]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.051053]  ? __lock_acquire+0x1657/0x5b00
[ 2932.051913]  ___sys_sendmsg+0xc6/0x170
[ 2932.052700]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2932.053616]  ? __fget_files+0x26d/0x480
[ 2932.054415]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.055245]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.056072]  ? __fget_files+0x296/0x480
[ 2932.056896]  ? __fget_light+0xea/0x290
[ 2932.057684]  __sys_sendmmsg+0x195/0x470
[ 2932.058499]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2932.059361]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.060221]  ? ksys_write+0x12d/0x260
[ 2932.060987]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2932.061965]  ? wait_for_completion_io+0x270/0x270
[ 2932.062929]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2932.063859]  ? vfs_write+0x354/0xa30
[ 2932.064619]  ? fput_many+0x2f/0x1a0
[ 2932.065185] FAULT_INJECTION: forcing a failure.
[ 2932.065185] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2932.065362]  ? ksys_write+0x1a9/0x260
[ 2932.068639]  __x64_sys_sendmmsg+0x99/0x100
[ 2932.069479]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.070504]  do_syscall_64+0x33/0x40
[ 2932.071248]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.072272] RIP: 0033:0x7fb82f171b19
[ 2932.073012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.076688] RSP: 002b:00007fb82c6e7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2932.078206] RAX: ffffffffffffffda RBX: 00007fb82f284f60 RCX: 00007fb82f171b19
[ 2932.079619] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2932.081040] RBP: 00007fb82c6e71d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.082452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.083861] R13: 00007ffd1a7b2a6f R14: 00007fb82c6e7300 R15: 0000000000022000
[ 2932.085314] CPU: 0 PID: 17302 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2932.086862] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.088606] Call Trace:
[ 2932.089179]  dump_stack+0x107/0x167
[ 2932.089956]  should_fail.cold+0x5/0xa
[ 2932.090768]  _copy_from_user+0x2e/0x1b0
[ 2932.091606]  iovec_from_user+0x141/0x400
[ 2932.092457] FAULT_INJECTION: forcing a failure.
[ 2932.092457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2932.094842]  __import_iovec+0x67/0x590
[ 2932.095780]  ? __ia32_sys_shutdown+0x80/0x80
[ 2932.096728]  import_iovec+0x83/0xb0
[ 2932.097499]  sendmsg_copy_msghdr+0x131/0x160
[ 2932.098415]  ? do_recvmmsg+0x6d0/0x6d0
[ 2932.099235]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.100339]  ? mark_lock+0xf5/0x2df0
[ 2932.101118]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.102212]  ? __lock_acquire+0x1657/0x5b00
[ 2932.103111]  ___sys_sendmsg+0xc6/0x170
[ 2932.103926]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2932.104891]  ? __fget_files+0x26d/0x480
[ 2932.105725]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.106597]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.107461]  ? __fget_files+0x296/0x480
[ 2932.108302]  ? __fget_light+0xea/0x290
[ 2932.109137]  __sys_sendmmsg+0x195/0x470
[ 2932.110095]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2932.110974]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.111841]  ? ksys_write+0x12d/0x260
[ 2932.112661]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2932.113666]  ? wait_for_completion_io+0x270/0x270
[ 2932.114644]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2932.115592]  ? vfs_write+0x354/0xa30
[ 2932.116351]  ? fput_many+0x2f/0x1a0
[ 2932.117092]  ? ksys_write+0x1a9/0x260
[ 2932.117858]  __x64_sys_sendmmsg+0x99/0x100
[ 2932.118715]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.119746]  do_syscall_64+0x33/0x40
[ 2932.120531]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.121556] RIP: 0033:0x7fc11dcebb19
[ 2932.122326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.125998] RSP: 002b:00007fc11b240188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2932.127522] RAX: ffffffffffffffda RBX: 00007fc11ddff020 RCX: 00007fc11dcebb19
[ 2932.128974] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2932.130403] RBP: 00007fc11b2401d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.131806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.133265] R13: 00007ffce838591f R14: 00007fc11b240300 R15: 0000000000022000
[ 2932.134732] CPU: 1 PID: 17305 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2932.136197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.137838] Call Trace:
[ 2932.138367]  dump_stack+0x107/0x167
[ 2932.139093]  should_fail.cold+0x5/0xa
[ 2932.139855]  _copy_from_user+0x2e/0x1b0
[ 2932.140661]  __copy_msghdr_from_user+0x91/0x4b0
[ 2932.141595]  ? __ia32_sys_shutdown+0x80/0x80
[ 2932.142514]  ? __lock_acquire+0xbb1/0x5b00
[ 2932.143364]  sendmsg_copy_msghdr+0xa1/0x160
[ 2932.144242]  ? do_recvmmsg+0x6d0/0x6d0
[ 2932.145108]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.146147]  ? mark_lock+0xf5/0x2df0
[ 2932.146898]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.147925]  ? __lock_acquire+0x1657/0x5b00
[ 2932.148798]  ___sys_sendmsg+0xc6/0x170
[ 2932.149569]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2932.150488]  ? __fget_files+0x26d/0x480
[ 2932.151270]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.152123]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.152948]  ? __fget_files+0x296/0x480
[ 2932.153766]  ? __fget_light+0xea/0x290
[ 2932.154552]  __sys_sendmmsg+0x195/0x470
[ 2932.155366]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2932.156231]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.157048]  ? ksys_write+0x12d/0x260
[ 2932.157803]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2932.158753]  ? wait_for_completion_io+0x270/0x270
[ 2932.159733]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2932.160680]  ? vfs_write+0x354/0xa30
[ 2932.161438]  ? fput_many+0x2f/0x1a0
[ 2932.162176]  ? ksys_write+0x1a9/0x260
[ 2932.162969]  __x64_sys_sendmmsg+0x99/0x100
[ 2932.163832]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.164861]  do_syscall_64+0x33/0x40
[ 2932.165621]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.166654] RIP: 0033:0x7fe3cda85b19
[ 2932.167396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.171052] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2932.172567] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2932.173979] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2932.175390] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.176811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.178221] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
11:15:50 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:50 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:50 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:50 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 3)

[ 2932.409698] FAULT_INJECTION: forcing a failure.
[ 2932.409698] name failslab, interval 1, probability 0, space 0, times 0
[ 2932.412784] CPU: 0 PID: 17324 Comm: syz-executor.5 Not tainted 5.10.168 #1
[ 2932.414292] FAULT_INJECTION: forcing a failure.
[ 2932.414292] name failslab, interval 1, probability 0, space 0, times 0
[ 2932.414404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.414420] Call Trace:
[ 2932.419166]  dump_stack+0x107/0x167
[ 2932.420015]  should_fail.cold+0x5/0xa
[ 2932.420904]  ? create_object.isra.0+0x3a/0xa20
[ 2932.421959]  should_failslab+0x5/0x20
[ 2932.422837]  kmem_cache_alloc+0x5b/0x360
[ 2932.423778]  ? __lock_acquire+0xbb1/0x5b00
[ 2932.424766]  create_object.isra.0+0x3a/0xa20
[ 2932.425776]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2932.426953]  kmem_cache_alloc_node+0x169/0x370
[ 2932.428012]  __alloc_skb+0x6d/0x5b0
[ 2932.428873]  alloc_skb_with_frags+0x92/0x570
[ 2932.429888]  ? find_held_lock+0x2c/0x110
[ 2932.430832]  sock_alloc_send_pskb+0x7af/0x930
[ 2932.431881]  ? sk_alloc+0x350/0x350
[ 2932.432738]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.433960]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2932.435121]  ? ip6_mtu+0x1bb/0x370
[ 2932.435941]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.436914]  ? ip_frag_init+0x350/0x350
[ 2932.437841]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2932.438911]  ? ip6_mtu+0x1e9/0x370
[ 2932.439728]  ? ip6_setup_cork+0xfb7/0x1740
[ 2932.440706]  ip6_make_skb+0x2de/0x4e0
[ 2932.441570]  ? ip_frag_init+0x350/0x350
[ 2932.442484]  ? ip_frag_init+0x350/0x350
[ 2932.443395]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2932.444505]  ? ip6_dst_check+0x379/0x820
[ 2932.445436]  ? sk_dst_check+0x235/0x460
[ 2932.446357]  udpv6_sendmsg+0x2043/0x29b0
[ 2932.447284]  ? ip_frag_init+0x350/0x350
[ 2932.448203]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2932.449402]  ? find_held_lock+0x2c/0x110
[ 2932.450334]  ? __might_fault+0xd3/0x180
[ 2932.451259]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2932.452392]  ? __import_iovec+0x458/0x590
[ 2932.453338]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2932.454525]  inet6_sendmsg+0x105/0x140
[ 2932.455412]  ? inet6_compat_ioctl+0x320/0x320
[ 2932.456445]  sock_sendmsg+0xf2/0x190
[ 2932.457295]  ____sys_sendmsg+0x334/0x870
[ 2932.458226]  ? kernel_sendmsg+0x50/0x50
[ 2932.459129]  ? do_recvmmsg+0x6d0/0x6d0
[ 2932.460019]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.461227]  ? mark_lock+0xf5/0x2df0
[ 2932.462080]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.463271]  ? __lock_acquire+0x1657/0x5b00
[ 2932.464277]  ___sys_sendmsg+0xf3/0x170
[ 2932.465165]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2932.466204]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.467151]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.468097]  ? __fget_files+0x296/0x480
[ 2932.469013]  ? __fget_light+0xea/0x290
[ 2932.469897]  __sys_sendmmsg+0x195/0x470
[ 2932.470805]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2932.471780]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.472751]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2932.473845]  ? wait_for_completion_io+0x270/0x270
[ 2932.474937]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2932.475983]  ? vfs_write+0x354/0xa30
[ 2932.476834]  ? fput_many+0x2f/0x1a0
[ 2932.477656]  ? ksys_write+0x1a9/0x260
[ 2932.478525]  __x64_sys_sendmmsg+0x99/0x100
[ 2932.479480]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.480658]  do_syscall_64+0x33/0x40
[ 2932.481500]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.482654] RIP: 0033:0x7ff64c115b19
[ 2932.483494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.487655] RSP: 002b:00007ff64968b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2932.489367] RAX: ffffffffffffffda RBX: 00007ff64c228f60 RCX: 00007ff64c115b19
[ 2932.490966] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2932.492578] RBP: 00007ff64968b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.494179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.495787] R13: 00007ffe9cc6971f R14: 00007ff64968b300 R15: 0000000000022000
[ 2932.497420] CPU: 1 PID: 17325 Comm: syz-executor.2 Not tainted 5.10.168 #1
[ 2932.498821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.500485] Call Trace:
[ 2932.501020]  dump_stack+0x107/0x167
[ 2932.501753]  should_fail.cold+0x5/0xa
[ 2932.502530]  ? create_object.isra.0+0x3a/0xa20
[ 2932.503453]  should_failslab+0x5/0x20
[ 2932.504221]  kmem_cache_alloc+0x5b/0x360
[ 2932.505025]  ? __lock_acquire+0xbb1/0x5b00
[ 2932.505859]  create_object.isra.0+0x3a/0xa20
[ 2932.506734]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2932.507743]  kmem_cache_alloc_node+0x169/0x370
[ 2932.508669]  __alloc_skb+0x6d/0x5b0
[ 2932.509393]  alloc_skb_with_frags+0x92/0x570
[ 2932.510261]  ? find_held_lock+0x2c/0x110
[ 2932.511069]  sock_alloc_send_pskb+0x7af/0x930
[ 2932.511972]  ? sk_alloc+0x350/0x350
[ 2932.512706]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.513754]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2932.514760]  ? ip6_mtu+0x1bb/0x370
[ 2932.515467]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.516290]  ? ip_frag_init+0x350/0x350
[ 2932.517087]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2932.518004]  ? ip6_mtu+0x1e9/0x370
[ 2932.518709]  ? ip6_setup_cork+0xfb7/0x1740
[ 2932.519548]  ip6_make_skb+0x2de/0x4e0
[ 2932.520310]  ? ip_frag_init+0x350/0x350
[ 2932.521091]  ? ip_frag_init+0x350/0x350
[ 2932.521889]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2932.522835]  ? ip6_dst_check+0x379/0x820
[ 2932.523645]  ? sk_dst_check+0x235/0x460
[ 2932.524465]  udpv6_sendmsg+0x2043/0x29b0
[ 2932.525269]  ? ip_frag_init+0x350/0x350
[ 2932.526064]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2932.527092]  ? find_held_lock+0x2c/0x110
[ 2932.527900]  ? __might_fault+0xd3/0x180
[ 2932.528708]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2932.529690]  ? __import_iovec+0x458/0x590
[ 2932.530509]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2932.531525]  inet6_sendmsg+0x105/0x140
[ 2932.532322]  ? inet6_compat_ioctl+0x320/0x320
[ 2932.533209]  sock_sendmsg+0xf2/0x190
[ 2932.533944]  ____sys_sendmsg+0x334/0x870
[ 2932.534750]  ? kernel_sendmsg+0x50/0x50
[ 2932.535533]  ? do_recvmmsg+0x6d0/0x6d0
[ 2932.536312]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.537349]  ? mark_lock+0xf5/0x2df0
[ 2932.538088]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.539121]  ? __lock_acquire+0x1657/0x5b00
[ 2932.539976]  ___sys_sendmsg+0xf3/0x170
[ 2932.540761]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2932.541674]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.542501]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.543330]  ? __fget_files+0x296/0x480
[ 2932.544145]  ? __fget_light+0xea/0x290
[ 2932.544923]  __sys_sendmmsg+0x195/0x470
[ 2932.545718]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2932.546576]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.547411]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2932.548373]  ? wait_for_completion_io+0x270/0x270
[ 2932.549325]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2932.550247]  ? vfs_write+0x354/0xa30
[ 2932.550984]  ? fput_many+0x2f/0x1a0
[ 2932.551710]  ? ksys_write+0x1a9/0x260
[ 2932.552479]  __x64_sys_sendmmsg+0x99/0x100
[ 2932.553311]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.554328]  do_syscall_64+0x33/0x40
[ 2932.555071]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.556089] RIP: 0033:0x7fb714b40b19
[ 2932.556842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.560466] RSP: 002b:00007fb7120b6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2932.561967] RAX: ffffffffffffffda RBX: 00007fb714c53f60 RCX: 00007fb714b40b19
[ 2932.563373] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2932.564797] RBP: 00007fb7120b61d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.566203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.567605] R13: 00007fff0324c81f R14: 00007fb7120b6300 R15: 0000000000022000
[ 2932.588714] FAULT_INJECTION: forcing a failure.
[ 2932.588714] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2932.591472] CPU: 0 PID: 17327 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2932.593029] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.594861] Call Trace:
[ 2932.595455]  dump_stack+0x107/0x167
[ 2932.596277]  should_fail.cold+0x5/0xa
[ 2932.597137]  strncpy_from_user+0x34/0x470
[ 2932.598063]  getname_flags.part.0+0x95/0x4f0
[ 2932.599034]  ? wait_for_completion_io+0x270/0x270
[ 2932.600100]  getname_flags+0x9a/0xe0
[ 2932.600933]  do_mkdirat+0x8d/0x2a0
[ 2932.601720]  ? user_path_create+0xf0/0xf0
[ 2932.602639]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2932.603801]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.604965]  do_syscall_64+0x33/0x40
[ 2932.605797]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.606929] RIP: 0033:0x7fd3579f1b19
[ 2932.607754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.611812] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2932.613494] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2932.615057] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2932.616628] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.618182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.619742] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:15:50 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:50 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:50 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2932.715648] FAULT_INJECTION: forcing a failure.
[ 2932.715648] name failslab, interval 1, probability 0, space 0, times 0
[ 2932.716744] FAULT_INJECTION: forcing a failure.
[ 2932.716744] name failslab, interval 1, probability 0, space 0, times 0
[ 2932.718294] CPU: 1 PID: 17337 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2932.721917] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.723561] Call Trace:
[ 2932.724095]  dump_stack+0x107/0x167
[ 2932.724833]  should_fail.cold+0x5/0xa
[ 2932.725596]  ? __alloc_skb+0x6d/0x5b0
[ 2932.726362]  should_failslab+0x5/0x20
[ 2932.727121]  kmem_cache_alloc_node+0x55/0x370
[ 2932.728016]  __alloc_skb+0x6d/0x5b0
[ 2932.728754]  alloc_skb_with_frags+0x92/0x570
[ 2932.729638]  ? find_held_lock+0x2c/0x110
[ 2932.730454]  sock_alloc_send_pskb+0x7af/0x930
[ 2932.731362]  ? sk_alloc+0x350/0x350
[ 2932.732099]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.733170]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2932.734173]  ? ip6_mtu+0x1bb/0x370
[ 2932.734876]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.735697]  ? ip_frag_init+0x350/0x350
[ 2932.736513]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2932.737436]  ? ip6_mtu+0x1e9/0x370
[ 2932.738144]  ? ip6_setup_cork+0xfb7/0x1740
[ 2932.738986]  ip6_make_skb+0x2de/0x4e0
[ 2932.739736]  ? ip_frag_init+0x350/0x350
[ 2932.740538]  ? ip_frag_init+0x350/0x350
[ 2932.741335]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2932.742283]  ? ip6_dst_check+0x379/0x820
[ 2932.743092]  ? sk_dst_check+0x235/0x460
[ 2932.743887]  udpv6_sendmsg+0x2043/0x29b0
[ 2932.744709]  ? ip_frag_init+0x350/0x350
[ 2932.745510]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2932.746550]  ? find_held_lock+0x2c/0x110
[ 2932.747365]  ? __might_fault+0xd3/0x180
[ 2932.748179]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2932.749156]  ? __import_iovec+0x458/0x590
[ 2932.749978]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2932.751007]  inet6_sendmsg+0x105/0x140
[ 2932.751779]  ? inet6_compat_ioctl+0x320/0x320
[ 2932.752684]  sock_sendmsg+0xf2/0x190
[ 2932.753428]  ____sys_sendmsg+0x334/0x870
[ 2932.754239]  ? kernel_sendmsg+0x50/0x50
[ 2932.755025]  ? do_recvmmsg+0x6d0/0x6d0
[ 2932.755799]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.756859]  ? mark_lock+0xf5/0x2df0
[ 2932.757606]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.758645]  ? __lock_acquire+0x1657/0x5b00
[ 2932.759510]  ___sys_sendmsg+0xf3/0x170
[ 2932.760296]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2932.761209]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.762039]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.762869]  ? __fget_files+0x296/0x480
[ 2932.763673]  ? __fget_light+0xea/0x290
[ 2932.764470]  __sys_sendmmsg+0x195/0x470
[ 2932.765268]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2932.766124]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.766965]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2932.767927]  ? wait_for_completion_io+0x270/0x270
[ 2932.768899]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2932.769821]  ? vfs_write+0x354/0xa30
[ 2932.770568]  ? fput_many+0x2f/0x1a0
[ 2932.771297]  ? ksys_write+0x1a9/0x260
[ 2932.772064]  __x64_sys_sendmmsg+0x99/0x100
[ 2932.772920]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.773948]  do_syscall_64+0x33/0x40
[ 2932.774694]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.775715] RIP: 0033:0x7fc11dcebb19
[ 2932.776468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.780140] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2932.781654] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2932.783075] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2932.784500] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.785918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.787346] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 2932.788809] CPU: 0 PID: 17338 Comm: syz-executor.1 Not tainted 5.10.168 #1
[ 2932.790466] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.792415] Call Trace:
[ 2932.793055]  dump_stack+0x107/0x167
[ 2932.793921]  should_fail.cold+0x5/0xa
[ 2932.794818]  ? __alloc_skb+0x6d/0x5b0
[ 2932.795721]  should_failslab+0x5/0x20
[ 2932.796639]  kmem_cache_alloc_node+0x55/0x370
[ 2932.797694]  __alloc_skb+0x6d/0x5b0
[ 2932.798556]  alloc_skb_with_frags+0x92/0x570
[ 2932.799588]  ? find_held_lock+0x2c/0x110
[ 2932.800553]  sock_alloc_send_pskb+0x7af/0x930
[ 2932.801616]  ? sk_alloc+0x350/0x350
[ 2932.802478]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.803716]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2932.804906]  ? ip6_mtu+0x1bb/0x370
[ 2932.805736]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.806700]  ? ip_frag_init+0x350/0x350
[ 2932.807638]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2932.808741]  ? ip6_mtu+0x1e9/0x370
[ 2932.809577]  ? ip6_setup_cork+0xfb7/0x1740
[ 2932.810567]  ip6_make_skb+0x2de/0x4e0
[ 2932.811450]  ? ip_frag_init+0x350/0x350
[ 2932.812396]  ? ip_frag_init+0x350/0x350
[ 2932.813328]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2932.814444]  ? ip6_dst_check+0x379/0x820
[ 2932.815387]  ? sk_dst_check+0x235/0x460
[ 2932.816332]  udpv6_sendmsg+0x2043/0x29b0
[ 2932.817267]  ? ip_frag_init+0x350/0x350
[ 2932.818190]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2932.819393]  ? find_held_lock+0x2c/0x110
[ 2932.820348]  ? __might_fault+0xd3/0x180
[ 2932.821278]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2932.822409]  ? __import_iovec+0x458/0x590
[ 2932.823361]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2932.824557]  inet6_sendmsg+0x105/0x140
[ 2932.825448]  ? inet6_compat_ioctl+0x320/0x320
[ 2932.826474]  sock_sendmsg+0xf2/0x190
[ 2932.827333]  ____sys_sendmsg+0x334/0x870
[ 2932.828288]  ? kernel_sendmsg+0x50/0x50
[ 2932.829190]  ? do_recvmmsg+0x6d0/0x6d0
[ 2932.830077]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.831268]  ? mark_lock+0xf5/0x2df0
[ 2932.832126]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.833316]  ? __lock_acquire+0x1657/0x5b00
[ 2932.834298]  ___sys_sendmsg+0xf3/0x170
[ 2932.835180]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2932.836243]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.837183]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.838125]  ? __fget_files+0x296/0x480
[ 2932.839029]  ? __fget_light+0xea/0x290
[ 2932.839914]  __sys_sendmmsg+0x195/0x470
[ 2932.840820]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2932.841791]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.842745]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2932.843833]  ? wait_for_completion_io+0x270/0x270
[ 2932.844921]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2932.845959]  ? vfs_write+0x354/0xa30
[ 2932.846804]  ? fput_many+0x2f/0x1a0
[ 2932.847623]  ? ksys_write+0x1a9/0x260
[ 2932.848512]  __x64_sys_sendmmsg+0x99/0x100
[ 2932.849455]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.850612]  do_syscall_64+0x33/0x40
[ 2932.851448]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.852596] RIP: 0033:0x7fb82f171b19
[ 2932.853431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.857551] RSP: 002b:00007fb82c6e7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2932.859246] RAX: ffffffffffffffda RBX: 00007fb82f284f60 RCX: 00007fb82f171b19
[ 2932.860848] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2932.862449] RBP: 00007fb82c6e71d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.864035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.865644] R13: 00007ffd1a7b2a6f R14: 00007fb82c6e7300 R15: 0000000000022000
11:15:50 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:50 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2932.904381] FAULT_INJECTION: forcing a failure.
[ 2932.904381] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2932.907513] CPU: 0 PID: 17339 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2932.909135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2932.911049] Call Trace:
[ 2932.911657]  dump_stack+0x107/0x167
[ 2932.912505]  should_fail.cold+0x5/0xa
[ 2932.913376]  _copy_from_user+0x2e/0x1b0
[ 2932.914277]  iovec_from_user+0x141/0x400
[ 2932.915205]  __import_iovec+0x67/0x590
[ 2932.916088]  ? __ia32_sys_shutdown+0x80/0x80
[ 2932.917104]  import_iovec+0x83/0xb0
[ 2932.917946]  sendmsg_copy_msghdr+0x131/0x160
[ 2932.918945]  ? do_recvmmsg+0x6d0/0x6d0
[ 2932.919838]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.921050]  ? mark_lock+0xf5/0x2df0
[ 2932.921897]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2932.923079]  ? __lock_acquire+0x1657/0x5b00
[ 2932.924070]  ___sys_sendmsg+0xc6/0x170
[ 2932.924993]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2932.926044]  ? __fget_files+0x26d/0x480
[ 2932.926952]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.927908]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.928876]  ? __fget_files+0x296/0x480
[ 2932.929799]  ? __fget_light+0xea/0x290
[ 2932.930696]  __sys_sendmmsg+0x195/0x470
[ 2932.931614]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2932.932615]  ? lock_downgrade+0x6d0/0x6d0
[ 2932.933571]  ? ksys_write+0x12d/0x260
[ 2932.934453]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2932.935559]  ? wait_for_completion_io+0x270/0x270
[ 2932.936672]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2932.937739]  ? vfs_write+0x354/0xa30
[ 2932.938597]  ? fput_many+0x2f/0x1a0
[ 2932.939431]  ? ksys_write+0x1a9/0x260
[ 2932.940353]  __x64_sys_sendmmsg+0x99/0x100
[ 2932.941317]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2932.942494]  do_syscall_64+0x33/0x40
[ 2932.943346]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2932.944533] RIP: 0033:0x7fe3cda85b19
[ 2932.945384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2932.949601] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2932.951345] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2932.952990] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2932.954624] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2932.956288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2932.957918] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
11:15:51 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 4)

11:15:51 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:15:51 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2933.108887] FAULT_INJECTION: forcing a failure.
[ 2933.108887] name failslab, interval 1, probability 0, space 0, times 0
[ 2933.111691] CPU: 1 PID: 17356 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2933.112916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2933.114356] Call Trace:
[ 2933.114818]  dump_stack+0x107/0x167
[ 2933.115459]  should_fail.cold+0x5/0xa
[ 2933.116161]  ? __d_alloc+0x2a/0x990
[ 2933.116800]  should_failslab+0x5/0x20
[ 2933.117459]  kmem_cache_alloc+0x5b/0x360
[ 2933.118157]  ? __d_lookup+0x3e8/0x710
[ 2933.118822]  __d_alloc+0x2a/0x990
[ 2933.119441]  d_alloc+0x46/0x1c0
[ 2933.120030]  __lookup_hash+0xcc/0x190
[ 2933.120713]  filename_create+0x186/0x4a0
[ 2933.121428]  ? filename_parentat+0x570/0x570
[ 2933.122199]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2933.123031]  do_mkdirat+0xa0/0x2a0
[ 2933.123659]  ? user_path_create+0xf0/0xf0
[ 2933.124412]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2933.125335]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2933.126239]  do_syscall_64+0x33/0x40
[ 2933.126888]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2933.127781] RIP: 0033:0x7fd3579f1b19
[ 2933.128437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2933.131618] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2933.133047] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2933.134285] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2933.135528] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2933.136758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2933.137989] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
[ 2933.150172] FAULT_INJECTION: forcing a failure.
[ 2933.150172] name failslab, interval 1, probability 0, space 0, times 0
[ 2933.152229] CPU: 1 PID: 17363 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2933.153417] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2933.154817] Call Trace:
[ 2933.155275]  dump_stack+0x107/0x167
[ 2933.155902]  should_fail.cold+0x5/0xa
[ 2933.156490] FAULT_INJECTION: forcing a failure.
[ 2933.156490] name failslab, interval 1, probability 0, space 0, times 0
[ 2933.156576]  ? create_object.isra.0+0x3a/0xa20
[ 2933.159619]  should_failslab+0x5/0x20
[ 2933.160271]  kmem_cache_alloc+0x5b/0x360
[ 2933.160962]  ? __lock_acquire+0xbb1/0x5b00
[ 2933.161688]  create_object.isra.0+0x3a/0xa20
[ 2933.162445]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2933.163320]  kmem_cache_alloc_node+0x169/0x370
[ 2933.164111]  __alloc_skb+0x6d/0x5b0
[ 2933.164747]  alloc_skb_with_frags+0x92/0x570
[ 2933.165489]  ? find_held_lock+0x2c/0x110
[ 2933.166184]  sock_alloc_send_pskb+0x7af/0x930
[ 2933.166945]  ? sk_alloc+0x350/0x350
[ 2933.167564]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2933.168469]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2933.169321]  ? ip6_mtu+0x1bb/0x370
[ 2933.169917]  ? lock_downgrade+0x6d0/0x6d0
[ 2933.170605]  ? ip_frag_init+0x350/0x350
[ 2933.171289]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2933.172067]  ? ip6_mtu+0x1e9/0x370
[ 2933.172684]  ? ip6_setup_cork+0xfb7/0x1740
[ 2933.173397]  ip6_make_skb+0x2de/0x4e0
[ 2933.174033]  ? ip_frag_init+0x350/0x350
[ 2933.174703]  ? ip_frag_init+0x350/0x350
[ 2933.175378]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2933.176187]  ? ip6_dst_check+0x379/0x820
[ 2933.176870]  ? sk_dst_check+0x235/0x460
[ 2933.177544]  udpv6_sendmsg+0x2043/0x29b0
[ 2933.178233]  ? ip_frag_init+0x350/0x350
[ 2933.178909]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2933.179793]  ? find_held_lock+0x2c/0x110
[ 2933.180503]  ? __might_fault+0xd3/0x180
[ 2933.181188]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2933.182010]  ? __import_iovec+0x458/0x590
[ 2933.182714]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2933.183576]  inet6_sendmsg+0x105/0x140
[ 2933.184236]  ? inet6_compat_ioctl+0x320/0x320
[ 2933.184979]  sock_sendmsg+0xf2/0x190
[ 2933.185598]  ____sys_sendmsg+0x334/0x870
[ 2933.186274]  ? kernel_sendmsg+0x50/0x50
[ 2933.186926]  ? do_recvmmsg+0x6d0/0x6d0
[ 2933.187575]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2933.188468]  ? mark_lock+0xf5/0x2df0
[ 2933.189089]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2933.189948]  ? __lock_acquire+0x1657/0x5b00
[ 2933.190660]  ___sys_sendmsg+0xf3/0x170
[ 2933.191310]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2933.192073]  ? lock_downgrade+0x6d0/0x6d0
[ 2933.192769]  ? lock_downgrade+0x6d0/0x6d0
[ 2933.193461]  ? __fget_files+0x296/0x480
[ 2933.194130]  ? __fget_light+0xea/0x290
[ 2933.194774]  __sys_sendmmsg+0x195/0x470
[ 2933.195440]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2933.196161]  ? lock_downgrade+0x6d0/0x6d0
[ 2933.196852]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2933.197657]  ? wait_for_completion_io+0x270/0x270
[ 2933.198462]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2933.199235]  ? vfs_write+0x354/0xa30
[ 2933.199852]  ? fput_many+0x2f/0x1a0
[ 2933.200466]  ? ksys_write+0x1a9/0x260
[ 2933.201099]  __x64_sys_sendmmsg+0x99/0x100
[ 2933.201785]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2933.202634]  do_syscall_64+0x33/0x40
[ 2933.203251]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2933.204094] RIP: 0033:0x7fc11dcebb19
[ 2933.204711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2933.207707] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2933.208969] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2933.210138] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2933.211306] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2933.212496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2933.213659] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 2933.214885] CPU: 0 PID: 17362 Comm: syz-executor.5 Not tainted 5.10.168 #1
[ 2933.216341] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2933.218029] Call Trace:
[ 2933.218584]  dump_stack+0x107/0x167
[ 2933.219335]  should_fail.cold+0x5/0xa
[ 2933.220122]  should_failslab+0x5/0x20
[ 2933.220909]  __kmalloc_node_track_caller+0x74/0x3f0
[ 2933.221931]  ? alloc_skb_with_frags+0x92/0x570
[ 2933.222860]  __alloc_skb+0xb1/0x5b0
[ 2933.223607]  alloc_skb_with_frags+0x92/0x570
[ 2933.224522]  ? find_held_lock+0x2c/0x110
[ 2933.225354]  sock_alloc_send_pskb+0x7af/0x930
[ 2933.226305]  ? sk_alloc+0x350/0x350
[ 2933.227048]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2933.228113]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2933.229158]  ? ip6_mtu+0x1bb/0x370
[ 2933.229875]  ? lock_downgrade+0x6d0/0x6d0
[ 2933.230722]  ? ip_frag_init+0x350/0x350
[ 2933.231549]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2933.232499]  ? ip6_mtu+0x1e9/0x370
[ 2933.233216]  ? ip6_setup_cork+0xfb7/0x1740
[ 2933.234083]  ip6_make_skb+0x2de/0x4e0
[ 2933.234844]  ? ip_frag_init+0x350/0x350
[ 2933.235656]  ? ip_frag_init+0x350/0x350
[ 2933.236469]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2933.237445]  ? ip6_dst_check+0x379/0x820
[ 2933.238263]  ? sk_dst_check+0x235/0x460
[ 2933.239083]  udpv6_sendmsg+0x2043/0x29b0
[ 2933.239901]  ? ip_frag_init+0x350/0x350
[ 2933.240736]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2933.241793]  ? find_held_lock+0x2c/0x110
[ 2933.242619]  ? __might_fault+0xd3/0x180
[ 2933.243441]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2933.244454]  ? __import_iovec+0x458/0x590
[ 2933.245287]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2933.246345]  inet6_sendmsg+0x105/0x140
[ 2933.247130]  ? inet6_compat_ioctl+0x320/0x320
[ 2933.248046]  sock_sendmsg+0xf2/0x190
[ 2933.248805]  ____sys_sendmsg+0x334/0x870
[ 2933.249624]  ? kernel_sendmsg+0x50/0x50
[ 2933.250418]  ? do_recvmmsg+0x6d0/0x6d0
[ 2933.251205]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2933.252276]  ? mark_lock+0xf5/0x2df0
[ 2933.253049]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2933.254096]  ? __lock_acquire+0x1657/0x5b00
[ 2933.254967]  ___sys_sendmsg+0xf3/0x170
[ 2933.255751]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2933.256693]  ? lock_downgrade+0x6d0/0x6d0
[ 2933.257529]  ? lock_downgrade+0x6d0/0x6d0
[ 2933.258369]  ? __fget_files+0x296/0x480
[ 2933.259176]  ? __fget_light+0xea/0x290
[ 2933.259969]  __sys_sendmmsg+0x195/0x470
[ 2933.260789]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2933.261654]  ? lock_downgrade+0x6d0/0x6d0
[ 2933.262509]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2933.263489]  ? wait_for_completion_io+0x270/0x270
[ 2933.264486]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2933.265425]  ? vfs_write+0x354/0xa30
[ 2933.266184]  ? fput_many+0x2f/0x1a0
[ 2933.266915]  ? ksys_write+0x1a9/0x260
[ 2933.267694]  __x64_sys_sendmmsg+0x99/0x100
[ 2933.268567]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2933.269609]  do_syscall_64+0x33/0x40
[ 2933.270363]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2933.271401] RIP: 0033:0x7ff64c115b19
[ 2933.272175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2933.275873] RSP: 002b:00007ff64968b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2933.277422] RAX: ffffffffffffffda RBX: 00007ff64c228f60 RCX: 00007ff64c115b19
[ 2933.278860] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2933.280305] RBP: 00007ff64968b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2933.281744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2933.283228] R13: 00007ffe9cc6971f R14: 00007ff64968b300 R15: 0000000000022000
11:16:07 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:07 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 6)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:07 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:07 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:07 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 5)

11:16:07 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2949.309412] FAULT_INJECTION: forcing a failure.
[ 2949.309412] name failslab, interval 1, probability 0, space 0, times 0
[ 2949.312307] CPU: 0 PID: 17384 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2949.313985] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2949.315671] Call Trace:
[ 2949.316311]  dump_stack+0x107/0x167
[ 2949.317069]  should_fail.cold+0x5/0xa
[ 2949.317981]  ? __alloc_skb+0x6d/0x5b0
[ 2949.318752]  should_failslab+0x5/0x20
[ 2949.319573]  kmem_cache_alloc_node+0x55/0x370
[ 2949.320516]  __alloc_skb+0x6d/0x5b0
[ 2949.320680] FAULT_INJECTION: forcing a failure.
[ 2949.320680] name failslab, interval 1, probability 0, space 0, times 0
[ 2949.321288]  alloc_skb_with_frags+0x92/0x570
[ 2949.321310]  ? find_held_lock+0x2c/0x110
[ 2949.321335]  sock_alloc_send_pskb+0x7af/0x930
[ 2949.321366]  ? sk_alloc+0x350/0x350
[ 2949.321391]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.321423]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2949.321451]  ? ip6_mtu+0x1bb/0x370
[ 2949.321469]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.321483]  ? ip_frag_init+0x350/0x350
[ 2949.321512]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2949.321529]  ? ip6_mtu+0x1e9/0x370
[ 2949.321547]  ? ip6_setup_cork+0xfb7/0x1740
[ 2949.321569]  ip6_make_skb+0x2de/0x4e0
[ 2949.321590]  ? ip_frag_init+0x350/0x350
[ 2949.335773]  ? ip_frag_init+0x350/0x350
[ 2949.336640]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2949.337641]  ? ip6_dst_check+0x379/0x820
[ 2949.338502]  ? sk_dst_check+0x235/0x460
[ 2949.339355]  udpv6_sendmsg+0x2043/0x29b0
[ 2949.340216]  ? ip_frag_init+0x350/0x350
[ 2949.341072]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.342174]  ? find_held_lock+0x2c/0x110
[ 2949.343034]  ? __might_fault+0xd3/0x180
[ 2949.343888]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2949.344936]  ? __import_iovec+0x458/0x590
[ 2949.345809]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.346889]  inet6_sendmsg+0x105/0x140
[ 2949.347701]  ? inet6_compat_ioctl+0x320/0x320
[ 2949.348658]  sock_sendmsg+0xf2/0x190
[ 2949.349440]  ____sys_sendmsg+0x334/0x870
[ 2949.350296]  ? kernel_sendmsg+0x50/0x50
[ 2949.351129]  ? do_recvmmsg+0x6d0/0x6d0
[ 2949.351952]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.353069]  ? mark_lock+0xf5/0x2df0
[ 2949.353857]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.354963]  ? __lock_acquire+0x1657/0x5b00
[ 2949.355866]  ___sys_sendmsg+0xf3/0x170
[ 2949.356707]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2949.357681]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.358562]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.359444]  ? __fget_files+0x296/0x480
[ 2949.360293]  ? __fget_light+0xea/0x290
[ 2949.361138]  __sys_sendmmsg+0x195/0x470
[ 2949.361986]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2949.362867]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.363755]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2949.364781]  ? wait_for_completion_io+0x270/0x270
[ 2949.365797]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2949.366776]  ? vfs_write+0x354/0xa30
[ 2949.367564]  ? fput_many+0x2f/0x1a0
[ 2949.368358]  ? ksys_write+0x1a9/0x260
[ 2949.369174]  __x64_sys_sendmmsg+0x99/0x100
[ 2949.370065]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2949.371150]  do_syscall_64+0x33/0x40
[ 2949.371942]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2949.373032] RIP: 0033:0x7fe3cda85b19
[ 2949.373820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2949.377702] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2949.379308] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2949.380828] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2949.382323] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2949.383821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2949.385338] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
11:16:07 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x0, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:07 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2949.387054] CPU: 1 PID: 17382 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2949.388644] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2949.390711] Call Trace:
[ 2949.391256]  dump_stack+0x107/0x167
[ 2949.392123]  should_fail.cold+0x5/0xa
[ 2949.392908]  should_failslab+0x5/0x20
[ 2949.393816]  __kmalloc_node_track_caller+0x74/0x3f0
[ 2949.394813]  ? alloc_skb_with_frags+0x92/0x570
[ 2949.395912]  __alloc_skb+0xb1/0x5b0
[ 2949.396678]  alloc_skb_with_frags+0x92/0x570
[ 2949.397721]  ? find_held_lock+0x2c/0x110
[ 2949.398544]  sock_alloc_send_pskb+0x7af/0x930
[ 2949.399619]  ? sk_alloc+0x350/0x350
[ 2949.400371]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.401628]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2949.402386] FAULT_INJECTION: forcing a failure.
[ 2949.402386] name failslab, interval 1, probability 0, space 0, times 0
[ 2949.402647]  ? ip6_mtu+0x1bb/0x370
[ 2949.405641]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.406624]  ? ip_frag_init+0x350/0x350
[ 2949.407440]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2949.408564]  ? ip6_mtu+0x1e9/0x370
[ 2949.409290]  ? ip6_setup_cork+0xfb7/0x1740
[ 2949.410304]  ip6_make_skb+0x2de/0x4e0
[ 2949.411071]  ? ip_frag_init+0x350/0x350
[ 2949.412018]  ? ip_frag_init+0x350/0x350
[ 2949.412839]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2949.413968]  ? ip6_dst_check+0x379/0x820
[ 2949.414790]  ? sk_dst_check+0x235/0x460
[ 2949.415695]  udpv6_sendmsg+0x2043/0x29b0
[ 2949.416513]  ? ip_frag_init+0x350/0x350
[ 2949.417316]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.418354]  ? find_held_lock+0x2c/0x110
[ 2949.419165]  ? __might_fault+0xd3/0x180
[ 2949.419967]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2949.420966]  ? __import_iovec+0x458/0x590
[ 2949.421788]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.422811]  inet6_sendmsg+0x105/0x140
[ 2949.423582]  ? inet6_compat_ioctl+0x320/0x320
[ 2949.424488]  sock_sendmsg+0xf2/0x190
[ 2949.425378]  ____sys_sendmsg+0x334/0x870
[ 2949.426198]  ? kernel_sendmsg+0x50/0x50
[ 2949.427137]  ? do_recvmmsg+0x6d0/0x6d0
[ 2949.427921]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.429188]  ? mark_lock+0xf5/0x2df0
[ 2949.429940]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.431175]  ? __lock_acquire+0x1657/0x5b00
[ 2949.432045]  ___sys_sendmsg+0xf3/0x170
[ 2949.432982]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2949.433910]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.434907]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.435748]  ? __fget_files+0x296/0x480
[ 2949.436724]  ? __fget_light+0xea/0x290
[ 2949.437515]  __sys_sendmmsg+0x195/0x470
[ 2949.438462]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2949.439328]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.440327]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2949.441310]  ? wait_for_completion_io+0x270/0x270
[ 2949.442454]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2949.443386]  ? vfs_write+0x354/0xa30
[ 2949.444271]  ? fput_many+0x2f/0x1a0
[ 2949.445030]  ? ksys_write+0x1a9/0x260
[ 2949.445946]  __x64_sys_sendmmsg+0x99/0x100
[ 2949.446795]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2949.448016]  do_syscall_64+0x33/0x40
[ 2949.448784]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2949.449993] RIP: 0033:0x7fc11dcebb19
[ 2949.450740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2949.455095] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2949.456644] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2949.458330] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2949.459762] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2949.461319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2949.462743] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 2949.464193] CPU: 0 PID: 17379 Comm: syz-executor.5 Not tainted 5.10.168 #1
[ 2949.465670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2949.467411] Call Trace:
[ 2949.467974]  dump_stack+0x107/0x167
[ 2949.468767]  should_fail.cold+0x5/0xa
[ 2949.469567]  ? create_object.isra.0+0x3a/0xa20
[ 2949.470528]  should_failslab+0x5/0x20
[ 2949.471327]  kmem_cache_alloc+0x5b/0x360
[ 2949.472185]  create_object.isra.0+0x3a/0xa20
[ 2949.473120]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2949.474185]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 2949.475247]  ? alloc_skb_with_frags+0x92/0x570
[ 2949.476207]  __alloc_skb+0xb1/0x5b0
[ 2949.476990]  alloc_skb_with_frags+0x92/0x570
[ 2949.477920]  ? find_held_lock+0x2c/0x110
[ 2949.478777]  sock_alloc_send_pskb+0x7af/0x930
[ 2949.479734]  ? sk_alloc+0x350/0x350
[ 2949.480531]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.481648]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2949.482702]  ? ip6_mtu+0x1bb/0x370
[ 2949.483452]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.484317]  ? ip_frag_init+0x350/0x350
[ 2949.485179]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2949.486158]  ? ip6_mtu+0x1e9/0x370
[ 2949.486905]  ? ip6_setup_cork+0xfb7/0x1740
[ 2949.487795]  ip6_make_skb+0x2de/0x4e0
[ 2949.488614]  ? ip_frag_init+0x350/0x350
[ 2949.489453]  ? ip_frag_init+0x350/0x350
[ 2949.490290]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2949.491293]  ? ip6_dst_check+0x379/0x820
[ 2949.492151]  ? sk_dst_check+0x235/0x460
[ 2949.493006]  udpv6_sendmsg+0x2043/0x29b0
[ 2949.493857]  ? ip_frag_init+0x350/0x350
[ 2949.494703]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.495798]  ? find_held_lock+0x2c/0x110
[ 2949.496664]  ? __might_fault+0xd3/0x180
[ 2949.497514]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2949.498546]  ? __import_iovec+0x458/0x590
[ 2949.499414]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.500516]  inet6_sendmsg+0x105/0x140
[ 2949.501331]  ? inet6_compat_ioctl+0x320/0x320
[ 2949.502271]  sock_sendmsg+0xf2/0x190
[ 2949.503053]  ____sys_sendmsg+0x334/0x870
[ 2949.503907]  ? kernel_sendmsg+0x50/0x50
[ 2949.504751]  ? do_recvmmsg+0x6d0/0x6d0
[ 2949.505568]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.506670]  ? mark_lock+0xf5/0x2df0
[ 2949.507452]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.508553]  ? __lock_acquire+0x1657/0x5b00
[ 2949.509460]  ___sys_sendmsg+0xf3/0x170
[ 2949.510280]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2949.511245]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.512122]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.513017]  ? __fget_files+0x296/0x480
[ 2949.513865]  ? __fget_light+0xea/0x290
[ 2949.514691]  __sys_sendmmsg+0x195/0x470
[ 2949.515530]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2949.516445]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.517331]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2949.518345]  ? wait_for_completion_io+0x270/0x270
[ 2949.519356]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2949.520331]  ? vfs_write+0x354/0xa30
[ 2949.521139]  ? fput_many+0x2f/0x1a0
[ 2949.521907]  ? ksys_write+0x1a9/0x260
[ 2949.522718]  __x64_sys_sendmmsg+0x99/0x100
[ 2949.523606]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2949.524693]  do_syscall_64+0x33/0x40
[ 2949.525477]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2949.526548] RIP: 0033:0x7ff64c115b19
[ 2949.527328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2949.531173] RSP: 002b:00007ff64968b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2949.532788] RAX: ffffffffffffffda RBX: 00007ff64c228f60 RCX: 00007ff64c115b19
[ 2949.534278] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2949.535770] RBP: 00007ff64968b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2949.537275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2949.538765] R13: 00007ffe9cc6971f R14: 00007ff64968b300 R15: 0000000000022000
[ 2949.572605] FAULT_INJECTION: forcing a failure.
[ 2949.572605] name failslab, interval 1, probability 0, space 0, times 0
[ 2949.575182] CPU: 1 PID: 17390 Comm: syz-executor.1 Not tainted 5.10.168 #1
[ 2949.576565] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2949.578206] Call Trace:
[ 2949.578732]  dump_stack+0x107/0x167
[ 2949.579458]  should_fail.cold+0x5/0xa
[ 2949.580215]  ? create_object.isra.0+0x3a/0xa20
[ 2949.581149]  should_failslab+0x5/0x20
[ 2949.581904]  kmem_cache_alloc+0x5b/0x360
[ 2949.582711]  ? __lock_acquire+0xbb1/0x5b00
[ 2949.583552]  create_object.isra.0+0x3a/0xa20
[ 2949.584436]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2949.585450]  kmem_cache_alloc_node+0x169/0x370
[ 2949.586360]  __alloc_skb+0x6d/0x5b0
[ 2949.587091]  alloc_skb_with_frags+0x92/0x570
[ 2949.587965]  ? find_held_lock+0x2c/0x110
[ 2949.588797]  sock_alloc_send_pskb+0x7af/0x930
[ 2949.589700]  ? sk_alloc+0x350/0x350
[ 2949.590429]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.591481]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2949.592493]  ? ip6_mtu+0x1bb/0x370
[ 2949.593201]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.594022]  ? ip_frag_init+0x350/0x350
[ 2949.594822]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2949.595746]  ? ip6_mtu+0x1e9/0x370
[ 2949.596475]  ? ip6_setup_cork+0xfb7/0x1740
[ 2949.597325]  ip6_make_skb+0x2de/0x4e0
[ 2949.598081]  ? ip_frag_init+0x350/0x350
[ 2949.598874]  ? ip_frag_init+0x350/0x350
[ 2949.599667]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2949.600638]  ? ip6_dst_check+0x379/0x820
[ 2949.601455]  ? sk_dst_check+0x235/0x460
[ 2949.602259]  udpv6_sendmsg+0x2043/0x29b0
[ 2949.603222]  ? ip_frag_init+0x350/0x350
[ 2949.604021]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.605084]  ? find_held_lock+0x2c/0x110
[ 2949.605894]  ? __might_fault+0xd3/0x180
[ 2949.606701]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2949.607679]  ? __import_iovec+0x458/0x590
[ 2949.608521]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.609545]  inet6_sendmsg+0x105/0x140
[ 2949.610317]  ? inet6_compat_ioctl+0x320/0x320
[ 2949.611206]  sock_sendmsg+0xf2/0x190
[ 2949.611945]  ____sys_sendmsg+0x334/0x870
[ 2949.612762]  ? kernel_sendmsg+0x50/0x50
[ 2949.613548]  ? do_recvmmsg+0x6d0/0x6d0
[ 2949.614321]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.615364]  ? mark_lock+0xf5/0x2df0
[ 2949.616106]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.617159]  ? __lock_acquire+0x1657/0x5b00
[ 2949.618021]  ___sys_sendmsg+0xf3/0x170
[ 2949.618801]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2949.619716]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.620556]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.621392]  ? __fget_files+0x296/0x480
[ 2949.622199]  ? __fget_light+0xea/0x290
[ 2949.622979]  __sys_sendmmsg+0x195/0x470
[ 2949.623778]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2949.624651]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.625489]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2949.626452]  ? wait_for_completion_io+0x270/0x270
[ 2949.627412]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2949.628354]  ? vfs_write+0x354/0xa30
[ 2949.629101]  ? fput_many+0x2f/0x1a0
[ 2949.629828]  ? ksys_write+0x1a9/0x260
[ 2949.630595]  __x64_sys_sendmmsg+0x99/0x100
[ 2949.631432]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2949.632462]  do_syscall_64+0x33/0x40
[ 2949.633208]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2949.634230] RIP: 0033:0x7fb82f171b19
[ 2949.634970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2949.638636] RSP: 002b:00007fb82c6e7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2949.640145] RAX: ffffffffffffffda RBX: 00007fb82f284f60 RCX: 00007fb82f171b19
[ 2949.641571] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2949.642990] RBP: 00007fb82c6e71d0 R08: 0000000000000000 R09: 0000000000000000
[ 2949.644422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2949.645849] R13: 00007ffd1a7b2a6f R14: 00007fb82c6e7300 R15: 0000000000022000
[ 2949.673540] FAULT_INJECTION: forcing a failure.
[ 2949.673540] name failslab, interval 1, probability 0, space 0, times 0
[ 2949.676275] CPU: 0 PID: 17388 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2949.677695] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2949.679650] Call Trace:
[ 2949.680195]  dump_stack+0x107/0x167
[ 2949.680957]  should_fail.cold+0x5/0xa
[ 2949.681742]  ? create_object.isra.0+0x3a/0xa20
[ 2949.682670]  should_failslab+0x5/0x20
[ 2949.683448]  kmem_cache_alloc+0x5b/0x360
[ 2949.684282]  create_object.isra.0+0x3a/0xa20
[ 2949.685179]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2949.686211]  kmem_cache_alloc+0x159/0x360
[ 2949.687049]  ? __d_lookup+0x3e8/0x710
[ 2949.687830]  __d_alloc+0x2a/0x990
[ 2949.688556]  d_alloc+0x46/0x1c0
[ 2949.689236]  __lookup_hash+0xcc/0x190
[ 2949.690014]  filename_create+0x186/0x4a0
[ 2949.690834]  ? filename_parentat+0x570/0x570
[ 2949.691750]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2949.692732]  do_mkdirat+0xa0/0x2a0
[ 2949.693457]  ? user_path_create+0xf0/0xf0
[ 2949.694301]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2949.695355]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2949.696409]  do_syscall_64+0x33/0x40
[ 2949.697168]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2949.698198] RIP: 0033:0x7fd3579f1b19
[ 2949.698958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2949.702654] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2949.704177] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2949.705611] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2949.707043] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2949.708475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2949.709902] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:16:07 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:07 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 6)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2949.915429] FAULT_INJECTION: forcing a failure.
[ 2949.915429] name failslab, interval 1, probability 0, space 0, times 0
[ 2949.917923] CPU: 0 PID: 17414 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2949.919281] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2949.920919] Call Trace:
[ 2949.921448]  dump_stack+0x107/0x167
[ 2949.922172]  should_fail.cold+0x5/0xa
[ 2949.922928]  ? create_object.isra.0+0x3a/0xa20
[ 2949.923845]  should_failslab+0x5/0x20
[ 2949.924618]  kmem_cache_alloc+0x5b/0x360
[ 2949.925412]  ? __lock_acquire+0xbb1/0x5b00
[ 2949.926241]  create_object.isra.0+0x3a/0xa20
[ 2949.927100]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2949.928107]  kmem_cache_alloc_node+0x169/0x370
[ 2949.929014]  __alloc_skb+0x6d/0x5b0
[ 2949.929727]  alloc_skb_with_frags+0x92/0x570
[ 2949.930587]  ? find_held_lock+0x2c/0x110
[ 2949.931384]  sock_alloc_send_pskb+0x7af/0x930
[ 2949.932272]  ? sk_alloc+0x350/0x350
[ 2949.933007]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.934043]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2949.935019]  ? ip6_mtu+0x1bb/0x370
[ 2949.935709]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.936527]  ? ip_frag_init+0x350/0x350
[ 2949.937308]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2949.938208]  ? ip6_mtu+0x1e9/0x370
[ 2949.938899]  ? ip6_setup_cork+0xfb7/0x1740
[ 2949.939722]  ip6_make_skb+0x2de/0x4e0
[ 2949.940469]  ? ip_frag_init+0x350/0x350
[ 2949.941256]  ? ip_frag_init+0x350/0x350
[ 2949.942047]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2949.942978]  ? ip6_dst_check+0x379/0x820
[ 2949.943786]  ? sk_dst_check+0x235/0x460
[ 2949.944595]  udpv6_sendmsg+0x2043/0x29b0
[ 2949.945413]  ? ip_frag_init+0x350/0x350
[ 2949.946218]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.947276]  ? find_held_lock+0x2c/0x110
[ 2949.948068]  ? __might_fault+0xd3/0x180
[ 2949.948864]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2949.949828]  ? __import_iovec+0x458/0x590
[ 2949.950632]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2949.951643]  inet6_sendmsg+0x105/0x140
[ 2949.952409]  ? inet6_compat_ioctl+0x320/0x320
[ 2949.953285]  sock_sendmsg+0xf2/0x190
[ 2949.954011]  ____sys_sendmsg+0x334/0x870
[ 2949.954805]  ? kernel_sendmsg+0x50/0x50
[ 2949.955578]  ? do_recvmmsg+0x6d0/0x6d0
[ 2949.956358]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.957380]  ? mark_lock+0xf5/0x2df0
[ 2949.958122]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2949.959133]  ? __lock_acquire+0x1657/0x5b00
[ 2949.959979]  ___sys_sendmsg+0xf3/0x170
[ 2949.960745]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2949.961639]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.962456]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.963261]  ? __fget_files+0x296/0x480
[ 2949.964033]  ? __fget_light+0xea/0x290
[ 2949.964803]  __sys_sendmmsg+0x195/0x470
[ 2949.965572]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2949.966408]  ? lock_downgrade+0x6d0/0x6d0
[ 2949.967226]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2949.968153]  ? wait_for_completion_io+0x270/0x270
[ 2949.969111]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2949.970003]  ? vfs_write+0x354/0xa30
[ 2949.970331] FAULT_INJECTION: forcing a failure.
[ 2949.970331] name failslab, interval 1, probability 0, space 0, times 0
[ 2949.970727]  ? fput_many+0x2f/0x1a0
[ 2949.970745]  ? ksys_write+0x1a9/0x260
[ 2949.970771]  __x64_sys_sendmmsg+0x99/0x100
[ 2949.975496]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2949.976507]  do_syscall_64+0x33/0x40
[ 2949.977232]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2949.978224] RIP: 0033:0x7fe3cda85b19
[ 2949.978951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2949.982531] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2949.984015] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2949.985390] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2949.986745] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2949.988122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2949.989506] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
[ 2949.990959] CPU: 1 PID: 17416 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2949.992557] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2949.994437] Call Trace:
[ 2949.995040]  dump_stack+0x107/0x167
[ 2949.995873]  should_fail.cold+0x5/0xa
[ 2949.996750]  ? create_object.isra.0+0x3a/0xa20
[ 2949.997790]  should_failslab+0x5/0x20
[ 2949.998651]  kmem_cache_alloc+0x5b/0x360
[ 2949.999579]  create_object.isra.0+0x3a/0xa20
[ 2950.000602]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2950.001756]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 2950.002902]  ? alloc_skb_with_frags+0x92/0x570
[ 2950.003941]  __alloc_skb+0xb1/0x5b0
[ 2950.004781]  alloc_skb_with_frags+0x92/0x570
[ 2950.005778]  ? find_held_lock+0x2c/0x110
[ 2950.006706]  sock_alloc_send_pskb+0x7af/0x930
[ 2950.007737]  ? sk_alloc+0x350/0x350
[ 2950.008584]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2950.009782]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2950.010912]  ? ip6_mtu+0x1bb/0x370
[ 2950.011723]  ? lock_downgrade+0x6d0/0x6d0
[ 2950.012659]  ? ip_frag_init+0x350/0x350
[ 2950.013569]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2950.014615]  ? ip6_mtu+0x1e9/0x370
[ 2950.015417]  ? ip6_setup_cork+0xfb7/0x1740
[ 2950.016379]  ip6_make_skb+0x2de/0x4e0
[ 2950.017235]  ? ip_frag_init+0x350/0x350
[ 2950.018133]  ? ip_frag_init+0x350/0x350
[ 2950.019034]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2950.020103]  ? ip6_dst_check+0x379/0x820
[ 2950.021035]  ? sk_dst_check+0x235/0x460
[ 2950.021938]  udpv6_sendmsg+0x2043/0x29b0
[ 2950.022856]  ? ip_frag_init+0x350/0x350
[ 2950.023758]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2950.024932]  ? mark_lock+0xf5/0x2df0
[ 2950.025776]  ? find_held_lock+0x2c/0x110
[ 2950.026694]  ? __might_fault+0xd3/0x180
[ 2950.027605]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2950.028720]  ? __import_iovec+0x458/0x590
[ 2950.029653]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2950.030815]  inet6_sendmsg+0x105/0x140
[ 2950.031675]  ? inet6_compat_ioctl+0x320/0x320
[ 2950.032668]  sock_sendmsg+0xf2/0x190
[ 2950.033486]  ____sys_sendmsg+0x334/0x870
[ 2950.034387]  ? kernel_sendmsg+0x50/0x50
[ 2950.035268]  ? do_recvmmsg+0x6d0/0x6d0
[ 2950.036130]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2950.037316]  ? mark_lock+0xf5/0x2df0
[ 2950.038154]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2950.039325]  ? __lock_acquire+0x1657/0x5b00
[ 2950.040298]  ___sys_sendmsg+0xf3/0x170
[ 2950.041184]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2950.042212]  ? lock_downgrade+0x6d0/0x6d0
[ 2950.043147]  ? lock_downgrade+0x6d0/0x6d0
[ 2950.044082]  ? __fget_files+0x296/0x480
[ 2950.045003]  ? __fget_light+0xea/0x290
[ 2950.045888]  __sys_sendmmsg+0x195/0x470
[ 2950.046779]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2950.047756]  ? lock_downgrade+0x6d0/0x6d0
[ 2950.048714]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2950.049797]  ? wait_for_completion_io+0x270/0x270
[ 2950.050877]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2950.051920]  ? vfs_write+0x354/0xa30
[ 2950.052765]  ? fput_many+0x2f/0x1a0
[ 2950.053576]  ? ksys_write+0x1a9/0x260
[ 2950.054438]  __x64_sys_sendmmsg+0x99/0x100
[ 2950.055377]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2950.056526]  do_syscall_64+0x33/0x40
[ 2950.057343]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2950.058477] RIP: 0033:0x7fc11dcebb19
[ 2950.059303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2950.063301] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2950.064990] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2950.066537] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2950.068100] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2950.069669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2950.071233] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
11:16:23 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:23 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:23 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:23 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 7)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:23 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 6)

11:16:23 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:23 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:23 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2965.881101] FAULT_INJECTION: forcing a failure.
[ 2965.881101] name failslab, interval 1, probability 0, space 0, times 0
[ 2965.883714] CPU: 0 PID: 17438 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2965.885077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2965.886728] Call Trace:
[ 2965.887264]  dump_stack+0x107/0x167
[ 2965.887994]  should_fail.cold+0x5/0xa
[ 2965.888789]  should_failslab+0x5/0x20
[ 2965.889547]  __kmalloc_node_track_caller+0x74/0x3f0
[ 2965.890547]  ? alloc_skb_with_frags+0x92/0x570
[ 2965.891431]  __alloc_skb+0xb1/0x5b0
[ 2965.892139]  alloc_skb_with_frags+0x92/0x570
[ 2965.893004]  ? find_held_lock+0x2c/0x110
[ 2965.893808]  sock_alloc_send_pskb+0x7af/0x930
[ 2965.894683]  ? sk_alloc+0x350/0x350
[ 2965.895405]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2965.896454]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2965.897443]  ? ip6_mtu+0x1bb/0x370
[ 2965.898138]  ? lock_downgrade+0x6d0/0x6d0
[ 2965.898952]  ? ip_frag_init+0x350/0x350
[ 2965.899743]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2965.900666]  ? ip6_mtu+0x1e9/0x370
[ 2965.901366]  ? ip6_setup_cork+0xfb7/0x1740
[ 2965.902195]  ip6_make_skb+0x2de/0x4e0
[ 2965.902944]  ? ip_frag_init+0x350/0x350
[ 2965.903723]  ? ip_frag_init+0x350/0x350
[ 2965.904496]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2965.905424]  ? ip6_dst_check+0x379/0x820
[ 2965.906210]  ? sk_dst_check+0x235/0x460
[ 2965.906985]  udpv6_sendmsg+0x2043/0x29b0
[ 2965.907767]  ? ip_frag_init+0x350/0x350
[ 2965.908544]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2965.909624]  ? find_held_lock+0x2c/0x110
[ 2965.910416]  ? __might_fault+0xd3/0x180
[ 2965.911206]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2965.912173]  ? __import_iovec+0x458/0x590
[ 2965.912995]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2965.913999]  inet6_sendmsg+0x105/0x140
[ 2965.914765]  ? inet6_compat_ioctl+0x320/0x320
[ 2965.915663]  sock_sendmsg+0xf2/0x190
[ 2965.916391]  ____sys_sendmsg+0x334/0x870
[ 2965.917165]  ? kernel_sendmsg+0x50/0x50
[ 2965.917940]  ? do_recvmmsg+0x6d0/0x6d0
[ 2965.918696]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2965.919693]  ? mark_lock+0xf5/0x2df0
[ 2965.920418]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2965.921449]  ? __lock_acquire+0x1657/0x5b00
[ 2965.922277]  ___sys_sendmsg+0xf3/0x170
[ 2965.923025]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2965.923900]  ? lock_downgrade+0x6d0/0x6d0
[ 2965.924703]  ? lock_downgrade+0x6d0/0x6d0
[ 2965.925516]  ? __fget_files+0x296/0x480
[ 2965.926282]  ? __fget_light+0xea/0x290
[ 2965.927033]  __sys_sendmmsg+0x195/0x470
[ 2965.927793]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2965.928644]  ? lock_downgrade+0x6d0/0x6d0
[ 2965.929472]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2965.930398]  ? wait_for_completion_io+0x270/0x270
[ 2965.931321]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2965.932204]  ? vfs_write+0x354/0xa30
[ 2965.932936]  ? fput_many+0x2f/0x1a0
[ 2965.933632]  ? ksys_write+0x1a9/0x260
[ 2965.934367]  __x64_sys_sendmmsg+0x99/0x100
[ 2965.935170]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2965.936158]  do_syscall_64+0x33/0x40
[ 2965.936889]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2965.937870] RIP: 0033:0x7fe3cda85b19
[ 2965.938582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2965.942089] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2965.943536] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2965.944902] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2965.946250] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2965.947597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2965.948951] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
[ 2965.957523] FAULT_INJECTION: forcing a failure.
[ 2965.957523] name failslab, interval 1, probability 0, space 0, times 0
[ 2965.960477] CPU: 1 PID: 17432 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2965.962016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2965.963844] Call Trace:
[ 2965.964430]  dump_stack+0x107/0x167
[ 2965.965258]  should_fail.cold+0x5/0xa
[ 2965.966098]  ? skb_clone+0x14f/0x3d0
[ 2965.966934]  should_failslab+0x5/0x20
[ 2965.967774]  kmem_cache_alloc+0x5b/0x360
[ 2965.968693]  skb_clone+0x14f/0x3d0
[ 2965.969485]  ip6_finish_output2+0x1190/0x1f30
[ 2965.970502]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2965.971608]  ip6_output+0x3b1/0x7f0
[ 2965.972430]  ip6_local_out+0xb4/0x1a0
[ 2965.973282]  ip6_send_skb+0xb7/0x350
[ 2965.974121]  udp_v6_send_skb+0x7aa/0x15b0
[ 2965.975047]  udpv6_sendmsg+0x2086/0x29b0
[ 2965.975951]  ? ip_frag_init+0x350/0x350
[ 2965.976854]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2965.978025]  ? find_held_lock+0x2c/0x110
[ 2965.978923]  ? __might_fault+0xd3/0x180
[ 2965.979824]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2965.980903]  ? __import_iovec+0x458/0x590
[ 2965.981823]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2965.982947]  inet6_sendmsg+0x105/0x140
[ 2965.983808]  ? inet6_compat_ioctl+0x320/0x320
[ 2965.984796]  sock_sendmsg+0xf2/0x190
[ 2965.985646]  ____sys_sendmsg+0x334/0x870
[ 2965.986534]  ? kernel_sendmsg+0x50/0x50
[ 2965.987410]  ? do_recvmmsg+0x6d0/0x6d0
[ 2965.988261]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2965.989429]  ? mark_lock+0xf5/0x2df0
[ 2965.990257]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2965.991413]  ? __lock_acquire+0x1657/0x5b00
[ 2965.992356]  ___sys_sendmsg+0xf3/0x170
[ 2965.993224]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2965.994235]  ? lock_downgrade+0x6d0/0x6d0
[ 2965.995160]  ? lock_downgrade+0x6d0/0x6d0
[ 2965.996068]  ? __fget_files+0x296/0x480
[ 2965.996975]  ? __fget_light+0xea/0x290
[ 2965.997834]  __sys_sendmmsg+0x195/0x470
[ 2965.998727]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2965.999694]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.000655]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2966.001752]  ? wait_for_completion_io+0x270/0x270
[ 2966.002843]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2966.003882]  ? vfs_write+0x354/0xa30
[ 2966.004742]  ? fput_many+0x2f/0x1a0
[ 2966.005562]  ? ksys_write+0x1a9/0x260
[ 2966.006429]  __x64_sys_sendmmsg+0x99/0x100
[ 2966.007380]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2966.008541]  do_syscall_64+0x33/0x40
[ 2966.009391]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2966.010719] RIP: 0033:0x7fc11dcebb19
[ 2966.011778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2966.016895] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2966.018701] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2966.020373] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2966.021995] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2966.023718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2966.025347] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 2966.040929] FAULT_INJECTION: forcing a failure.
[ 2966.040929] name failslab, interval 1, probability 0, space 0, times 0
[ 2966.043277] CPU: 0 PID: 17446 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2966.044532] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2966.046052] Call Trace:
[ 2966.046530]  dump_stack+0x107/0x167
[ 2966.047198]  should_fail.cold+0x5/0xa
[ 2966.047898]  ? cgroup_mkdir+0x254/0xfc0
[ 2966.048643]  should_failslab+0x5/0x20
[ 2966.049331]  __kmalloc+0x72/0x3f0
[ 2966.049989]  cgroup_mkdir+0x254/0xfc0
[ 2966.050724]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2966.051603]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2966.052361]  vfs_mkdir+0x41f/0x660
[ 2966.053014]  do_mkdirat+0x145/0x2a0
[ 2966.053676]  ? user_path_create+0xf0/0xf0
[ 2966.054421]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2966.055364]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2966.056286]  do_syscall_64+0x33/0x40
[ 2966.056970]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2966.057887] RIP: 0033:0x7fd3579f1b19
[ 2966.058555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2966.061872] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2966.063248] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2966.064514] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2966.065826] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2966.067092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2966.068379] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:16:24 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:24 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 6)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2966.333795] FAULT_INJECTION: forcing a failure.
[ 2966.333795] name failslab, interval 1, probability 0, space 0, times 0
[ 2966.335574] CPU: 0 PID: 17470 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2966.336576] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2966.337807] Call Trace:
[ 2966.338212]  dump_stack+0x107/0x167
[ 2966.338763]  should_fail.cold+0x5/0xa
[ 2966.339340]  ? create_object.isra.0+0x3a/0xa20
[ 2966.340022]  should_failslab+0x5/0x20
[ 2966.340584]  kmem_cache_alloc+0x5b/0x360
[ 2966.341197]  create_object.isra.0+0x3a/0xa20
[ 2966.341841]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2966.342611]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 2966.343365]  ? alloc_skb_with_frags+0x92/0x570
[ 2966.344042]  __alloc_skb+0xb1/0x5b0
[ 2966.344604]  alloc_skb_with_frags+0x92/0x570
[ 2966.345251]  ? find_held_lock+0x2c/0x110
[ 2966.345865]  sock_alloc_send_pskb+0x7af/0x930
[ 2966.346538]  ? sk_alloc+0x350/0x350
[ 2966.347097]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2966.347885]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2966.348628]  ? ip6_mtu+0x1bb/0x370
[ 2966.349151]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.349759]  ? ip_frag_init+0x350/0x350
[ 2966.350362]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2966.351046]  ? ip6_mtu+0x1e9/0x370
[ 2966.351573]  ? ip6_setup_cork+0xfb7/0x1740
[ 2966.352201]  ip6_make_skb+0x2de/0x4e0
[ 2966.352780]  ? ip_frag_init+0x350/0x350
[ 2966.353374]  ? ip_frag_init+0x350/0x350
[ 2966.353968]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2966.354674]  ? ip6_dst_check+0x379/0x820
[ 2966.355284]  ? sk_dst_check+0x235/0x460
[ 2966.355879]  udpv6_sendmsg+0x2043/0x29b0
[ 2966.356487]  ? ip_frag_init+0x350/0x350
[ 2966.357103]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2966.357849]  ? find_held_lock+0x2c/0x110
[ 2966.358459]  ? __might_fault+0xd3/0x180
[ 2966.359061]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2966.359793]  ? __import_iovec+0x458/0x590
[ 2966.360415]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2966.361205]  inet6_sendmsg+0x105/0x140
[ 2966.361781]  ? inet6_compat_ioctl+0x320/0x320
[ 2966.362465]  sock_sendmsg+0xf2/0x190
[ 2966.363016]  ____sys_sendmsg+0x334/0x870
[ 2966.363629]  ? kernel_sendmsg+0x50/0x50
[ 2966.364216]  ? do_recvmmsg+0x6d0/0x6d0
[ 2966.364804]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2966.365589]  ? mark_lock+0xf5/0x2df0
[ 2966.366138]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2966.366909]  ? __lock_acquire+0x1657/0x5b00
[ 2966.367544]  ___sys_sendmsg+0xf3/0x170
[ 2966.368121]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2966.368802]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.369412]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.370023]  ? __fget_files+0x296/0x480
[ 2966.370624]  ? __fget_light+0xea/0x290
[ 2966.371207]  __sys_sendmmsg+0x195/0x470
[ 2966.371807]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2966.372444]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.373084]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2966.373798]  ? wait_for_completion_io+0x270/0x270
[ 2966.374506]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2966.375188]  ? vfs_write+0x354/0xa30
[ 2966.375740]  ? fput_many+0x2f/0x1a0
[ 2966.376273]  ? ksys_write+0x1a9/0x260
[ 2966.376848]  __x64_sys_sendmmsg+0x99/0x100
[ 2966.377470]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2966.378242]  do_syscall_64+0x33/0x40
[ 2966.378791]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2966.379544] RIP: 0033:0x7fe3cda85b19
[ 2966.380095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2966.382836] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2966.383961] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2966.385019] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2966.386066] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2966.387125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2966.388170] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
11:16:24 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:24 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:24 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 8)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2966.501753] FAULT_INJECTION: forcing a failure.
[ 2966.501753] name failslab, interval 1, probability 0, space 0, times 0
[ 2966.503708] CPU: 0 PID: 17478 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2966.504777] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2966.505848] Call Trace:
[ 2966.506259]  dump_stack+0x107/0x167
[ 2966.506736]  should_fail.cold+0x5/0xa
[ 2966.507318]  ? create_object.isra.0+0x3a/0xa20
[ 2966.507908]  should_failslab+0x5/0x20
[ 2966.508491]  kmem_cache_alloc+0x5b/0x360
[ 2966.509031]  create_object.isra.0+0x3a/0xa20
[ 2966.509704]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2966.510365]  kmem_cache_alloc+0x159/0x360
[ 2966.510909]  skb_clone+0x14f/0x3d0
[ 2966.511457]  ip6_finish_output2+0x1190/0x1f30
[ 2966.512149]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2966.512820]  ip6_output+0x3b1/0x7f0
[ 2966.513325]  ip6_local_out+0xb4/0x1a0
[ 2966.513850]  ip6_send_skb+0xb7/0x350
[ 2966.514364]  udp_v6_send_skb+0x7aa/0x15b0
[ 2966.514956]  udpv6_sendmsg+0x2086/0x29b0
[ 2966.515517]  ? ip_frag_init+0x350/0x350
[ 2966.516078]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2966.516817]  ? find_held_lock+0x2c/0x110
[ 2966.517379]  ? __might_fault+0xd3/0x180
[ 2966.517943]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2966.518632]  ? __import_iovec+0x458/0x590
[ 2966.519202]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2966.519898]  inet6_sendmsg+0x105/0x140
[ 2966.520487]  ? inet6_compat_ioctl+0x320/0x320
[ 2966.521172]  sock_sendmsg+0xf2/0x190
[ 2966.521733]  ____sys_sendmsg+0x334/0x870
[ 2966.522349]  ? kernel_sendmsg+0x50/0x50
[ 2966.522944]  ? do_recvmmsg+0x6d0/0x6d0
[ 2966.523532]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2966.524321]  ? mark_lock+0xf5/0x2df0
[ 2966.524892]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2966.525681]  ? __lock_acquire+0x1657/0x5b00
[ 2966.526334]  ___sys_sendmsg+0xf3/0x170
[ 2966.526919]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2966.527606]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.528231]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.528816]  ? __fget_files+0x296/0x480
[ 2966.529297]  ? __fget_light+0xea/0x290
[ 2966.529759]  __sys_sendmmsg+0x195/0x470
[ 2966.530232]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2966.530774]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.531300]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2966.531904]  ? wait_for_completion_io+0x270/0x270
[ 2966.532511]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2966.533106]  ? vfs_write+0x354/0xa30
[ 2966.533571]  ? fput_many+0x2f/0x1a0
[ 2966.534024]  ? ksys_write+0x1a9/0x260
[ 2966.534524]  __x64_sys_sendmmsg+0x99/0x100
[ 2966.535048]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2966.535677]  do_syscall_64+0x33/0x40
[ 2966.536147]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2966.536805] RIP: 0033:0x7fc11dcebb19
[ 2966.537268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2966.539626] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2966.540615] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2966.541528] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2966.542437] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2966.543351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2966.544223] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
11:16:24 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:24 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 7)

11:16:24 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:24 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2966.648798] FAULT_INJECTION: forcing a failure.
[ 2966.648798] name failslab, interval 1, probability 0, space 0, times 0
[ 2966.651531] CPU: 1 PID: 17489 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2966.652951] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2966.654638] Call Trace:
[ 2966.655182]  dump_stack+0x107/0x167
[ 2966.655932]  should_fail.cold+0x5/0xa
[ 2966.656728]  ? create_object.isra.0+0x3a/0xa20
[ 2966.657661]  should_failslab+0x5/0x20
[ 2966.658433]  kmem_cache_alloc+0x5b/0x360
[ 2966.659258]  ? selinux_determine_inode_label+0x1ab/0x340
[ 2966.660355]  create_object.isra.0+0x3a/0xa20
11:16:24 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2966.661295]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2966.662496]  __kmalloc+0x16e/0x3f0
[ 2966.663230]  cgroup_mkdir+0x254/0xfc0
[ 2966.664027]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2966.665136]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2966.666088]  vfs_mkdir+0x41f/0x660
[ 2966.666898]  do_mkdirat+0x145/0x2a0
[ 2966.667726]  ? user_path_create+0xf0/0xf0
[ 2966.668682]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2966.669870]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2966.671044]  do_syscall_64+0x33/0x40
[ 2966.671893]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2966.673059] RIP: 0033:0x7fd3579f1b19
[ 2966.673906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2966.678047] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2966.679789] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2966.681395] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2966.682996] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2966.684602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2966.686203] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:16:24 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:24 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 7)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2966.813723] FAULT_INJECTION: forcing a failure.
[ 2966.813723] name failslab, interval 1, probability 0, space 0, times 0
[ 2966.815306] CPU: 0 PID: 17513 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2966.816072] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2966.816967] Call Trace:
[ 2966.817263]  dump_stack+0x107/0x167
[ 2966.817653]  should_fail.cold+0x5/0xa
[ 2966.818061]  ? skb_clone+0x14f/0x3d0
[ 2966.818457]  should_failslab+0x5/0x20
[ 2966.818860]  kmem_cache_alloc+0x5b/0x360
[ 2966.819305]  skb_clone+0x14f/0x3d0
[ 2966.819692]  ip6_finish_output2+0x1190/0x1f30
[ 2966.820179]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2966.820720]  ip6_output+0x3b1/0x7f0
[ 2966.821111]  ip6_local_out+0xb4/0x1a0
[ 2966.821524]  ip6_send_skb+0xb7/0x350
[ 2966.821925]  udp_v6_send_skb+0x7aa/0x15b0
[ 2966.822378]  udpv6_sendmsg+0x2086/0x29b0
[ 2966.822817]  ? ip_frag_init+0x350/0x350
[ 2966.823242]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2966.823804]  ? find_held_lock+0x2c/0x110
[ 2966.824243]  ? __might_fault+0xd3/0x180
[ 2966.824694]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2966.825224]  ? __import_iovec+0x458/0x590
[ 2966.825673]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2966.826225]  inet6_sendmsg+0x105/0x140
[ 2966.826648]  ? inet6_compat_ioctl+0x320/0x320
[ 2966.827131]  sock_sendmsg+0xf2/0x190
[ 2966.827536]  ____sys_sendmsg+0x334/0x870
[ 2966.827974]  ? kernel_sendmsg+0x50/0x50
[ 2966.828408]  ? do_recvmmsg+0x6d0/0x6d0
[ 2966.828828]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2966.829392]  ? mark_lock+0xf5/0x2df0
[ 2966.829794]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2966.830342]  ? __lock_acquire+0x1657/0x5b00
[ 2966.830808]  ___sys_sendmsg+0xf3/0x170
[ 2966.831240]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2966.831736]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.832178]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.832648]  ? __fget_files+0x296/0x480
[ 2966.833080]  ? __fget_light+0xea/0x290
[ 2966.833501]  __sys_sendmmsg+0x195/0x470
[ 2966.833932]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2966.834391]  ? lock_downgrade+0x6d0/0x6d0
[ 2966.834840]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2966.835356]  ? wait_for_completion_io+0x270/0x270
[ 2966.835877]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2966.836372]  ? vfs_write+0x354/0xa30
[ 2966.836782]  ? fput_many+0x2f/0x1a0
[ 2966.837172]  ? ksys_write+0x1a9/0x260
[ 2966.837582]  __x64_sys_sendmmsg+0x99/0x100
[ 2966.838038]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2966.838586]  do_syscall_64+0x33/0x40
[ 2966.838984]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2966.839534] RIP: 0033:0x7fe3cda85b19
[ 2966.839936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2966.841900] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2966.842713] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2966.843481] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2966.844245] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2966.845015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2966.845771] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
11:16:38 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 9)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:38 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:38 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:38 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 8)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:38 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:38 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:38 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:38 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 8)

[ 2980.068752] FAULT_INJECTION: forcing a failure.
[ 2980.068752] name failslab, interval 1, probability 0, space 0, times 0
[ 2980.071206] CPU: 1 PID: 17538 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2980.072036] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2980.073028] Call Trace:
[ 2980.073351]  dump_stack+0x107/0x167
[ 2980.073781]  should_fail.cold+0x5/0xa
[ 2980.074231]  ? create_object.isra.0+0x3a/0xa20
[ 2980.074775]  should_failslab+0x5/0x20
[ 2980.075228]  kmem_cache_alloc+0x5b/0x360
[ 2980.075714]  create_object.isra.0+0x3a/0xa20
[ 2980.076251]  kmemleak_alloc_percpu+0xa0/0x100
[ 2980.076802]  pcpu_alloc+0x4e2/0x12f0
[ 2980.077259]  ? cset_cgroup_from_root+0x2a0/0x2a0
[ 2980.077818]  percpu_ref_init+0x31/0x3d0
[ 2980.078292]  cgroup_mkdir+0x28b/0xfc0
[ 2980.078748]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2980.079318]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2980.079823]  vfs_mkdir+0x41f/0x660
[ 2980.080247]  do_mkdirat+0x145/0x2a0
[ 2980.080677]  ? user_path_create+0xf0/0xf0
[ 2980.081179]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2980.081795]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2980.082411]  do_syscall_64+0x33/0x40
[ 2980.082851]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2980.083462] RIP: 0033:0x7fd3579f1b19
[ 2980.083906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2980.085886] FAULT_INJECTION: forcing a failure.
[ 2980.085886] name failslab, interval 1, probability 0, space 0, times 0
[ 2980.086080] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2980.086122] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2980.086129] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2980.086135] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2980.086142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2980.086148] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
[ 2980.098268] CPU: 0 PID: 17542 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2980.099727] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2980.101485] Call Trace:
[ 2980.102050]  dump_stack+0x107/0x167
[ 2980.102823]  should_fail.cold+0x5/0xa
[ 2980.103627]  ? mac80211_hwsim_tx_frame_no_nl.isra.0+0x695/0x13d0
[ 2980.104903]  ? __alloc_skb+0x6d/0x5b0
[ 2980.105705]  should_failslab+0x5/0x20
[ 2980.106508]  kmem_cache_alloc_node+0x55/0x370
[ 2980.107453]  __alloc_skb+0x6d/0x5b0
[ 2980.108224]  skb_copy+0x137/0x2f0
[ 2980.108975]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 2980.110229]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 2980.111316]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 2980.112523]  ? find_held_lock+0x2c/0x110
[ 2980.113407]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 2980.114484]  mac80211_hwsim_tx+0x574/0x1270
[ 2980.115393]  ? trace_hardirqs_on+0x5b/0x180
[ 2980.116300]  ieee80211_tx_frags+0x59c/0x9f0
[ 2980.117219]  ? fq_skb_free_func+0x20/0x20
[ 2980.118107]  __ieee80211_tx+0x1ad/0x620
[ 2980.118947]  ieee80211_tx+0x329/0x410
[ 2980.119746]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 2980.120832]  ? __ieee80211_tx+0x620/0x620
[ 2980.121701]  ? ieee80211_skb_resize+0x116/0x630
[ 2980.122686]  ieee80211_xmit+0x220/0x2a0
[ 2980.123530]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 2980.124818]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 2980.125907]  ieee80211_subif_start_xmit+0xef/0xf30
[ 2980.127113]  ? skb_network_protocol+0x145/0x570
[ 2980.128095]  ? skb_crc32c_csum_help+0x80/0x80
[ 2980.129206]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 2980.130325]  ? lock_acquire+0x197/0x490
[ 2980.131302]  ? sch_direct_xmit+0x31a/0x790
[ 2980.132212]  ? lock_release+0x6b0/0x6b0
[ 2980.133085]  dev_hard_start_xmit+0x1cb/0x840
[ 2980.134185]  sch_direct_xmit+0x25f/0x790
[ 2980.135038]  ? find_held_lock+0x2c/0x110
[ 2980.136029]  ? dev_watchdog+0xc60/0xc60
[ 2980.136873]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 2980.137819]  __qdisc_run+0x4aa/0x1610
[ 2980.138630]  __dev_queue_xmit+0xd99/0x2730
[ 2980.139505]  ? ip6_finish_output2+0x171f/0x1f30
[ 2980.140477]  ? find_held_lock+0x2c/0x110
[ 2980.141336]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 2980.142290]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.143171]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 2980.144266]  ip6_finish_output2+0x171f/0x1f30
[ 2980.145237]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2980.146280]  ip6_output+0x3b1/0x7f0
[ 2980.147049]  ip6_local_out+0xb4/0x1a0
[ 2980.147846]  ip6_send_skb+0xb7/0x350
[ 2980.148631]  udp_v6_send_skb+0x7aa/0x15b0
[ 2980.149521]  udpv6_sendmsg+0x2086/0x29b0
[ 2980.150364]  ? ip_frag_init+0x350/0x350
[ 2980.151206]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2980.152303]  ? find_held_lock+0x2c/0x110
[ 2980.153169]  ? __might_fault+0xd3/0x180
[ 2980.154016]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2980.155043]  ? __import_iovec+0x458/0x590
[ 2980.155895]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2980.156979]  inet6_sendmsg+0x105/0x140
[ 2980.157784]  ? inet6_compat_ioctl+0x320/0x320
[ 2980.158708]  sock_sendmsg+0xf2/0x190
[ 2980.159478]  ____sys_sendmsg+0x334/0x870
[ 2980.160322]  ? kernel_sendmsg+0x50/0x50
[ 2980.161143]  ? do_recvmmsg+0x6d0/0x6d0
[ 2980.161959]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2980.163231]  ? mark_lock+0xf5/0x2df0
[ 2980.164004]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2980.165280]  ? __lock_acquire+0x1657/0x5b00
[ 2980.166174]  ___sys_sendmsg+0xf3/0x170
[ 2980.167116]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2980.168070]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.169096]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.169964]  ? __fget_files+0x296/0x480
[ 2980.170802]  ? __fget_light+0xea/0x290
[ 2980.171619]  __sys_sendmmsg+0x195/0x470
[ 2980.172449]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2980.173350]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.174225]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2980.175216]  ? wait_for_completion_io+0x270/0x270
[ 2980.176205]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2980.177161]  ? vfs_write+0x354/0xa30
[ 2980.177933]  ? fput_many+0x2f/0x1a0
[ 2980.178681]  ? ksys_write+0x1a9/0x260
[ 2980.179476]  __x64_sys_sendmmsg+0x99/0x100
[ 2980.180339]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2980.181395]  do_syscall_64+0x33/0x40
[ 2980.182160]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2980.183209] RIP: 0033:0x7fc11dcebb19
[ 2980.183973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2980.187709] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2980.189259] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2980.190753] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2980.192375] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2980.194001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2980.195621] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 2980.210583] FAULT_INJECTION: forcing a failure.
[ 2980.210583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2980.212157] CPU: 1 PID: 17541 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 2980.212933] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2980.213869] Call Trace:
[ 2980.214167]  dump_stack+0x107/0x167
[ 2980.214575]  should_fail.cold+0x5/0xa
[ 2980.215004]  _copy_from_user+0x2e/0x1b0
[ 2980.215451]  __copy_msghdr_from_user+0x91/0x4b0
[ 2980.215966]  ? __ia32_sys_shutdown+0x80/0x80
[ 2980.216458]  ? __lock_acquire+0xbb1/0x5b00
[ 2980.216956]  sendmsg_copy_msghdr+0xa1/0x160
[ 2980.217435]  ? do_recvmmsg+0x6d0/0x6d0
[ 2980.217872]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2980.218452]  ? mark_lock+0xf5/0x2df0
[ 2980.218881]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2980.219430]  ? __lock_acquire+0x1657/0x5b00
[ 2980.219947]  ___sys_sendmsg+0xc6/0x170
[ 2980.220397]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2980.220923]  ? __fget_files+0x26d/0x480
[ 2980.221381]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.221861]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.222345]  ? __fget_files+0x296/0x480
[ 2980.222814]  ? __fget_light+0xea/0x290
[ 2980.223269]  __sys_sendmmsg+0x195/0x470
[ 2980.223735]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2980.224241]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.224731]  ? ksys_write+0x12d/0x260
[ 2980.225197]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2980.225754]  ? wait_for_completion_io+0x270/0x270
[ 2980.226315]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2980.226845]  ? vfs_write+0x354/0xa30
[ 2980.227278]  ? fput_many+0x2f/0x1a0
[ 2980.227701]  ? ksys_write+0x1a9/0x260
[ 2980.228146]  __x64_sys_sendmmsg+0x99/0x100
[ 2980.228628]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2980.229230]  do_syscall_64+0x33/0x40
[ 2980.229656]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2980.230247] RIP: 0033:0x7fc6b3968b19
[ 2980.230693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2980.232857] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2980.233739] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 2980.234563] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2980.235389] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2980.236217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2980.237048] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 2980.246646] FAULT_INJECTION: forcing a failure.
[ 2980.246646] name failslab, interval 1, probability 0, space 0, times 0
[ 2980.249403] CPU: 0 PID: 17546 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2980.250940] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2980.252788] Call Trace:
[ 2980.253386]  dump_stack+0x107/0x167
[ 2980.254205]  should_fail.cold+0x5/0xa
[ 2980.255057]  ? create_object.isra.0+0x3a/0xa20
[ 2980.256084]  should_failslab+0x5/0x20
[ 2980.256948]  kmem_cache_alloc+0x5b/0x360
[ 2980.257854]  create_object.isra.0+0x3a/0xa20
[ 2980.258829]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2980.259954]  kmem_cache_alloc+0x159/0x360
[ 2980.260883]  skb_clone+0x14f/0x3d0
[ 2980.261675]  ip6_finish_output2+0x1190/0x1f30
[ 2980.262682]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2980.263789]  ip6_output+0x3b1/0x7f0
[ 2980.264602]  ip6_local_out+0xb4/0x1a0
[ 2980.265459]  ip6_send_skb+0xb7/0x350
[ 2980.266291]  udp_v6_send_skb+0x7aa/0x15b0
[ 2980.267220]  udpv6_sendmsg+0x2086/0x29b0
[ 2980.268115]  ? ip_frag_init+0x350/0x350
[ 2980.269022]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2980.270210]  ? find_held_lock+0x2c/0x110
[ 2980.271286]  ? __might_fault+0xd3/0x180
[ 2980.272206]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2980.273324]  ? __import_iovec+0x458/0x590
[ 2980.274405]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2980.275556]  inet6_sendmsg+0x105/0x140
[ 2980.276567]  ? inet6_compat_ioctl+0x320/0x320
[ 2980.277588]  sock_sendmsg+0xf2/0x190
[ 2980.278560]  ____sys_sendmsg+0x334/0x870
[ 2980.279472]  ? kernel_sendmsg+0x50/0x50
[ 2980.280469]  ? do_recvmmsg+0x6d0/0x6d0
[ 2980.281323]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2980.282452]  ? mark_lock+0xf5/0x2df0
[ 2980.283256]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2980.284383]  ? __lock_acquire+0x1657/0x5b00
[ 2980.285320]  ___sys_sendmsg+0xf3/0x170
[ 2980.286160]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2980.287143]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.288039]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.288949]  ? __fget_files+0x296/0x480
[ 2980.289805]  ? __fget_light+0xea/0x290
[ 2980.290640]  __sys_sendmmsg+0x195/0x470
[ 2980.291494]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2980.292415]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.293325]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2980.294358]  ? wait_for_completion_io+0x270/0x270
[ 2980.295386]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2980.296374]  ? vfs_write+0x354/0xa30
[ 2980.297179]  ? fput_many+0x2f/0x1a0
[ 2980.297958]  ? ksys_write+0x1a9/0x260
[ 2980.298778]  __x64_sys_sendmmsg+0x99/0x100
[ 2980.299676]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2980.300788]  do_syscall_64+0x33/0x40
[ 2980.301584]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2980.302692] RIP: 0033:0x7fe3cda85b19
[ 2980.303485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2980.307365] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2980.308980] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2980.310490] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2980.311997] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2980.313521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2980.315023] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
11:16:38 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 9)

[ 2980.368383] FAULT_INJECTION: forcing a failure.
[ 2980.368383] name failslab, interval 1, probability 0, space 0, times 0
[ 2980.369573] CPU: 1 PID: 17557 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2980.370361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2980.371179] Call Trace:
[ 2980.371496]  dump_stack+0x107/0x167
[ 2980.371909]  should_fail.cold+0x5/0xa
[ 2980.372347]  ? create_object.isra.0+0x3a/0xa20
[ 2980.372882]  should_failslab+0x5/0x20
[ 2980.373320]  kmem_cache_alloc+0x5b/0x360
[ 2980.373788]  ? mark_held_locks+0x9e/0xe0
[ 2980.374251]  create_object.isra.0+0x3a/0xa20
[ 2980.374756]  kmemleak_alloc_percpu+0xa0/0x100
[ 2980.375238]  pcpu_alloc+0x4e2/0x12f0
[ 2980.375674]  ? cset_cgroup_from_root+0x2a0/0x2a0
[ 2980.376228]  percpu_ref_init+0x31/0x3d0
[ 2980.376688]  cgroup_mkdir+0x28b/0xfc0
[ 2980.377139]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2980.377685]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2980.378170]  vfs_mkdir+0x41f/0x660
[ 2980.378584]  do_mkdirat+0x145/0x2a0
[ 2980.379000]  ? user_path_create+0xf0/0xf0
[ 2980.379480]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2980.380049]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2980.380643]  do_syscall_64+0x33/0x40
[ 2980.381088]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2980.381671] RIP: 0033:0x7fd3579f1b19
[ 2980.382095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2980.384214] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2980.385112] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2980.385970] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2980.386795] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2980.387626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2980.388452] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:16:38 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2980.496745] FAULT_INJECTION: forcing a failure.
[ 2980.496745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2980.498311] CPU: 1 PID: 17566 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 2980.499082] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2980.500004] Call Trace:
[ 2980.500307]  dump_stack+0x107/0x167
[ 2980.500734]  should_fail.cold+0x5/0xa
[ 2980.501196]  _copy_from_user+0x2e/0x1b0
[ 2980.501643]  iovec_from_user+0x141/0x400
[ 2980.502108]  __import_iovec+0x67/0x590
[ 2980.502563]  ? __ia32_sys_shutdown+0x80/0x80
[ 2980.503073]  import_iovec+0x83/0xb0
[ 2980.503467]  sendmsg_copy_msghdr+0x131/0x160
[ 2980.503955]  ? do_recvmmsg+0x6d0/0x6d0
[ 2980.504394]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2980.505029]  ? mark_lock+0xf5/0x2df0
[ 2980.505464]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2980.506071]  ? __lock_acquire+0x1657/0x5b00
[ 2980.506568]  ___sys_sendmsg+0xc6/0x170
[ 2980.507014]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2980.507547]  ? __fget_files+0x26d/0x480
[ 2980.508012]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.508469]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.508966]  ? __fget_files+0x296/0x480
[ 2980.509416]  ? __fget_light+0xea/0x290
[ 2980.509865]  __sys_sendmmsg+0x195/0x470
[ 2980.510327]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2980.510830]  ? lock_downgrade+0x6d0/0x6d0
[ 2980.511313]  ? ksys_write+0x12d/0x260
[ 2980.511757]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2980.512311]  ? wait_for_completion_io+0x270/0x270
[ 2980.512885]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2980.513423]  ? vfs_write+0x354/0xa30
[ 2980.513858]  ? fput_many+0x2f/0x1a0
[ 2980.514278]  ? ksys_write+0x1a9/0x260
[ 2980.514729]  __x64_sys_sendmmsg+0x99/0x100
[ 2980.515219]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2980.515812]  do_syscall_64+0x33/0x40
[ 2980.516240]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2980.516849] RIP: 0033:0x7fc6b3968b19
[ 2980.517278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2980.519396] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2980.520282] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 2980.521133] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2980.521962] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2980.522788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2980.523621] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
11:16:53 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x6, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:53 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 9)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:53 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 10)

11:16:53 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 10)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:53 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:53 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:53 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:53 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2995.619761] FAULT_INJECTION: forcing a failure.
[ 2995.619761] name failslab, interval 1, probability 0, space 0, times 0
[ 2995.622715] CPU: 1 PID: 17595 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 2995.624263] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2995.626125] Call Trace:
[ 2995.626721]  dump_stack+0x107/0x167
[ 2995.627544]  should_fail.cold+0x5/0xa
[ 2995.628466]  ? __alloc_skb+0x6d/0x5b0
[ 2995.629539]  should_failslab+0x5/0x20
[ 2995.630584]  kmem_cache_alloc_node+0x55/0x370
[ 2995.631811]  __alloc_skb+0x6d/0x5b0
[ 2995.632811]  alloc_skb_with_frags+0x92/0x570
[ 2995.634030]  ? find_held_lock+0x2c/0x110
[ 2995.635150]  sock_alloc_send_pskb+0x7af/0x930
[ 2995.636397]  ? sk_alloc+0x350/0x350
[ 2995.637309]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2995.638506]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2995.639643]  ? ip6_mtu+0x1bb/0x370
[ 2995.640441]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.641378]  ? ip_frag_init+0x350/0x350
[ 2995.642288]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2995.643320]  ? ip6_mtu+0x1e9/0x370
[ 2995.644125]  ? ip6_setup_cork+0xfb7/0x1740
[ 2995.645089]  ip6_make_skb+0x2de/0x4e0
[ 2995.645933]  ? ip_frag_init+0x350/0x350
[ 2995.646826]  ? ip_frag_init+0x350/0x350
[ 2995.647718]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2995.648783]  ? ip6_dst_check+0x379/0x820
[ 2995.649711]  ? sk_dst_check+0x235/0x460
[ 2995.650610]  udpv6_sendmsg+0x2043/0x29b0
[ 2995.651518]  ? ip_frag_init+0x350/0x350
[ 2995.652417]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2995.653594]  ? find_held_lock+0x2c/0x110
[ 2995.654505]  ? __might_fault+0xd3/0x180
[ 2995.655409]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2995.656506]  ? __import_iovec+0x458/0x590
[ 2995.657433]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2995.658584]  inet6_sendmsg+0x105/0x140
[ 2995.659445]  ? inet6_compat_ioctl+0x320/0x320
[ 2995.660427]  sock_sendmsg+0xf2/0x190
[ 2995.661270]  ____sys_sendmsg+0x334/0x870
[ 2995.662176]  ? kernel_sendmsg+0x50/0x50
[ 2995.663053]  ? do_recvmmsg+0x6d0/0x6d0
[ 2995.663922]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2995.665089]  ? mark_lock+0xf5/0x2df0
[ 2995.665918]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2995.667076]  ? __lock_acquire+0x1657/0x5b00
[ 2995.668034]  ___sys_sendmsg+0xf3/0x170
[ 2995.668901]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2995.669936]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.670863]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.671787]  ? __fget_files+0x296/0x480
[ 2995.672683]  ? __fget_light+0xea/0x290
[ 2995.673559]  __sys_sendmmsg+0x195/0x470
[ 2995.674444]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2995.675407]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.676345]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2995.677444]  ? wait_for_completion_io+0x270/0x270
[ 2995.678508]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2995.678620] FAULT_INJECTION: forcing a failure.
[ 2995.678620] name failslab, interval 1, probability 0, space 0, times 0
[ 2995.679522]  ? vfs_write+0x354/0xa30
[ 2995.679546]  ? fput_many+0x2f/0x1a0
[ 2995.679565]  ? ksys_write+0x1a9/0x260
[ 2995.679595]  __x64_sys_sendmmsg+0x99/0x100
[ 2995.679612]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2995.679631]  do_syscall_64+0x33/0x40
[ 2995.679652]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2995.679665] RIP: 0033:0x7fc6b3968b19
[ 2995.679686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2995.679696] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2995.679717] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 2995.679728] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2995.679739] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2995.679750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2995.679762] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 2995.691486] FAULT_INJECTION: forcing a failure.
[ 2995.691486] name failslab, interval 1, probability 0, space 0, times 0
[ 2995.692011] CPU: 0 PID: 17599 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2995.692026] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2995.701496] Call Trace:
[ 2995.701887]  dump_stack+0x107/0x167
[ 2995.702416]  should_fail.cold+0x5/0xa
[ 2995.702968]  ? percpu_ref_init+0xd8/0x3d0
[ 2995.703572]  should_failslab+0x5/0x20
[ 2995.704126]  kmem_cache_alloc_trace+0x55/0x360
[ 2995.704800]  ? cset_cgroup_from_root+0x2a0/0x2a0
[ 2995.705491]  percpu_ref_init+0xd8/0x3d0
[ 2995.706073]  cgroup_mkdir+0x28b/0xfc0
[ 2995.706628]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2995.707312]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2995.707926]  vfs_mkdir+0x41f/0x660
[ 2995.708452]  do_mkdirat+0x145/0x2a0
[ 2995.708993]  ? user_path_create+0xf0/0xf0
[ 2995.709596]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2995.710351]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2995.711110]  do_syscall_64+0x33/0x40
[ 2995.711656]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2995.712401] RIP: 0033:0x7fd3579f1b19
[ 2995.712944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2995.715605] RSP: 002b:00007fd354f46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2995.716702] RAX: ffffffffffffffda RBX: 00007fd357b05020 RCX: 00007fd3579f1b19
[ 2995.717734] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2995.718752] RBP: 00007fd354f461d0 R08: 0000000000000000 R09: 0000000000000000
[ 2995.719783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2995.720805] R13: 00007ffc675ec60f R14: 00007fd354f46300 R15: 0000000000022000
[ 2995.721876] CPU: 1 PID: 17600 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2995.723373] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2995.725186] Call Trace:
[ 2995.725762]  dump_stack+0x107/0x167
[ 2995.726549]  should_fail.cold+0x5/0xa
[ 2995.727390]  ? mac80211_hwsim_tx_frame_no_nl.isra.0+0x695/0x13d0
[ 2995.728681]  ? __alloc_skb+0x6d/0x5b0
[ 2995.729526]  should_failslab+0x5/0x20
[ 2995.730351]  kmem_cache_alloc_node+0x55/0x370
[ 2995.731332]  __alloc_skb+0x6d/0x5b0
[ 2995.732128]  skb_copy+0x137/0x2f0
[ 2995.732892]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 2995.734167]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 2995.735274]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 2995.736501]  ? find_held_lock+0x2c/0x110
[ 2995.737390]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 2995.738482]  mac80211_hwsim_tx+0x574/0x1270
[ 2995.739411]  ? trace_hardirqs_on+0x5b/0x180
[ 2995.740338]  ieee80211_tx_frags+0x59c/0x9f0
[ 2995.741290]  ? fq_skb_free_func+0x20/0x20
[ 2995.742194]  __ieee80211_tx+0x1ad/0x620
[ 2995.743053]  ieee80211_tx+0x329/0x410
[ 2995.743868]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 2995.744971]  ? __ieee80211_tx+0x620/0x620
[ 2995.745858]  ? ieee80211_skb_resize+0x116/0x630
[ 2995.746860]  ieee80211_xmit+0x220/0x2a0
[ 2995.747719]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 2995.748828]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 2995.749942]  ieee80211_subif_start_xmit+0xef/0xf30
[ 2995.750986]  ? skb_network_protocol+0x145/0x570
[ 2995.751978]  ? skb_crc32c_csum_help+0x80/0x80
[ 2995.752926]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 2995.754060]  ? lock_acquire+0x197/0x490
[ 2995.754899]  ? sch_direct_xmit+0x31a/0x790
[ 2995.755798]  ? lock_release+0x6b0/0x6b0
[ 2995.756655]  dev_hard_start_xmit+0x1cb/0x840
[ 2995.757605]  sch_direct_xmit+0x25f/0x790
[ 2995.758467]  ? find_held_lock+0x2c/0x110
[ 2995.759328]  ? dev_watchdog+0xc60/0xc60
[ 2995.760167]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 2995.761152]  __qdisc_run+0x4aa/0x1610
[ 2995.761981]  __dev_queue_xmit+0xd99/0x2730
[ 2995.762874]  ? ip6_finish_output2+0x171f/0x1f30
[ 2995.763864]  ? find_held_lock+0x2c/0x110
[ 2995.764726]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 2995.765704]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.766595]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 2995.767707]  ip6_finish_output2+0x171f/0x1f30
[ 2995.768667]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2995.769733]  ip6_output+0x3b1/0x7f0
[ 2995.770507]  ip6_local_out+0xb4/0x1a0
[ 2995.771310]  ip6_send_skb+0xb7/0x350
[ 2995.772097]  udp_v6_send_skb+0x7aa/0x15b0
[ 2995.772988]  udpv6_sendmsg+0x2086/0x29b0
[ 2995.773837]  ? ip_frag_init+0x350/0x350
[ 2995.774685]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2995.775787]  ? find_held_lock+0x2c/0x110
[ 2995.776643]  ? __might_fault+0xd3/0x180
[ 2995.777504]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2995.778545]  ? __import_iovec+0x458/0x590
[ 2995.779412]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2995.780494]  inet6_sendmsg+0x105/0x140
[ 2995.781325]  ? inet6_compat_ioctl+0x320/0x320
[ 2995.782259]  sock_sendmsg+0xf2/0x190
[ 2995.783041]  ____sys_sendmsg+0x334/0x870
[ 2995.783895]  ? kernel_sendmsg+0x50/0x50
[ 2995.784716]  ? do_recvmmsg+0x6d0/0x6d0
[ 2995.785532]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2995.786620]  ? mark_lock+0xf5/0x2df0
[ 2995.787398]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2995.788478]  ? __lock_acquire+0x1657/0x5b00
[ 2995.789397]  ___sys_sendmsg+0xf3/0x170
[ 2995.790208]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2995.791164]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.792035]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.792901]  ? __fget_files+0x296/0x480
[ 2995.793749]  ? __fget_light+0xea/0x290
[ 2995.794569]  __sys_sendmmsg+0x195/0x470
[ 2995.795403]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2995.796298]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.797201]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2995.798206]  ? wait_for_completion_io+0x270/0x270
[ 2995.799211]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2995.800172]  ? vfs_write+0x354/0xa30
[ 2995.800958]  ? fput_many+0x2f/0x1a0
[ 2995.801726]  ? ksys_write+0x1a9/0x260
[ 2995.802516]  __x64_sys_sendmmsg+0x99/0x100
[ 2995.803384]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2995.804446]  do_syscall_64+0x33/0x40
[ 2995.805226]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2995.806272] RIP: 0033:0x7fe3cda85b19
[ 2995.807038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2995.810798] RSP: 002b:00007fe3cafda188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2995.812351] RAX: ffffffffffffffda RBX: 00007fe3cdb99020 RCX: 00007fe3cda85b19
[ 2995.813815] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2995.815264] RBP: 00007fe3cafda1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2995.816708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2995.818163] R13: 00007ffc6dcd9d6f R14: 00007fe3cafda300 R15: 0000000000022000
[ 2995.828338] FAULT_INJECTION: forcing a failure.
[ 2995.828338] name failslab, interval 1, probability 0, space 0, times 0
[ 2995.830683] CPU: 1 PID: 17606 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2995.832108] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2995.833834] Call Trace:
[ 2995.834373]  dump_stack+0x107/0x167
[ 2995.835137]  should_fail.cold+0x5/0xa
[ 2995.835898]  ? create_object.isra.0+0x3a/0xa20
[ 2995.836852]  should_failslab+0x5/0x20
[ 2995.837642]  kmem_cache_alloc+0x5b/0x360
[ 2995.838497]  create_object.isra.0+0x3a/0xa20
[ 2995.839391]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2995.840456]  kmem_cache_alloc_node+0x169/0x370
[ 2995.841398]  __alloc_skb+0x6d/0x5b0
[ 2995.842143]  skb_copy+0x137/0x2f0
[ 2995.842867]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 2995.844078]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 2995.845179]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 2995.846351]  ? find_held_lock+0x2c/0x110
[ 2995.847195]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 2995.848221]  mac80211_hwsim_tx+0x574/0x1270
[ 2995.849126]  ? trace_hardirqs_on+0x5b/0x180
[ 2995.850010]  ieee80211_tx_frags+0x59c/0x9f0
[ 2995.850909]  ? fq_skb_free_func+0x20/0x20
[ 2995.851800]  __ieee80211_tx+0x1ad/0x620
[ 2995.852611]  ieee80211_tx+0x329/0x410
[ 2995.853400]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 2995.854429]  ? __ieee80211_tx+0x620/0x620
[ 2995.855262]  ? ieee80211_skb_resize+0x116/0x630
[ 2995.856203]  ieee80211_xmit+0x220/0x2a0
[ 2995.857028]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 2995.858071]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 2995.859106]  ieee80211_subif_start_xmit+0xef/0xf30
[ 2995.860088]  ? skb_network_protocol+0x145/0x570
[ 2995.861044]  ? skb_crc32c_csum_help+0x80/0x80
[ 2995.861945]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 2995.863168]  ? lock_acquire+0x197/0x490
[ 2995.864079]  ? sch_direct_xmit+0x31a/0x790
[ 2995.865071]  ? lock_release+0x6b0/0x6b0
[ 2995.866002]  dev_hard_start_xmit+0x1cb/0x840
[ 2995.867026]  sch_direct_xmit+0x25f/0x790
[ 2995.867960]  ? find_held_lock+0x2c/0x110
[ 2995.868906]  ? dev_watchdog+0xc60/0xc60
[ 2995.870110]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 2995.871159]  __qdisc_run+0x4aa/0x1610
[ 2995.872059]  __dev_queue_xmit+0xd99/0x2730
[ 2995.873051]  ? ip6_finish_output2+0x171f/0x1f30
[ 2995.874128]  ? find_held_lock+0x2c/0x110
[ 2995.875062]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 2995.876113]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.877086]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 2995.878283]  ip6_finish_output2+0x171f/0x1f30
[ 2995.879319]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2995.880461]  ip6_output+0x3b1/0x7f0
[ 2995.881517]  ip6_local_out+0xb4/0x1a0
[ 2995.882450]  ip6_send_skb+0xb7/0x350
[ 2995.883353]  udp_v6_send_skb+0x7aa/0x15b0
[ 2995.884367]  udpv6_sendmsg+0x2086/0x29b0
[ 2995.885379]  ? ip_frag_init+0x350/0x350
[ 2995.886352]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2995.887611]  ? find_held_lock+0x2c/0x110
[ 2995.888595]  ? __might_fault+0xd3/0x180
[ 2995.889600]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2995.890799]  ? __import_iovec+0x458/0x590
[ 2995.891796]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2995.893055]  inet6_sendmsg+0x105/0x140
[ 2995.893996]  ? inet6_compat_ioctl+0x320/0x320
[ 2995.895077]  sock_sendmsg+0xf2/0x190
[ 2995.895974]  ____sys_sendmsg+0x334/0x870
[ 2995.896982]  ? kernel_sendmsg+0x50/0x50
[ 2995.897943]  ? do_recvmmsg+0x6d0/0x6d0
[ 2995.898748]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2995.899806]  ? mark_lock+0xf5/0x2df0
[ 2995.900580]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2995.901649]  ? __lock_acquire+0x1657/0x5b00
[ 2995.902542]  ___sys_sendmsg+0xf3/0x170
[ 2995.903349]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2995.904299]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.905158]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.906017]  ? __fget_files+0x296/0x480
[ 2995.906838]  ? __fget_light+0xea/0x290
[ 2995.907656]  __sys_sendmmsg+0x195/0x470
[ 2995.908475]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2995.909373]  ? lock_downgrade+0x6d0/0x6d0
[ 2995.910250]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2995.911247]  ? wait_for_completion_io+0x270/0x270
[ 2995.912221]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2995.913176]  ? vfs_write+0x354/0xa30
[ 2995.913937]  ? fput_many+0x2f/0x1a0
[ 2995.914683]  ? ksys_write+0x1a9/0x260
[ 2995.915481]  __x64_sys_sendmmsg+0x99/0x100
[ 2995.916347]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2995.917408]  do_syscall_64+0x33/0x40
[ 2995.918175]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2995.919214] RIP: 0033:0x7fc11dcebb19
[ 2995.919967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2995.923720] RSP: 002b:00007fc11b240188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2995.925285] RAX: ffffffffffffffda RBX: 00007fc11ddff020 RCX: 00007fc11dcebb19
[ 2995.926737] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2995.928196] RBP: 00007fc11b2401d0 R08: 0000000000000000 R09: 0000000000000000
[ 2995.929683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2995.931162] R13: 00007ffce838591f R14: 00007fc11b240300 R15: 0000000000022000
11:16:54 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x6, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:54 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 11)

11:16:54 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:54 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 10)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2996.211274] FAULT_INJECTION: forcing a failure.
[ 2996.211274] name failslab, interval 1, probability 0, space 0, times 0
[ 2996.214176] CPU: 1 PID: 17627 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2996.215573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2996.217255] Call Trace:
[ 2996.217795]  dump_stack+0x107/0x167
[ 2996.218561]  should_fail.cold+0x5/0xa
[ 2996.219351]  ? create_object.isra.0+0x3a/0xa20
[ 2996.220301]  should_failslab+0x5/0x20
[ 2996.221086]  kmem_cache_alloc+0x5b/0x360
[ 2996.221915]  create_object.isra.0+0x3a/0xa20
[ 2996.222804]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2996.223831]  kmem_cache_alloc_trace+0x151/0x360
[ 2996.224780]  ? cset_cgroup_from_root+0x2a0/0x2a0
[ 2996.225752]  percpu_ref_init+0xd8/0x3d0
[ 2996.226553]  cgroup_mkdir+0x28b/0xfc0
[ 2996.227335]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2996.228289]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2996.229161]  vfs_mkdir+0x41f/0x660
[ 2996.229883]  do_mkdirat+0x145/0x2a0
[ 2996.230626]  ? user_path_create+0xf0/0xf0
[ 2996.231473]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2996.232543]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2996.233595]  do_syscall_64+0x33/0x40
[ 2996.234364]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2996.235402] RIP: 0033:0x7fd3579f1b19
[ 2996.236158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2996.239885] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2996.241430] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2996.242871] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2996.244307] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2996.245760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2996.247195] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
[ 2996.251577] FAULT_INJECTION: forcing a failure.
[ 2996.251577] name failslab, interval 1, probability 0, space 0, times 0
[ 2996.252866] CPU: 0 PID: 17634 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2996.253614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2996.254509] Call Trace:
[ 2996.254787]  dump_stack+0x107/0x167
[ 2996.255183]  should_fail.cold+0x5/0xa
[ 2996.255576]  ? create_object.isra.0+0x3a/0xa20
[ 2996.256077]  should_failslab+0x5/0x20
[ 2996.256467]  kmem_cache_alloc+0x5b/0x360
[ 2996.256904]  create_object.isra.0+0x3a/0xa20
[ 2996.257369]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2996.257918]  kmem_cache_alloc_node+0x169/0x370
[ 2996.258388]  __alloc_skb+0x6d/0x5b0
[ 2996.258782]  skb_copy+0x137/0x2f0
[ 2996.259146]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 2996.259790]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 2996.260323]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 2996.260950]  ? find_held_lock+0x2c/0x110
[ 2996.261392]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 2996.261918]  mac80211_hwsim_tx+0x574/0x1270
[ 2996.262375]  ? trace_hardirqs_on+0x5b/0x180
[ 2996.262833]  ieee80211_tx_frags+0x59c/0x9f0
[ 2996.263299]  ? fq_skb_free_func+0x20/0x20
[ 2996.263756]  __ieee80211_tx+0x1ad/0x620
[ 2996.264184]  ieee80211_tx+0x329/0x410
[ 2996.264575]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 2996.265121]  ? __ieee80211_tx+0x620/0x620
[ 2996.265548]  ? ieee80211_skb_resize+0x116/0x630
[ 2996.266044]  ieee80211_xmit+0x220/0x2a0
[ 2996.266456]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 2996.267014]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 2996.267555]  ieee80211_subif_start_xmit+0xef/0xf30
[ 2996.268086]  ? skb_network_protocol+0x145/0x570
[ 2996.268576]  ? skb_crc32c_csum_help+0x80/0x80
[ 2996.269074]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 2996.269625]  ? lock_acquire+0x197/0x490
[ 2996.270058]  ? sch_direct_xmit+0x31a/0x790
[ 2996.270503]  ? lock_release+0x6b0/0x6b0
[ 2996.270940]  dev_hard_start_xmit+0x1cb/0x840
[ 2996.271400]  sch_direct_xmit+0x25f/0x790
[ 2996.271833]  ? find_held_lock+0x2c/0x110
[ 2996.272271]  ? dev_watchdog+0xc60/0xc60
[ 2996.272696]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 2996.273192]  __qdisc_run+0x4aa/0x1610
[ 2996.273593]  __dev_queue_xmit+0xd99/0x2730
[ 2996.274049]  ? ip6_finish_output2+0x171f/0x1f30
[ 2996.274542]  ? find_held_lock+0x2c/0x110
[ 2996.274979]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 2996.275460]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.275908]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 2996.276461]  ip6_finish_output2+0x171f/0x1f30
[ 2996.276957]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2996.277485]  ip6_output+0x3b1/0x7f0
[ 2996.277877]  ip6_local_out+0xb4/0x1a0
[ 2996.278284]  ip6_send_skb+0xb7/0x350
[ 2996.278688]  udp_v6_send_skb+0x7aa/0x15b0
[ 2996.279140]  udpv6_sendmsg+0x2086/0x29b0
[ 2996.279575]  ? ip_frag_init+0x350/0x350
[ 2996.279997]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2996.280567]  ? find_held_lock+0x2c/0x110
[ 2996.281007]  ? __might_fault+0xd3/0x180
[ 2996.281429]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2996.281948]  ? __import_iovec+0x458/0x590
[ 2996.282380]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2996.282919]  inet6_sendmsg+0x105/0x140
[ 2996.283335]  ? inet6_compat_ioctl+0x320/0x320
[ 2996.283803]  sock_sendmsg+0xf2/0x190
[ 2996.284203]  ____sys_sendmsg+0x334/0x870
[ 2996.284615]  ? kernel_sendmsg+0x50/0x50
[ 2996.285050]  ? do_recvmmsg+0x6d0/0x6d0
[ 2996.285472]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2996.286011]  ? mark_lock+0xf5/0x2df0
[ 2996.286400]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2996.286938]  ? __lock_acquire+0x1657/0x5b00
[ 2996.287391]  ___sys_sendmsg+0xf3/0x170
[ 2996.287797]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2996.288281]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.288724]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.289181]  ? __fget_files+0x296/0x480
[ 2996.289601]  ? __fget_light+0xea/0x290
[ 2996.290023]  __sys_sendmmsg+0x195/0x470
[ 2996.290457]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2996.290914]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.291381]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2996.291898]  ? wait_for_completion_io+0x270/0x270
[ 2996.292424]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2996.292918]  ? vfs_write+0x354/0xa30
[ 2996.293328]  ? fput_many+0x2f/0x1a0
[ 2996.293721]  ? ksys_write+0x1a9/0x260
[ 2996.294135]  __x64_sys_sendmmsg+0x99/0x100
[ 2996.294586]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2996.295141]  do_syscall_64+0x33/0x40
[ 2996.295538]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2996.296088] RIP: 0033:0x7fe3cda85b19
[ 2996.296488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2996.298460] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2996.299282] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2996.300041] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2996.300785] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2996.301556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2996.302304] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
[ 2996.305612] FAULT_INJECTION: forcing a failure.
[ 2996.305612] name failslab, interval 1, probability 0, space 0, times 0
[ 2996.308218] CPU: 1 PID: 17635 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 2996.309625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2996.311296] Call Trace:
[ 2996.311834]  dump_stack+0x107/0x167
[ 2996.312588]  should_fail.cold+0x5/0xa
[ 2996.313375]  ? create_object.isra.0+0x3a/0xa20
[ 2996.314295]  should_failslab+0x5/0x20
[ 2996.315060]  kmem_cache_alloc+0x5b/0x360
[ 2996.315892]  ? __lock_acquire+0xbb1/0x5b00
[ 2996.316755]  create_object.isra.0+0x3a/0xa20
[ 2996.317649]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
11:16:54 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x7, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2996.318676]  kmem_cache_alloc_node+0x169/0x370
[ 2996.319785]  __alloc_skb+0x6d/0x5b0
[ 2996.320527]  alloc_skb_with_frags+0x92/0x570
[ 2996.321446]  ? find_held_lock+0x2c/0x110
[ 2996.322283]  sock_alloc_send_pskb+0x7af/0x930
[ 2996.323195]  ? sk_alloc+0x350/0x350
[ 2996.323948]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2996.325042]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2996.326073]  ? ip6_mtu+0x1bb/0x370
[ 2996.326802]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.327658]  ? ip_frag_init+0x350/0x350
[ 2996.328477]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2996.329428]  ? ip6_mtu+0x1e9/0x370
[ 2996.330146]  ? ip6_setup_cork+0xfb7/0x1740
[ 2996.331004]  ip6_make_skb+0x2de/0x4e0
[ 2996.331786]  ? ip_frag_init+0x350/0x350
[ 2996.332606]  ? ip_frag_init+0x350/0x350
[ 2996.333422]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2996.334391]  ? ip6_dst_check+0x379/0x820
[ 2996.335217]  ? sk_dst_check+0x235/0x460
[ 2996.336026]  udpv6_sendmsg+0x2043/0x29b0
[ 2996.336854]  ? ip_frag_init+0x350/0x350
[ 2996.337714]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2996.338784]  ? find_held_lock+0x2c/0x110
[ 2996.339631]  ? __might_fault+0xd3/0x180
[ 2996.340445]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2996.341456]  ? __import_iovec+0x458/0x590
[ 2996.342294]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2996.343345]  inet6_sendmsg+0x105/0x140
[ 2996.344132]  ? inet6_compat_ioctl+0x320/0x320
[ 2996.345062]  sock_sendmsg+0xf2/0x190
[ 2996.345811]  ____sys_sendmsg+0x334/0x870
[ 2996.346638]  ? kernel_sendmsg+0x50/0x50
[ 2996.347450]  ? do_recvmmsg+0x6d0/0x6d0
[ 2996.348232]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2996.349312]  ? mark_lock+0xf5/0x2df0
[ 2996.350072]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2996.351134]  ? __lock_acquire+0x1657/0x5b00
[ 2996.352008]  ___sys_sendmsg+0xf3/0x170
[ 2996.352789]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2996.353740]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.354587]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.355435]  ? __fget_files+0x296/0x480
[ 2996.356246]  ? __fget_light+0xea/0x290
[ 2996.357053]  __sys_sendmmsg+0x195/0x470
[ 2996.357867]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2996.358730]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.359588]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2996.360572]  ? wait_for_completion_io+0x270/0x270
[ 2996.361580]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2996.362524]  ? vfs_write+0x354/0xa30
[ 2996.363288]  ? fput_many+0x2f/0x1a0
[ 2996.364028]  ? ksys_write+0x1a9/0x260
[ 2996.364819]  __x64_sys_sendmmsg+0x99/0x100
[ 2996.365686]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2996.366732]  do_syscall_64+0x33/0x40
[ 2996.367488]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2996.368525] RIP: 0033:0x7fc6b3968b19
[ 2996.369294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2996.373013] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2996.374549] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 2996.375991] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2996.377444] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2996.378887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2996.380341] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
11:16:54 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:54 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x7, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:54 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 11)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2996.556247] FAULT_INJECTION: forcing a failure.
[ 2996.556247] name failslab, interval 1, probability 0, space 0, times 0
[ 2996.558764] CPU: 1 PID: 17658 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2996.560171] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2996.561857] Call Trace:
[ 2996.562404]  dump_stack+0x107/0x167
[ 2996.563158]  should_fail.cold+0x5/0xa
[ 2996.563943]  should_failslab+0x5/0x20
[ 2996.564718]  __kmalloc_node_track_caller+0x74/0x3f0
[ 2996.565746]  ? skb_copy+0x137/0x2f0
[ 2996.566495]  __alloc_skb+0xb1/0x5b0
[ 2996.567244]  skb_copy+0x137/0x2f0
[ 2996.567961]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 2996.569188]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 2996.570242]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 2996.571414]  ? find_held_lock+0x2c/0x110
[ 2996.572256]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 2996.573269]  mac80211_hwsim_tx+0x574/0x1270
[ 2996.574154]  ? trace_hardirqs_on+0x5b/0x180
[ 2996.575034]  ieee80211_tx_frags+0x59c/0x9f0
[ 2996.575922]  ? fq_skb_free_func+0x20/0x20
[ 2996.576780]  __ieee80211_tx+0x1ad/0x620
[ 2996.577615]  ieee80211_tx+0x329/0x410
[ 2996.578392]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 2996.579435]  ? __ieee80211_tx+0x620/0x620
[ 2996.580281]  ? ieee80211_skb_resize+0x116/0x630
[ 2996.581248]  ieee80211_xmit+0x220/0x2a0
[ 2996.582067]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 2996.583125]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 2996.584169]  ieee80211_subif_start_xmit+0xef/0xf30
[ 2996.585170]  ? skb_network_protocol+0x145/0x570
[ 2996.586121]  ? skb_crc32c_csum_help+0x80/0x80
[ 2996.587032]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 2996.588123]  ? lock_acquire+0x197/0x490
[ 2996.588933]  ? sch_direct_xmit+0x31a/0x790
[ 2996.589808]  ? lock_release+0x6b0/0x6b0
[ 2996.590632]  dev_hard_start_xmit+0x1cb/0x840
[ 2996.591541]  sch_direct_xmit+0x25f/0x790
[ 2996.592367]  ? find_held_lock+0x2c/0x110
[ 2996.593204]  ? dev_watchdog+0xc60/0xc60
[ 2996.594032]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 2996.594964]  __qdisc_run+0x4aa/0x1610
[ 2996.595762]  __dev_queue_xmit+0xd99/0x2730
[ 2996.596624]  ? ip6_finish_output2+0x171f/0x1f30
[ 2996.597594]  ? find_held_lock+0x2c/0x110
[ 2996.598424]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 2996.599363]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.600219]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 2996.601295]  ip6_finish_output2+0x171f/0x1f30
[ 2996.602227]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2996.603249]  ip6_output+0x3b1/0x7f0
[ 2996.603999]  ip6_local_out+0xb4/0x1a0
[ 2996.604775]  ip6_send_skb+0xb7/0x350
[ 2996.605569]  udp_v6_send_skb+0x7aa/0x15b0
[ 2996.606432]  udpv6_sendmsg+0x2086/0x29b0
[ 2996.607258]  ? ip_frag_init+0x350/0x350
[ 2996.608083]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2996.609163]  ? find_held_lock+0x2c/0x110
[ 2996.609992]  ? __might_fault+0xd3/0x180
[ 2996.610822]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2996.611839]  ? __import_iovec+0x458/0x590
[ 2996.612680]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2996.613749]  inet6_sendmsg+0x105/0x140
[ 2996.614543]  ? inet6_compat_ioctl+0x320/0x320
[ 2996.615452]  sock_sendmsg+0xf2/0x190
[ 2996.616213]  ____sys_sendmsg+0x334/0x870
[ 2996.617050]  ? kernel_sendmsg+0x50/0x50
[ 2996.617849]  ? do_recvmmsg+0x6d0/0x6d0
[ 2996.618642]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2996.619708]  ? mark_lock+0xf5/0x2df0
[ 2996.620471]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2996.621536]  ? __lock_acquire+0x1657/0x5b00
[ 2996.622419]  ___sys_sendmsg+0xf3/0x170
[ 2996.623213]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2996.624150]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.625015]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.625863]  ? __fget_files+0x296/0x480
[ 2996.626688]  ? __fget_light+0xea/0x290
[ 2996.627489]  __sys_sendmmsg+0x195/0x470
[ 2996.628307]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2996.629193]  ? lock_downgrade+0x6d0/0x6d0
[ 2996.630060]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2996.631043]  ? wait_for_completion_io+0x270/0x270
[ 2996.632030]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2996.632994]  ? vfs_write+0x354/0xa30
[ 2996.633752]  ? fput_many+0x2f/0x1a0
[ 2996.634499]  ? ksys_write+0x1a9/0x260
[ 2996.635292]  __x64_sys_sendmmsg+0x99/0x100
[ 2996.636161]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2996.637213]  do_syscall_64+0x33/0x40
[ 2996.637970]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2996.639011] RIP: 0033:0x7fc11dcebb19
[ 2996.639768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2996.643501] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2996.645052] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2996.646493] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2996.647933] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2996.649387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2996.650828] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
11:16:54 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 12)

11:16:54 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:54 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x6, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2996.733321] FAULT_INJECTION: forcing a failure.
[ 2996.733321] name failslab, interval 1, probability 0, space 0, times 0
[ 2996.734936] CPU: 0 PID: 17667 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2996.735667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2996.736496] Call Trace:
[ 2996.736769]  dump_stack+0x107/0x167
[ 2996.737143]  should_fail.cold+0x5/0xa
[ 2996.737534]  ? create_object.isra.0+0x3a/0xa20
[ 2996.737996]  should_failslab+0x5/0x20
[ 2996.738382]  kmem_cache_alloc+0x5b/0x360
[ 2996.738801]  create_object.isra.0+0x3a/0xa20
[ 2996.739251]  kmemleak_alloc_percpu+0xa0/0x100
[ 2996.739750]  pcpu_alloc+0x4e2/0x12f0
[ 2996.740148]  cgroup_rstat_init+0x14f/0x1f0
[ 2996.740577]  cgroup_mkdir+0x709/0xfc0
[ 2996.740968]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2996.741443]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2996.741871]  vfs_mkdir+0x41f/0x660
[ 2996.742227]  do_mkdirat+0x145/0x2a0
[ 2996.742596]  ? user_path_create+0xf0/0xf0
[ 2996.743057]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2996.743583]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2996.744138]  do_syscall_64+0x33/0x40
[ 2996.744539]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2996.745118] RIP: 0033:0x7fd3579f1b19
[ 2996.745512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2996.747456] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2996.748267] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2996.749029] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2996.749782] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2996.750542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2996.751300] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:16:54 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x7, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:54 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 13)

11:16:54 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x9, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2996.918521] FAULT_INJECTION: forcing a failure.
[ 2996.918521] name failslab, interval 1, probability 0, space 0, times 0
[ 2996.920169] CPU: 0 PID: 17679 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2996.921078] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2996.921952] Call Trace:
[ 2996.922307]  dump_stack+0x107/0x167
[ 2996.922780]  should_fail.cold+0x5/0xa
[ 2996.923275]  ? create_object.isra.0+0x3a/0xa20
[ 2996.923869]  should_failslab+0x5/0x20
[ 2996.924362]  kmem_cache_alloc+0x5b/0x360
[ 2996.924886]  ? mark_held_locks+0x9e/0xe0
[ 2996.925424]  create_object.isra.0+0x3a/0xa20
[ 2996.925992]  kmemleak_alloc_percpu+0xa0/0x100
[ 2996.926574]  pcpu_alloc+0x4e2/0x12f0
[ 2996.927076]  cgroup_rstat_init+0x14f/0x1f0
[ 2996.927595]  cgroup_mkdir+0x709/0xfc0
[ 2996.927982]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2996.928456]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2996.928878]  vfs_mkdir+0x41f/0x660
[ 2996.929278]  do_mkdirat+0x145/0x2a0
[ 2996.929669]  ? user_path_create+0xf0/0xf0
[ 2996.930095]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2996.930630]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2996.931163]  do_syscall_64+0x33/0x40
[ 2996.931548]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2996.932105] RIP: 0033:0x7fd3579f1b19
[ 2996.932491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2996.934379] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2996.935134] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2996.935839] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2996.936592] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2996.937316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2996.938022] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:16:55 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 11)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:55 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:55 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x6, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2997.045229] FAULT_INJECTION: forcing a failure.
[ 2997.045229] name failslab, interval 1, probability 0, space 0, times 0
[ 2997.047829] CPU: 1 PID: 17689 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 2997.049257] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2997.050951] Call Trace:
[ 2997.051499]  dump_stack+0x107/0x167
[ 2997.052258]  should_fail.cold+0x5/0xa
[ 2997.053059]  should_failslab+0x5/0x20
[ 2997.053836]  __kmalloc_node_track_caller+0x74/0x3f0
[ 2997.054851]  ? skb_copy+0x137/0x2f0
[ 2997.055603]  __alloc_skb+0xb1/0x5b0
[ 2997.056352]  skb_copy+0x137/0x2f0
[ 2997.057074]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 2997.058281]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 2997.059330]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 2997.060496]  ? find_held_lock+0x2c/0x110
[ 2997.061344]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 2997.062390]  mac80211_hwsim_tx+0x574/0x1270
[ 2997.063275]  ? trace_hardirqs_on+0x5b/0x180
[ 2997.064163]  ieee80211_tx_frags+0x59c/0x9f0
[ 2997.065061]  ? fq_skb_free_func+0x20/0x20
[ 2997.065918]  __ieee80211_tx+0x1ad/0x620
[ 2997.066726]  ieee80211_tx+0x329/0x410
[ 2997.067502]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 2997.068542]  ? __ieee80211_tx+0x620/0x620
[ 2997.069395]  ? ieee80211_skb_resize+0x116/0x630
[ 2997.070360]  ieee80211_xmit+0x220/0x2a0
[ 2997.071179]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 2997.072241]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 2997.073294]  ieee80211_subif_start_xmit+0xef/0xf30
[ 2997.074288]  ? skb_network_protocol+0x145/0x570
[ 2997.075232]  ? skb_crc32c_csum_help+0x80/0x80
[ 2997.076145]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 2997.077227]  ? lock_acquire+0x197/0x490
[ 2997.078028]  ? sch_direct_xmit+0x31a/0x790
[ 2997.078884]  ? lock_release+0x6b0/0x6b0
[ 2997.079701]  dev_hard_start_xmit+0x1cb/0x840
[ 2997.080603]  sch_direct_xmit+0x25f/0x790
[ 2997.081452]  ? find_held_lock+0x2c/0x110
[ 2997.082273]  ? dev_watchdog+0xc60/0xc60
[ 2997.083084]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 2997.084010]  __qdisc_run+0x4aa/0x1610
[ 2997.084813]  __dev_queue_xmit+0xd99/0x2730
[ 2997.085674]  ? ip6_finish_output2+0x171f/0x1f30
[ 2997.086629]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 2997.087560]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2997.088646]  ? trace_hardirqs_on+0x5b/0x180
[ 2997.089555]  ? ip6_finish_output2+0xbea/0x1f30
[ 2997.090498]  ip6_finish_output2+0x171f/0x1f30
[ 2997.091667]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2997.092971]  ip6_output+0x3b1/0x7f0
[ 2997.093801]  ip6_local_out+0xb4/0x1a0
[ 2997.094606]  ip6_send_skb+0xb7/0x350
[ 2997.095386]  udp_v6_send_skb+0x7aa/0x15b0
[ 2997.096265]  udpv6_sendmsg+0x2086/0x29b0
[ 2997.097153]  ? ip_frag_init+0x350/0x350
[ 2997.097970]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2997.099026]  ? find_held_lock+0x2c/0x110
[ 2997.099849]  ? __might_fault+0xd3/0x180
[ 2997.100680]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2997.101697]  ? __import_iovec+0x458/0x590
[ 2997.102531]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2997.103576]  inet6_sendmsg+0x105/0x140
[ 2997.104366]  ? inet6_compat_ioctl+0x320/0x320
[ 2997.105278]  sock_sendmsg+0xf2/0x190
[ 2997.106042]  ____sys_sendmsg+0x334/0x870
[ 2997.106860]  ? kernel_sendmsg+0x50/0x50
[ 2997.107661]  ? do_recvmmsg+0x6d0/0x6d0
[ 2997.108490]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2997.109660]  ? mark_lock+0xf5/0x2df0
[ 2997.110606]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2997.111821]  ? __lock_acquire+0x1657/0x5b00
[ 2997.112909]  ___sys_sendmsg+0xf3/0x170
[ 2997.113739]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2997.114698]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.115562]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.116440]  ? __fget_files+0x296/0x480
[ 2997.117295]  ? __fget_light+0xea/0x290
[ 2997.118143]  __sys_sendmmsg+0x195/0x470
[ 2997.118981]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2997.119858]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.120734]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2997.121766]  ? wait_for_completion_io+0x270/0x270
[ 2997.122743]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2997.123682]  ? vfs_write+0x354/0xa30
[ 2997.124434]  ? fput_many+0x2f/0x1a0
[ 2997.125180]  ? ksys_write+0x1a9/0x260
[ 2997.125970]  __x64_sys_sendmmsg+0x99/0x100
[ 2997.126816]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2997.127851]  do_syscall_64+0x33/0x40
[ 2997.128606]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2997.129657] RIP: 0033:0x7fe3cda85b19
[ 2997.130421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2997.134134] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2997.135667] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 2997.137108] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2997.138540] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2997.139987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2997.141434] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
11:16:55 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 12)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:16:55 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 2997.229568] FAULT_INJECTION: forcing a failure.
[ 2997.229568] name failslab, interval 1, probability 0, space 0, times 0
[ 2997.232198] CPU: 0 PID: 17702 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 2997.233606] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2997.235249] Call Trace:
[ 2997.235782]  dump_stack+0x107/0x167
[ 2997.236507]  should_fail.cold+0x5/0xa
[ 2997.237285]  should_failslab+0x5/0x20
[ 2997.238046]  __kmalloc_node_track_caller+0x74/0x3f0
[ 2997.239044]  ? alloc_skb_with_frags+0x92/0x570
[ 2997.239959]  __alloc_skb+0xb1/0x5b0
[ 2997.240694]  alloc_skb_with_frags+0x92/0x570
[ 2997.241580]  ? find_held_lock+0x2c/0x110
[ 2997.242407]  sock_alloc_send_pskb+0x7af/0x930
[ 2997.243310]  ? sk_alloc+0x350/0x350
[ 2997.244054]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2997.245127]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 2997.246136]  ? ip6_mtu+0x1bb/0x370
[ 2997.246843]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.247672]  ? ip_frag_init+0x350/0x350
[ 2997.248479]  ? ip6_finish_output2+0x1f30/0x1f30
[ 2997.249417]  ? ip6_mtu+0x1e9/0x370
[ 2997.250198]  ? ip6_setup_cork+0xfb7/0x1740
[ 2997.251141]  ip6_make_skb+0x2de/0x4e0
[ 2997.252007]  ? ip_frag_init+0x350/0x350
[ 2997.252898]  ? ip_frag_init+0x350/0x350
[ 2997.253804]  ? ip6_push_pending_frames+0xf0/0xf0
[ 2997.254870]  ? ip6_dst_check+0x379/0x820
[ 2997.255781]  ? sk_dst_check+0x235/0x460
[ 2997.256678]  udpv6_sendmsg+0x2043/0x29b0
[ 2997.257609]  ? ip_frag_init+0x350/0x350
[ 2997.258507]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2997.259669]  ? find_held_lock+0x2c/0x110
[ 2997.260572]  ? __might_fault+0xd3/0x180
[ 2997.261491]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2997.262507]  ? __import_iovec+0x458/0x590
[ 2997.263338]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2997.264380]  inet6_sendmsg+0x105/0x140
[ 2997.265164]  ? inet6_compat_ioctl+0x320/0x320
[ 2997.266055]  sock_sendmsg+0xf2/0x190
[ 2997.266805]  ____sys_sendmsg+0x334/0x870
[ 2997.267620]  ? kernel_sendmsg+0x50/0x50
[ 2997.268411]  ? do_recvmmsg+0x6d0/0x6d0
[ 2997.269212]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2997.270339]  ? mark_lock+0xf5/0x2df0
[ 2997.271171]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2997.272337]  ? __lock_acquire+0x1657/0x5b00
[ 2997.273308]  ___sys_sendmsg+0xf3/0x170
[ 2997.274176]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2997.275195]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.276125]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.277058]  ? __fget_files+0x296/0x480
[ 2997.277952]  ? __fget_light+0xea/0x290
[ 2997.278825]  __sys_sendmmsg+0x195/0x470
[ 2997.279717]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2997.280674]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.281633]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2997.282600]  ? wait_for_completion_io+0x270/0x270
[ 2997.283564]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2997.284495]  ? vfs_write+0x354/0xa30
[ 2997.285253]  ? fput_many+0x2f/0x1a0
[ 2997.285981]  ? ksys_write+0x1a9/0x260
[ 2997.286753]  __x64_sys_sendmmsg+0x99/0x100
[ 2997.287593]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2997.288617]  do_syscall_64+0x33/0x40
[ 2997.289376]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2997.290492] RIP: 0033:0x7fc6b3968b19
[ 2997.291320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2997.295408] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2997.297109] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 2997.298585] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2997.300002] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2997.301449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2997.302867] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
11:16:55 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 14)

[ 2997.332634] FAULT_INJECTION: forcing a failure.
[ 2997.332634] name failslab, interval 1, probability 0, space 0, times 0
[ 2997.335169] CPU: 1 PID: 17705 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 2997.336562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2997.338242] Call Trace:
[ 2997.338784]  dump_stack+0x107/0x167
[ 2997.339526]  should_fail.cold+0x5/0xa
[ 2997.340304]  ? create_object.isra.0+0x3a/0xa20
[ 2997.341269]  should_failslab+0x5/0x20
[ 2997.342038]  kmem_cache_alloc+0x5b/0x360
[ 2997.342867]  create_object.isra.0+0x3a/0xa20
[ 2997.343751]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2997.344776]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 2997.345806]  ? skb_copy+0x137/0x2f0
[ 2997.346546]  __alloc_skb+0xb1/0x5b0
[ 2997.347294]  skb_copy+0x137/0x2f0
[ 2997.348014]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 2997.349232]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 2997.350270]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 2997.351424]  ? find_held_lock+0x2c/0x110
[ 2997.352247]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 2997.353281]  mac80211_hwsim_tx+0x574/0x1270
[ 2997.354143]  ? trace_hardirqs_on+0x5b/0x180
[ 2997.355010]  ieee80211_tx_frags+0x59c/0x9f0
[ 2997.355876]  ? fq_skb_free_func+0x20/0x20
[ 2997.356721]  __ieee80211_tx+0x1ad/0x620
[ 2997.357529]  ieee80211_tx+0x329/0x410
[ 2997.358299]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 2997.359311]  ? __ieee80211_tx+0x620/0x620
[ 2997.360138]  ? ieee80211_skb_resize+0x116/0x630
[ 2997.361098]  ieee80211_xmit+0x220/0x2a0
[ 2997.361911]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 2997.362945]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 2997.363985]  ieee80211_subif_start_xmit+0xef/0xf30
[ 2997.364973]  ? skb_network_protocol+0x145/0x570
[ 2997.365929]  ? skb_crc32c_csum_help+0x80/0x80
[ 2997.366825]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 2997.367907]  ? lock_acquire+0x197/0x490
[ 2997.368709]  ? sch_direct_xmit+0x31a/0x790
[ 2997.369586]  ? lock_release+0x6b0/0x6b0
[ 2997.370401]  dev_hard_start_xmit+0x1cb/0x840
[ 2997.371287]  sch_direct_xmit+0x25f/0x790
[ 2997.372101]  ? find_held_lock+0x2c/0x110
[ 2997.372906]  ? dev_watchdog+0xc60/0xc60
[ 2997.373708]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 2997.374616]  __qdisc_run+0x4aa/0x1610
[ 2997.375402]  __dev_queue_xmit+0xd99/0x2730
[ 2997.376247]  ? ip6_finish_output2+0x171f/0x1f30
[ 2997.377189]  ? find_held_lock+0x2c/0x110
[ 2997.377994]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 2997.378904]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.379768]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 2997.380815]  ip6_finish_output2+0x171f/0x1f30
[ 2997.381750]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 2997.382767]  ip6_output+0x3b1/0x7f0
[ 2997.383511]  ip6_local_out+0xb4/0x1a0
[ 2997.384283]  ip6_send_skb+0xb7/0x350
[ 2997.385042]  udp_v6_send_skb+0x7aa/0x15b0
[ 2997.385877]  udpv6_sendmsg+0x2086/0x29b0
[ 2997.386686]  ? ip_frag_init+0x350/0x350
[ 2997.387494]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2997.388542]  ? find_held_lock+0x2c/0x110
[ 2997.389369]  ? __might_fault+0xd3/0x180
[ 2997.390178]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 2997.391162]  ? __import_iovec+0x458/0x590
[ 2997.391974]  ? udp_v6_push_pending_frames+0x360/0x360
[ 2997.392999]  inet6_sendmsg+0x105/0x140
[ 2997.393771]  ? inet6_compat_ioctl+0x320/0x320
[ 2997.394650]  sock_sendmsg+0xf2/0x190
[ 2997.395391]  ____sys_sendmsg+0x334/0x870
[ 2997.396200]  ? kernel_sendmsg+0x50/0x50
[ 2997.396981]  ? do_recvmmsg+0x6d0/0x6d0
[ 2997.397780]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2997.399087]  ? mark_lock+0xf5/0x2df0
[ 2997.400025]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2997.401152]  ? __lock_acquire+0x1657/0x5b00
[ 2997.402025]  ___sys_sendmsg+0xf3/0x170
[ 2997.402856]  ? sendmsg_copy_msghdr+0x160/0x160
[ 2997.403764]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.404592]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.405429]  ? __fget_files+0x296/0x480
[ 2997.406228]  ? __fget_light+0xea/0x290
[ 2997.407012]  __sys_sendmmsg+0x195/0x470
[ 2997.407804]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 2997.408663]  ? lock_downgrade+0x6d0/0x6d0
[ 2997.409516]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2997.410464]  ? wait_for_completion_io+0x270/0x270
[ 2997.411429]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2997.412344]  ? vfs_write+0x354/0xa30
[ 2997.413111]  ? fput_many+0x2f/0x1a0
[ 2997.413815]  ? ksys_write+0x1a9/0x260
[ 2997.414571]  __x64_sys_sendmmsg+0x99/0x100
[ 2997.415390]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2997.416391]  do_syscall_64+0x33/0x40
[ 2997.417129]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2997.418130] RIP: 0033:0x7fc11dcebb19
[ 2997.418857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2997.422507] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2997.424043] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 2997.425458] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 2997.426875] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 2997.428286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2997.429691] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 2997.495308] FAULT_INJECTION: forcing a failure.
[ 2997.495308] name failslab, interval 1, probability 0, space 0, times 0
[ 2997.498390] CPU: 0 PID: 17709 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 2997.499926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2997.501772] Call Trace:
[ 2997.502370]  dump_stack+0x107/0x167
[ 2997.503188]  should_fail.cold+0x5/0xa
[ 2997.504046]  should_failslab+0x5/0x20
[ 2997.504893]  __kmalloc_track_caller+0x79/0x3c0
[ 2997.505933]  ? kstrdup_const+0x53/0x80
[ 2997.506798]  ? kmemleak_alloc_percpu+0xa0/0x100
[ 2997.507833]  kstrdup+0x36/0x70
[ 2997.508555]  kstrdup_const+0x53/0x80
[ 2997.509410]  __kernfs_new_node+0x9d/0x850
[ 2997.510340]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 2997.511400]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2997.512463]  ? pcpu_alloc+0x12a/0x12f0
[ 2997.513362]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 2997.514521]  kernfs_create_dir_ns+0x9c/0x230
[ 2997.515508]  cgroup_mkdir+0x318/0xfc0
[ 2997.516363]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 2997.517426]  kernfs_iop_mkdir+0x14d/0x1e0
[ 2997.518357]  vfs_mkdir+0x41f/0x660
[ 2997.519169]  do_mkdirat+0x145/0x2a0
[ 2997.519981]  ? user_path_create+0xf0/0xf0
[ 2997.520925]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2997.522099]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2997.523253]  do_syscall_64+0x33/0x40
[ 2997.524080]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2997.525238] RIP: 0033:0x7fd3579f1b19
[ 2997.526070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2997.529779] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 2997.531309] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 2997.532733] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 2997.534181] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 2997.535614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2997.537155] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:17:10 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 15)

11:17:10 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:10 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 13)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:10 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x9, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:10 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 12)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:10 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x7, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:10 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 6)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:10 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xc, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3012.330597] FAULT_INJECTION: forcing a failure.
[ 3012.330597] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3012.332413] CPU: 0 PID: 17745 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 3012.333292] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3012.334346] Call Trace:
[ 3012.334691]  dump_stack+0x107/0x167
[ 3012.335155]  should_fail.cold+0x5/0xa
[ 3012.335645]  _copy_from_user+0x2e/0x1b0
[ 3012.336158]  __copy_msghdr_from_user+0x91/0x4b0
[ 3012.336757]  ? __ia32_sys_shutdown+0x80/0x80
[ 3012.337319]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3012.337963]  ? inet6_sendmsg+0xbd/0x140
[ 3012.338478]  ? inet6_compat_ioctl+0x320/0x320
[ 3012.339043]  ? sock_sendmsg+0x55/0x190
[ 3012.339532]  sendmsg_copy_msghdr+0xa1/0x160
[ 3012.340075]  ? do_recvmmsg+0x6d0/0x6d0
[ 3012.340574]  ? __lock_acquire+0x1657/0x5b00
[ 3012.341127]  ___sys_sendmsg+0xc6/0x170
[ 3012.341636]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3012.342215]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.342734]  ? find_held_lock+0x2c/0x110
[ 3012.343250]  ? __might_fault+0xd3/0x180
[ 3012.343751]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.344284]  __sys_sendmmsg+0x195/0x470
[ 3012.344788]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3012.345354]  ? lapic_timer_set_periodic+0x60/0x60
[ 3012.345953]  ? clockevents_program_event+0x131/0x360
[ 3012.346589]  ? tick_program_event+0xa8/0x140
[ 3012.347151]  ? hrtimer_interrupt+0x771/0x9b0
[ 3012.347716]  __x64_sys_sendmmsg+0x99/0x100
[ 3012.348257]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3012.348902]  do_syscall_64+0x33/0x40
[ 3012.349379]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3012.350035] RIP: 0033:0x7fc11dcebb19
[ 3012.350514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3012.352843] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3012.353825] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 3012.354723] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3012.355619] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3012.356504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3012.357402] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 3012.369776] FAULT_INJECTION: forcing a failure.
[ 3012.369776] name failslab, interval 1, probability 0, space 0, times 0
[ 3012.372691] CPU: 1 PID: 17751 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3012.374268] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3012.376149] Call Trace:
[ 3012.376747]  dump_stack+0x107/0x167
[ 3012.377585]  should_fail.cold+0x5/0xa
[ 3012.378454]  ? create_object.isra.0+0x3a/0xa20
[ 3012.379484]  should_failslab+0x5/0x20
[ 3012.380354]  kmem_cache_alloc+0x5b/0x360
[ 3012.381290]  create_object.isra.0+0x3a/0xa20
[ 3012.382268]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3012.383399]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 3012.384521]  ? alloc_skb_with_frags+0x92/0x570
[ 3012.385547]  __alloc_skb+0xb1/0x5b0
[ 3012.386357]  alloc_skb_with_frags+0x92/0x570
[ 3012.387334]  ? find_held_lock+0x2c/0x110
[ 3012.388245]  sock_alloc_send_pskb+0x7af/0x930
[ 3012.389273]  ? sk_alloc+0x350/0x350
[ 3012.390089]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3012.391259]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3012.392376]  ? ip6_mtu+0x1bb/0x370
[ 3012.393173]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.394090]  ? ip_frag_init+0x350/0x350
[ 3012.394984]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3012.396013]  ? ip6_mtu+0x1e9/0x370
[ 3012.396801]  ? ip6_setup_cork+0xfb7/0x1740
[ 3012.397760]  ip6_make_skb+0x2de/0x4e0
[ 3012.398603]  ? ip_frag_init+0x350/0x350
[ 3012.399482]  ? ip_frag_init+0x350/0x350
[ 3012.400345]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3012.401412]  ? ip6_dst_check+0x379/0x820
[ 3012.402317]  ? sk_dst_check+0x235/0x460
[ 3012.403210]  udpv6_sendmsg+0x2043/0x29b0
[ 3012.404105]  ? ip_frag_init+0x350/0x350
[ 3012.404990]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3012.406159]  ? find_held_lock+0x2c/0x110
[ 3012.407057]  ? __might_fault+0xd3/0x180
[ 3012.407947]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3012.409029]  ? __import_iovec+0x458/0x590
[ 3012.409947]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3012.411081]  inet6_sendmsg+0x105/0x140
[ 3012.411937]  ? inet6_compat_ioctl+0x320/0x320
[ 3012.412918]  sock_sendmsg+0xf2/0x190
[ 3012.413759]  ____sys_sendmsg+0x334/0x870
[ 3012.414654]  ? kernel_sendmsg+0x50/0x50
[ 3012.415524]  ? do_recvmmsg+0x6d0/0x6d0
[ 3012.416381]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3012.417543]  ? mark_lock+0xf5/0x2df0
[ 3012.418364]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3012.419512]  ? __lock_acquire+0x1657/0x5b00
[ 3012.420462]  ___sys_sendmsg+0xf3/0x170
[ 3012.421329]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3012.422337]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.423255]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.424171]  ? __fget_files+0x296/0x480
[ 3012.425049]  ? __fget_light+0xea/0x290
[ 3012.425921]  __sys_sendmmsg+0x195/0x470
[ 3012.426792]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3012.427730]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.428649]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3012.429710]  ? wait_for_completion_io+0x270/0x270
[ 3012.430762]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3012.431773]  ? vfs_write+0x354/0xa30
[ 3012.432587]  ? fput_many+0x2f/0x1a0
[ 3012.433404]  ? ksys_write+0x1a9/0x260
[ 3012.434245]  __x64_sys_sendmmsg+0x99/0x100
[ 3012.435165]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3012.436287]  do_syscall_64+0x33/0x40
[ 3012.437102]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3012.438232] RIP: 0033:0x7fc6b3968b19
[ 3012.439045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3012.443110] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3012.444824] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3012.446441] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3012.448045] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3012.449659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3012.451279] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3012.467533] FAULT_INJECTION: forcing a failure.
[ 3012.467533] name failslab, interval 1, probability 0, space 0, times 0
[ 3012.469026] CPU: 0 PID: 17746 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3012.469862] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3012.470862] Call Trace:
[ 3012.471183]  dump_stack+0x107/0x167
[ 3012.471637]  should_fail.cold+0x5/0xa
[ 3012.472103]  ? create_object.isra.0+0x3a/0xa20
[ 3012.472663]  should_failslab+0x5/0x20
[ 3012.473121]  kmem_cache_alloc+0x5b/0x360
[ 3012.473664]  ? lock_acquire+0x197/0x490
[ 3012.474151]  create_object.isra.0+0x3a/0xa20
[ 3012.474677]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3012.475304]  __kmalloc_track_caller+0x177/0x3c0
[ 3012.475872]  ? kstrdup_const+0x53/0x80
[ 3012.476342]  kstrdup+0x36/0x70
[ 3012.476755]  kstrdup_const+0x53/0x80
[ 3012.477208]  __kernfs_new_node+0x9d/0x850
[ 3012.477742]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3012.478340]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3012.478915]  ? pcpu_alloc+0x12a/0x12f0
[ 3012.479400]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3012.480023]  kernfs_create_dir_ns+0x9c/0x230
[ 3012.480588]  cgroup_mkdir+0x318/0xfc0
[ 3012.481047]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3012.481661]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3012.482192]  vfs_mkdir+0x41f/0x660
[ 3012.482622]  do_mkdirat+0x145/0x2a0
[ 3012.483083]  ? user_path_create+0xf0/0xf0
[ 3012.483608]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3012.484258]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3012.484903]  do_syscall_64+0x33/0x40
[ 3012.485376]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3012.486015] RIP: 0033:0x7fd3579f1b19
[ 3012.486482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3012.488765] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3012.489718] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3012.490606] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3012.491500] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3012.492384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3012.493298] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
[ 3012.501137] FAULT_INJECTION: forcing a failure.
[ 3012.501137] name failslab, interval 1, probability 0, space 0, times 0
[ 3012.502620] CPU: 0 PID: 17750 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 3012.503429] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3012.504395] Call Trace:
[ 3012.504707]  dump_stack+0x107/0x167
[ 3012.505142]  should_fail.cold+0x5/0xa
[ 3012.505611]  ? create_object.isra.0+0x3a/0xa20
[ 3012.506148]  should_failslab+0x5/0x20
[ 3012.506593]  kmem_cache_alloc+0x5b/0x360
[ 3012.507082]  create_object.isra.0+0x3a/0xa20
[ 3012.507599]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3012.508204]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 3012.508797]  ? skb_copy+0x137/0x2f0
[ 3012.509236]  __alloc_skb+0xb1/0x5b0
[ 3012.509668]  skb_copy+0x137/0x2f0
[ 3012.510085]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 3012.510785]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 3012.511398]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 3012.512074]  ? find_held_lock+0x2c/0x110
[ 3012.512565]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 3012.513180]  mac80211_hwsim_tx+0x574/0x1270
[ 3012.513695]  ? trace_hardirqs_on+0x5b/0x180
[ 3012.514206]  ieee80211_tx_frags+0x59c/0x9f0
[ 3012.514721]  ? fq_skb_free_func+0x20/0x20
[ 3012.515225]  __ieee80211_tx+0x1ad/0x620
[ 3012.515703]  ieee80211_tx+0x329/0x410
[ 3012.516154]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 3012.516737]  ? ieee80211_build_hdr+0xb8c/0x1e40
[ 3012.517295]  ? ieee80211_build_hdr+0x834/0x1e40
[ 3012.517858]  ? __ieee80211_tx+0x620/0x620
[ 3012.518345]  ? ieee80211_skb_resize+0x116/0x630
[ 3012.518902]  ieee80211_xmit+0x220/0x2a0
[ 3012.519384]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 3012.519993]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 3012.520595]  ieee80211_subif_start_xmit+0xef/0xf30
[ 3012.521196]  ? lock_is_held_type+0x54/0x110
[ 3012.521772]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 3012.522393]  ? lock_acquire+0x197/0x490
[ 3012.522866]  ? sch_direct_xmit+0x31a/0x790
[ 3012.523362]  ? lock_release+0x6b0/0x6b0
[ 3012.523842]  dev_hard_start_xmit+0x1cb/0x840
[ 3012.524368]  sch_direct_xmit+0x25f/0x790
[ 3012.524854]  ? pfifo_fast_dequeue+0xa3/0xbb0
[ 3012.525379]  ? dev_watchdog+0xc60/0xc60
[ 3012.525853]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 3012.526395]  __qdisc_run+0x4aa/0x1610
[ 3012.526867]  __dev_queue_xmit+0xd99/0x2730
[ 3012.527376]  ? ip6_finish_output2+0x171f/0x1f30
[ 3012.527924]  ? find_held_lock+0x2c/0x110
[ 3012.528405]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 3012.528939]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.529459]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 3012.530072]  ip6_finish_output2+0x171f/0x1f30
[ 3012.530608]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3012.531218]  ip6_output+0x3b1/0x7f0
[ 3012.531660]  ip6_local_out+0xb4/0x1a0
[ 3012.532136]  ip6_send_skb+0xb7/0x350
[ 3012.532598]  udp_v6_send_skb+0x7aa/0x15b0
[ 3012.533116]  udpv6_sendmsg+0x2086/0x29b0
[ 3012.533634]  ? ip_frag_init+0x350/0x350
[ 3012.534130]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3012.534766]  ? find_held_lock+0x2c/0x110
[ 3012.535267]  ? __might_fault+0xd3/0x180
[ 3012.535769]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3012.536377]  ? __import_iovec+0x458/0x590
[ 3012.536878]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3012.537496]  inet6_sendmsg+0x105/0x140
[ 3012.537969]  ? inet6_compat_ioctl+0x320/0x320
[ 3012.538511]  sock_sendmsg+0xf2/0x190
[ 3012.538965]  ____sys_sendmsg+0x334/0x870
[ 3012.539455]  ? kernel_sendmsg+0x50/0x50
[ 3012.539944]  ? do_recvmmsg+0x6d0/0x6d0
[ 3012.540418]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3012.541056]  ? mark_lock+0xf5/0x2df0
[ 3012.541497]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3012.542126]  ? __lock_acquire+0x1657/0x5b00
[ 3012.542661]  ___sys_sendmsg+0xf3/0x170
[ 3012.543130]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3012.543685]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.544195]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.544696]  ? __fget_files+0x296/0x480
[ 3012.545207]  ? __fget_light+0xea/0x290
[ 3012.545691]  __sys_sendmmsg+0x195/0x470
[ 3012.546180]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3012.546710]  ? lock_downgrade+0x6d0/0x6d0
[ 3012.547231]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3012.547809]  ? wait_for_completion_io+0x270/0x270
[ 3012.548386]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3012.548946]  ? vfs_write+0x354/0xa30
[ 3012.549399]  ? fput_many+0x2f/0x1a0
[ 3012.549841]  ? ksys_write+0x1a9/0x260
[ 3012.550315]  __x64_sys_sendmmsg+0x99/0x100
[ 3012.550824]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3012.551455]  do_syscall_64+0x33/0x40
[ 3012.551912]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3012.552527] RIP: 0033:0x7fe3cda85b19
[ 3012.552973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3012.555202] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3012.556107] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 3012.556962] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3012.557845] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3012.558696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3012.559535] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
11:17:10 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xe, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:23 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 13)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:23 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 14)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:23 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xc, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:23 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x9, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:23 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 16)

11:17:23 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:23 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3025.880212] FAULT_INJECTION: forcing a failure.
[ 3025.880212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3025.881610] CPU: 0 PID: 17800 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 3025.882390] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3025.883335] Call Trace:
[ 3025.883656]  dump_stack+0x107/0x167
[ 3025.884073]  should_fail.cold+0x5/0xa
[ 3025.884519]  _copy_from_user+0x2e/0x1b0
[ 3025.884978]  __copy_msghdr_from_user+0x91/0x4b0
[ 3025.885523]  ? __ia32_sys_shutdown+0x80/0x80
[ 3025.886032]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3025.886629]  ? inet6_sendmsg+0xbd/0x140
[ 3025.887086]  ? inet6_compat_ioctl+0x320/0x320
[ 3025.887590]  ? sock_sendmsg+0x55/0x190
[ 3025.888039]  sendmsg_copy_msghdr+0xa1/0x160
[ 3025.888533]  ? do_recvmmsg+0x6d0/0x6d0
[ 3025.888987]  ? __lock_acquire+0x1657/0x5b00
[ 3025.889490]  ___sys_sendmsg+0xc6/0x170
[ 3025.889937]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3025.890449]  ? lock_downgrade+0x6d0/0x6d0
[ 3025.890924]  ? find_held_lock+0x2c/0x110
[ 3025.891387]  ? __might_fault+0xd3/0x180
[ 3025.891869]  ? lock_downgrade+0x6d0/0x6d0
[ 3025.892401]  __sys_sendmmsg+0x195/0x470
[ 3025.892905]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3025.893399]  ? lock_downgrade+0x6d0/0x6d0
[ 3025.893919]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3025.894458]  ? wait_for_completion_io+0x270/0x270
[ 3025.895062]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3025.895582]  ? vfs_write+0x354/0xa30
[ 3025.896042]  ? fput_many+0x2f/0x1a0
[ 3025.896447]  ? ksys_write+0x1a9/0x260
[ 3025.896898]  __x64_sys_sendmmsg+0x99/0x100
[ 3025.897377]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3025.897990]  do_syscall_64+0x33/0x40
[ 3025.898408]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3025.899011] RIP: 0033:0x7fe3cda85b19
[ 3025.899427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3025.901592] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3025.902475] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 3025.902631] FAULT_INJECTION: forcing a failure.
[ 3025.902631] name failslab, interval 1, probability 0, space 0, times 0
[ 3025.903306] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3025.903312] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3025.903318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3025.903325] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
[ 3025.907409] FAULT_INJECTION: forcing a failure.
[ 3025.907409] name failslab, interval 1, probability 0, space 0, times 0
[ 3025.907883] CPU: 1 PID: 17801 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 3025.914873] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3025.916540] Call Trace:
[ 3025.917070]  dump_stack+0x107/0x167
[ 3025.917826]  should_fail.cold+0x5/0xa
[ 3025.918586]  ? __alloc_skb+0x6d/0x5b0
[ 3025.919348]  should_failslab+0x5/0x20
[ 3025.920106]  kmem_cache_alloc_node+0x55/0x370
[ 3025.921018]  __alloc_skb+0x6d/0x5b0
[ 3025.921760]  ? do_raw_spin_unlock+0x4f/0x220
[ 3025.922645]  alloc_skb_with_frags+0x92/0x570
[ 3025.923520]  ? find_held_lock+0x2c/0x110
[ 3025.924338]  sock_alloc_send_pskb+0x7af/0x930
[ 3025.925243]  ? sk_alloc+0x350/0x350
[ 3025.925983]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3025.927023]  ? mark_lock+0xf5/0x2df0
[ 3025.927796]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3025.928931]  ? ip6_mtu+0x1bb/0x370
[ 3025.929744]  ? lock_downgrade+0x6d0/0x6d0
[ 3025.930668]  ? ip_frag_init+0x350/0x350
[ 3025.931572]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3025.932608]  ? ip6_mtu+0x1e9/0x370
[ 3025.933414]  ? ip6_setup_cork+0xfb7/0x1740
[ 3025.934365]  ip6_make_skb+0x2de/0x4e0
[ 3025.935213]  ? ip_frag_init+0x350/0x350
[ 3025.936102]  ? ip_frag_init+0x350/0x350
[ 3025.936994]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3025.938065]  ? ip6_dst_check+0x379/0x820
[ 3025.938979]  ? sk_dst_check+0x235/0x460
[ 3025.939878]  udpv6_sendmsg+0x2043/0x29b0
[ 3025.940787]  ? ip_frag_init+0x350/0x350
[ 3025.941708]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3025.942873]  ? perf_event_task_disable+0x390/0x390
[ 3025.943966]  ? lock_downgrade+0x6d0/0x6d0
[ 3025.944896]  ? hrtimer_start_range_ns+0x336/0x980
[ 3025.945985]  ? find_held_lock+0x2c/0x110
[ 3025.946906]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3025.948002]  ? __import_iovec+0x458/0x590
[ 3025.948924]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3025.950091]  inet6_sendmsg+0x105/0x140
[ 3025.950952]  ? inet6_compat_ioctl+0x320/0x320
[ 3025.951944]  sock_sendmsg+0xf2/0x190
[ 3025.952769]  ____sys_sendmsg+0x334/0x870
[ 3025.953681]  ? kernel_sendmsg+0x50/0x50
[ 3025.954561]  ? do_recvmmsg+0x6d0/0x6d0
[ 3025.955438]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3025.956601]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3025.957818]  ? trace_hardirqs_on+0x5b/0x180
[ 3025.958779]  ___sys_sendmsg+0xf3/0x170
[ 3025.959645]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3025.960663]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3025.961664]  ? _raw_spin_unlock_irq+0x27/0x30
[ 3025.962665]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3025.963659]  ? finish_task_switch+0x126/0x5d0
[ 3025.964650]  ? finish_task_switch+0xef/0x5d0
[ 3025.965623]  ? __switch_to+0x572/0xff0
[ 3025.966484]  ? __switch_to_asm+0x3a/0x60
[ 3025.967376]  ? __switch_to_asm+0x34/0x60
[ 3025.968275]  ? __schedule+0x850/0x1ed0
[ 3025.969145]  ? io_schedule_timeout+0x140/0x140
[ 3025.970185]  __sys_sendmmsg+0x195/0x470
[ 3025.971069]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3025.972020]  ? lock_downgrade+0x6d0/0x6d0
[ 3025.972953]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3025.974030]  ? wait_for_completion_io+0x270/0x270
[ 3025.975099]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3025.976121]  ? vfs_write+0x354/0xa30
[ 3025.976948]  ? fput_many+0x2f/0x1a0
[ 3025.977773]  ? ksys_write+0x1a9/0x260
[ 3025.978628]  __x64_sys_sendmmsg+0x99/0x100
[ 3025.979564]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3025.980699]  do_syscall_64+0x33/0x40
[ 3025.981525]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3025.982645] RIP: 0033:0x7fc11dcebb19
[ 3025.983464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3025.987514] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3025.989173] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 3025.990747] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3025.992305] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3025.993869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3025.995425] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 3025.997006] CPU: 0 PID: 17806 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3025.997784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3025.998698] Call Trace:
[ 3025.998991]  dump_stack+0x107/0x167
[ 3025.999393]  should_fail.cold+0x5/0xa
[ 3025.999814]  ? skb_clone+0x14f/0x3d0
[ 3026.000227]  should_failslab+0x5/0x20
[ 3026.000648]  kmem_cache_alloc+0x5b/0x360
[ 3026.001109]  skb_clone+0x14f/0x3d0
[ 3026.001534]  ip6_finish_output2+0x1190/0x1f30
[ 3026.002040]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3026.002589]  ip6_output+0x3b1/0x7f0
[ 3026.002999]  ip6_local_out+0xb4/0x1a0
[ 3026.003415]  ip6_send_skb+0xb7/0x350
[ 3026.003830]  udp_v6_send_skb+0x7aa/0x15b0
[ 3026.004274]  udpv6_sendmsg+0x2086/0x29b0
[ 3026.004728]  ? ip_frag_init+0x350/0x350
[ 3026.005173]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3026.005743]  ? find_held_lock+0x2c/0x110
[ 3026.006198]  ? __might_fault+0xd3/0x180
[ 3026.006632]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3026.007180]  ? __import_iovec+0x458/0x590
[ 3026.007621]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3026.008197]  inet6_sendmsg+0x105/0x140
[ 3026.008611]  ? inet6_compat_ioctl+0x320/0x320
[ 3026.009108]  sock_sendmsg+0xf2/0x190
[ 3026.009513]  ____sys_sendmsg+0x334/0x870
[ 3026.009967]  ? kernel_sendmsg+0x50/0x50
[ 3026.010393]  ? do_recvmmsg+0x6d0/0x6d0
[ 3026.010826]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3026.011398]  ? mark_lock+0xf5/0x2df0
[ 3026.011810]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3026.012371]  ? __lock_acquire+0x1657/0x5b00
[ 3026.012858]  ___sys_sendmsg+0xf3/0x170
[ 3026.013281]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3026.013794]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.014248]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.014710]  ? __fget_files+0x296/0x480
[ 3026.015142]  ? __fget_light+0xea/0x290
[ 3026.015573]  __sys_sendmmsg+0x195/0x470
[ 3026.016012]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3026.016483]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.016945]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3026.017484]  ? wait_for_completion_io+0x270/0x270
[ 3026.017997]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3026.018506]  ? vfs_write+0x354/0xa30
[ 3026.018912]  ? fput_many+0x2f/0x1a0
[ 3026.019315]  ? ksys_write+0x1a9/0x260
11:17:23 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 7)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3026.019728]  __x64_sys_sendmmsg+0x99/0x100
[ 3026.020319]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3026.020884]  do_syscall_64+0x33/0x40
[ 3026.021285]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3026.021867] RIP: 0033:0x7fc6b3968b19
[ 3026.022263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3026.024265] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3026.025081] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3026.025878] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3026.026657] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.027436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3026.028218] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3026.040297] FAULT_INJECTION: forcing a failure.
[ 3026.040297] name failslab, interval 1, probability 0, space 0, times 0
[ 3026.041586] CPU: 0 PID: 17798 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3026.042316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3026.043187] Call Trace:
[ 3026.043468]  dump_stack+0x107/0x167
[ 3026.043861]  should_fail.cold+0x5/0xa
[ 3026.044278]  ? __kernfs_new_node+0xd4/0x850
[ 3026.044735]  should_failslab+0x5/0x20
[ 3026.045151]  kmem_cache_alloc+0x5b/0x360
[ 3026.045598]  __kernfs_new_node+0xd4/0x850
[ 3026.046049]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3026.046561]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3026.047077]  ? pcpu_alloc+0x12a/0x12f0
[ 3026.047490]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3026.048059]  kernfs_create_dir_ns+0x9c/0x230
[ 3026.048538]  cgroup_mkdir+0x318/0xfc0
[ 3026.048944]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3026.049459]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3026.049922]  vfs_mkdir+0x41f/0x660
[ 3026.050307]  do_mkdirat+0x145/0x2a0
[ 3026.050720]  ? user_path_create+0xf0/0xf0
[ 3026.051163]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3026.051752]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3026.052304]  do_syscall_64+0x33/0x40
[ 3026.052723]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3026.053287] RIP: 0033:0x7fd3579f1b19
[ 3026.053712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3026.055665] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3026.056508] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3026.057292] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3026.058096] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.058879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3026.059664] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:17:24 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 14)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:24 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 17)

11:17:24 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 8)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3026.275251] FAULT_INJECTION: forcing a failure.
[ 3026.275251] name failslab, interval 1, probability 0, space 0, times 0
[ 3026.278347] CPU: 1 PID: 17827 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 3026.279816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3026.281585] Call Trace:
[ 3026.282155]  dump_stack+0x107/0x167
[ 3026.282940]  should_fail.cold+0x5/0xa
[ 3026.283750]  ? __alloc_skb+0x6d/0x5b0
[ 3026.284576]  should_failslab+0x5/0x20
[ 3026.285410]  kmem_cache_alloc_node+0x55/0x370
[ 3026.286378]  __alloc_skb+0x6d/0x5b0
[ 3026.287160]  ? do_raw_spin_unlock+0x4f/0x220
[ 3026.288109]  alloc_skb_with_frags+0x92/0x570
[ 3026.289045]  ? find_held_lock+0x2c/0x110
[ 3026.289931]  sock_alloc_send_pskb+0x7af/0x930
[ 3026.290902]  ? sk_alloc+0x350/0x350
[ 3026.291692]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3026.292815]  ? __dev_queue_xmit+0xe4e/0x2730
[ 3026.293773]  ? __local_bh_enable_ip+0x9d/0x100
[ 3026.294761]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3026.295837]  ? ip6_mtu+0x1bb/0x370
[ 3026.296588]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.297476]  ? ip_frag_init+0x350/0x350
[ 3026.298327]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3026.299322]  ? ip6_mtu+0x1e9/0x370
[ 3026.300074]  ? ip6_setup_cork+0xfb7/0x1740
[ 3026.300983]  ip6_make_skb+0x2de/0x4e0
[ 3026.301797]  ? ip_frag_init+0x350/0x350
[ 3026.302648]  ? ip_frag_init+0x350/0x350
[ 3026.303498]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3026.304517]  ? ip6_dst_check+0x379/0x820
[ 3026.305398]  ? sk_dst_check+0x235/0x460
[ 3026.306256]  udpv6_sendmsg+0x2043/0x29b0
[ 3026.307119]  ? ip_frag_init+0x350/0x350
[ 3026.307978]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3026.309094]  ? find_held_lock+0x2c/0x110
[ 3026.309987]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3026.311034]  ? __import_iovec+0x458/0x590
[ 3026.311918]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3026.313008]  inet6_sendmsg+0x105/0x140
[ 3026.313847]  ? inet6_compat_ioctl+0x320/0x320
[ 3026.314594] FAULT_INJECTION: forcing a failure.
[ 3026.314594] name failslab, interval 1, probability 0, space 0, times 0
[ 3026.314795]  sock_sendmsg+0xf2/0x190
[ 3026.316749]  ____sys_sendmsg+0x334/0x870
[ 3026.317638]  ? kernel_sendmsg+0x50/0x50
[ 3026.318489]  ? do_recvmmsg+0x6d0/0x6d0
[ 3026.319318]  ? __lock_acquire+0x1657/0x5b00
[ 3026.320250]  ___sys_sendmsg+0xf3/0x170
[ 3026.321078]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3026.322064]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.322952]  ? find_held_lock+0x2c/0x110
[ 3026.323825]  ? __might_fault+0xd3/0x180
[ 3026.324672]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.325580]  __sys_sendmmsg+0x195/0x470
[ 3026.326435]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3026.327350]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.328248]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3026.329280]  ? wait_for_completion_io+0x270/0x270
[ 3026.330326]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3026.331320]  ? vfs_write+0x354/0xa30
[ 3026.332116]  ? fput_many+0x2f/0x1a0
[ 3026.332899]  ? ksys_write+0x1a9/0x260
[ 3026.333726]  __x64_sys_sendmmsg+0x99/0x100
[ 3026.334627]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3026.335722]  do_syscall_64+0x33/0x40
[ 3026.336516]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3026.337623] RIP: 0033:0x7fe3cda85b19
[ 3026.338420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3026.342321] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3026.343942] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 3026.345465] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3026.346982] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.348497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3026.350032] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
[ 3026.351567] CPU: 0 PID: 17832 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 3026.352333] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3026.353227] Call Trace:
[ 3026.353525]  dump_stack+0x107/0x167
[ 3026.353927]  should_fail.cold+0x5/0xa
[ 3026.354344]  ? create_object.isra.0+0x3a/0xa20
[ 3026.354822]  should_failslab+0x5/0x20
[ 3026.355224]  kmem_cache_alloc+0x5b/0x360
[ 3026.355655]  create_object.isra.0+0x3a/0xa20
[ 3026.356124]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3026.356661]  kmem_cache_alloc_node+0x169/0x370
[ 3026.357142]  __alloc_skb+0x6d/0x5b0
[ 3026.357530]  ? do_raw_spin_unlock+0x4f/0x220
[ 3026.357989]  alloc_skb_with_frags+0x92/0x570
[ 3026.358452]  ? find_held_lock+0x2c/0x110
[ 3026.358907]  sock_alloc_send_pskb+0x7af/0x930
[ 3026.359412]  ? sk_alloc+0x350/0x350
[ 3026.359812]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3026.360383]  ? __dev_queue_xmit+0xe4e/0x2730
[ 3026.360858]  ? __local_bh_enable_ip+0x9d/0x100
[ 3026.361373]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3026.361924]  ? ip6_mtu+0x1bb/0x370
[ 3026.362317]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.362773]  ? ip_frag_init+0x350/0x350
[ 3026.363212]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3026.363729]  ? ip6_mtu+0x1e9/0x370
[ 3026.364115]  ? ip6_setup_cork+0xfb7/0x1740
[ 3026.364583]  ip6_make_skb+0x2de/0x4e0
[ 3026.364995]  ? ip_frag_init+0x350/0x350
[ 3026.365443]  ? ip_frag_init+0x350/0x350
[ 3026.365876]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3026.366402]  ? ip6_dst_check+0x379/0x820
[ 3026.366842]  ? sk_dst_check+0x235/0x460
[ 3026.367284]  udpv6_sendmsg+0x2043/0x29b0
[ 3026.367727]  ? ip_frag_init+0x350/0x350
[ 3026.368169]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3026.368749]  ? find_held_lock+0x2c/0x110
[ 3026.369199]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3026.369752]  ? __import_iovec+0x458/0x590
[ 3026.370206]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3026.370771]  inet6_sendmsg+0x105/0x140
[ 3026.371194]  ? inet6_compat_ioctl+0x320/0x320
[ 3026.371679]  sock_sendmsg+0xf2/0x190
[ 3026.372086]  ____sys_sendmsg+0x334/0x870
[ 3026.372528]  ? kernel_sendmsg+0x50/0x50
[ 3026.372955]  ? do_recvmmsg+0x6d0/0x6d0
[ 3026.373385]  ? __lock_acquire+0x1657/0x5b00
[ 3026.373869]  ___sys_sendmsg+0xf3/0x170
[ 3026.374290]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3026.374801]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.375254]  ? find_held_lock+0x2c/0x110
[ 3026.375706]  ? __might_fault+0xd3/0x180
[ 3026.376139]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.376602]  __sys_sendmmsg+0x195/0x470
[ 3026.377040]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3026.377526]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.377997]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3026.378519]  ? wait_for_completion_io+0x270/0x270
[ 3026.379044]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3026.379550]  ? vfs_write+0x354/0xa30
[ 3026.379951]  ? fput_many+0x2f/0x1a0
[ 3026.380352]  ? ksys_write+0x1a9/0x260
[ 3026.380771]  __x64_sys_sendmmsg+0x99/0x100
[ 3026.381234]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3026.381798]  do_syscall_64+0x33/0x40
[ 3026.382213]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3026.382767] RIP: 0033:0x7fc11dcebb19
[ 3026.383176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3026.385168] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3026.386003] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 3026.386780] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3026.387553] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.388322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3026.389108] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 3026.393197] FAULT_INJECTION: forcing a failure.
[ 3026.393197] name failslab, interval 1, probability 0, space 0, times 0
[ 3026.394468] CPU: 0 PID: 17825 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3026.395227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3026.396137] Call Trace:
[ 3026.396428]  dump_stack+0x107/0x167
[ 3026.396832]  should_fail.cold+0x5/0xa
[ 3026.397233]  ? create_object.isra.0+0x3a/0xa20
[ 3026.397727]  should_failslab+0x5/0x20
[ 3026.398128]  kmem_cache_alloc+0x5b/0x360
[ 3026.398561]  create_object.isra.0+0x3a/0xa20
[ 3026.399028]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3026.399565]  kmem_cache_alloc+0x159/0x360
[ 3026.400008]  __kernfs_new_node+0xd4/0x850
[ 3026.400450]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3026.400955]  ? rcu_read_lock_sched_held+0x3e/0x80
11:17:24 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 15)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3026.401478]  ? pcpu_alloc+0x12a/0x12f0
[ 3026.402101]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3026.402670]  kernfs_create_dir_ns+0x9c/0x230
[ 3026.403160]  cgroup_mkdir+0x318/0xfc0
[ 3026.403583]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3026.404091]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3026.404535]  vfs_mkdir+0x41f/0x660
[ 3026.404912]  do_mkdirat+0x145/0x2a0
[ 3026.405302]  ? user_path_create+0xf0/0xf0
[ 3026.405765]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3026.406312]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3026.406866]  do_syscall_64+0x33/0x40
[ 3026.407258]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3026.407804] RIP: 0033:0x7fd3579f1b19
[ 3026.408199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3026.410145] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3026.410948] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3026.411703] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3026.412454] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.413221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3026.413988] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:17:24 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xe, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3026.440592] FAULT_INJECTION: forcing a failure.
[ 3026.440592] name failslab, interval 1, probability 0, space 0, times 0
[ 3026.443056] CPU: 1 PID: 17837 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3026.444517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3026.446302] Call Trace:
[ 3026.446866]  dump_stack+0x107/0x167
[ 3026.447640]  should_fail.cold+0x5/0xa
[ 3026.448448]  ? create_object.isra.0+0x3a/0xa20
[ 3026.449449]  should_failslab+0x5/0x20
[ 3026.450284]  kmem_cache_alloc+0x5b/0x360
[ 3026.451160]  create_object.isra.0+0x3a/0xa20
[ 3026.452099]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3026.453188]  kmem_cache_alloc+0x159/0x360
[ 3026.454097]  skb_clone+0x14f/0x3d0
[ 3026.454866]  ip6_finish_output2+0x1190/0x1f30
[ 3026.455832]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3026.456908]  ip6_output+0x3b1/0x7f0
[ 3026.457698]  ip6_local_out+0xb4/0x1a0
[ 3026.458515]  ip6_send_skb+0xb7/0x350
[ 3026.459307]  udp_v6_send_skb+0x7aa/0x15b0
[ 3026.460199]  udpv6_sendmsg+0x2086/0x29b0
[ 3026.461062]  ? ip_frag_init+0x350/0x350
[ 3026.461932]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3026.463046]  ? find_held_lock+0x2c/0x110
[ 3026.463915]  ? __might_fault+0xd3/0x180
[ 3026.464777]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3026.465830]  ? __import_iovec+0x458/0x590
[ 3026.466711]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3026.467808]  inet6_sendmsg+0x105/0x140
[ 3026.468634]  ? inet6_compat_ioctl+0x320/0x320
[ 3026.469594]  sock_sendmsg+0xf2/0x190
[ 3026.470386]  ____sys_sendmsg+0x334/0x870
[ 3026.471250]  ? kernel_sendmsg+0x50/0x50
[ 3026.472094]  ? do_recvmmsg+0x6d0/0x6d0
[ 3026.472924]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3026.474054]  ? mark_lock+0xf5/0x2df0
[ 3026.474852]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3026.475962]  ? __lock_acquire+0x1657/0x5b00
[ 3026.476883]  ___sys_sendmsg+0xf3/0x170
[ 3026.477720]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3026.478696]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.479584]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.480473]  ? __fget_files+0x296/0x480
[ 3026.481328]  ? __fget_light+0xea/0x290
[ 3026.482186]  __sys_sendmmsg+0x195/0x470
[ 3026.483041]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3026.483958]  ? lock_downgrade+0x6d0/0x6d0
[ 3026.484857]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3026.485898]  ? wait_for_completion_io+0x270/0x270
[ 3026.486927]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3026.487916]  ? vfs_write+0x354/0xa30
[ 3026.488711]  ? fput_many+0x2f/0x1a0
[ 3026.489492]  ? ksys_write+0x1a9/0x260
[ 3026.490311]  __x64_sys_sendmmsg+0x99/0x100
[ 3026.491208]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3026.492302]  do_syscall_64+0x33/0x40
[ 3026.493095]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3026.494204] RIP: 0033:0x7fc6b3968b19
[ 3026.494998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3026.498905] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3026.500523] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3026.502051] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3026.503563] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3026.505075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3026.506594] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
11:17:24 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xc, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:38 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 18)

11:17:38 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xe, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:38 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 9)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:38 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 15)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:38 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:38 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x30, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:38 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x9, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:38 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 16)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3040.750613] FAULT_INJECTION: forcing a failure.
[ 3040.750613] name failslab, interval 1, probability 0, space 0, times 0
[ 3040.753321] CPU: 1 PID: 17866 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3040.754748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3040.756426] Call Trace:
[ 3040.756974]  dump_stack+0x107/0x167
[ 3040.757746]  should_fail.cold+0x5/0xa
[ 3040.758526]  ? create_object.isra.0+0x3a/0xa20
[ 3040.759469]  should_failslab+0x5/0x20
[ 3040.760250]  kmem_cache_alloc+0x5b/0x360
[ 3040.760829] FAULT_INJECTION: forcing a failure.
[ 3040.760829] name failslab, interval 1, probability 0, space 0, times 0
[ 3040.761075]  create_object.isra.0+0x3a/0xa20
[ 3040.761094]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3040.761119]  kmem_cache_alloc+0x159/0x360
[ 3040.761154]  __kernfs_new_node+0xd4/0x850
[ 3040.766945]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3040.767931]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3040.768901]  ? pcpu_alloc+0x12a/0x12f0
[ 3040.769704]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3040.770758]  kernfs_create_dir_ns+0x9c/0x230
[ 3040.771659]  cgroup_mkdir+0x318/0xfc0
[ 3040.772440]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3040.773402]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3040.774263]  vfs_mkdir+0x41f/0x660
[ 3040.774988]  do_mkdirat+0x145/0x2a0
[ 3040.775725]  ? user_path_create+0xf0/0xf0
[ 3040.776572]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3040.777647]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3040.778701]  do_syscall_64+0x33/0x40
[ 3040.779473]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3040.780513] RIP: 0033:0x7fd3579f1b19
[ 3040.781283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3040.784995] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3040.786548] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3040.787991] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3040.789432] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3040.790873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3040.792316] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
[ 3040.793802] CPU: 0 PID: 17875 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3040.795228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3040.796919] Call Trace:
[ 3040.797469]  dump_stack+0x107/0x167
[ 3040.798232]  should_fail.cold+0x5/0xa
[ 3040.799017]  ? mac80211_hwsim_tx_frame_no_nl.isra.0+0x695/0x13d0
[ 3040.800257]  ? __alloc_skb+0x6d/0x5b0
[ 3040.801041]  should_failslab+0x5/0x20
[ 3040.801839]  kmem_cache_alloc_node+0x55/0x370
[ 3040.802765]  __alloc_skb+0x6d/0x5b0
[ 3040.803521]  skb_copy+0x137/0x2f0
[ 3040.804269]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 3040.805489]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 3040.806564]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 3040.807752]  ? find_held_lock+0x2c/0x110
[ 3040.808597]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 3040.809665]  mac80211_hwsim_tx+0x574/0x1270
[ 3040.810558]  ? trace_hardirqs_on+0x5b/0x180
[ 3040.811450]  ieee80211_tx_frags+0x59c/0x9f0
[ 3040.812353]  ? fq_skb_free_func+0x20/0x20
[ 3040.813212]  __ieee80211_tx+0x1ad/0x620
[ 3040.814041]  ieee80211_tx+0x329/0x410
[ 3040.814820]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 3040.815869]  ? __ieee80211_tx+0x620/0x620
[ 3040.816717]  ? ieee80211_skb_resize+0x116/0x630
[ 3040.817694]  ieee80211_xmit+0x220/0x2a0
[ 3040.818521]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 3040.819583]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 3040.820640]  ieee80211_subif_start_xmit+0xef/0xf30
[ 3040.821654]  ? skb_network_protocol+0x145/0x570
[ 3040.822619]  ? skb_crc32c_csum_help+0x80/0x80
[ 3040.823539]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 3040.824625]  ? lock_acquire+0x197/0x490
[ 3040.825441]  ? sch_direct_xmit+0x31a/0x790
[ 3040.826326]  ? lock_release+0x6b0/0x6b0
[ 3040.827156]  dev_hard_start_xmit+0x1cb/0x840
[ 3040.828069]  sch_direct_xmit+0x25f/0x790
[ 3040.828899]  ? find_held_lock+0x2c/0x110
[ 3040.829745]  ? dev_watchdog+0xc60/0xc60
[ 3040.830558]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 3040.831497]  __qdisc_run+0x4aa/0x1610
[ 3040.832297]  __dev_queue_xmit+0xd99/0x2730
[ 3040.833164]  ? ip6_finish_output2+0x171f/0x1f30
[ 3040.834133]  ? find_held_lock+0x2c/0x110
[ 3040.834970]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 3040.835909]  ? lock_downgrade+0x6d0/0x6d0
[ 3040.836770]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 3040.837863]  ip6_finish_output2+0x171f/0x1f30
[ 3040.838796]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3040.839821]  ip6_output+0x3b1/0x7f0
[ 3040.840578]  ip6_local_out+0xb4/0x1a0
[ 3040.841366]  ip6_send_skb+0xb7/0x350
[ 3040.842144]  udp_v6_send_skb+0x7aa/0x15b0
[ 3040.843010]  udpv6_sendmsg+0x2086/0x29b0
[ 3040.843841]  ? ip_frag_init+0x350/0x350
[ 3040.844667]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3040.845754]  ? find_held_lock+0x2c/0x110
[ 3040.846591]  ? __might_fault+0xd3/0x180
[ 3040.847424]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3040.848442]  ? __import_iovec+0x458/0x590
[ 3040.849287]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3040.850355]  inet6_sendmsg+0x105/0x140
[ 3040.851150]  ? inet6_compat_ioctl+0x320/0x320
[ 3040.852066]  sock_sendmsg+0xf2/0x190
[ 3040.852825]  ____sys_sendmsg+0x334/0x870
[ 3040.853667]  ? kernel_sendmsg+0x50/0x50
[ 3040.854483]  ? do_recvmmsg+0x6d0/0x6d0
[ 3040.855281]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3040.856355]  ? mark_lock+0xf5/0x2df0
[ 3040.857118]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3040.858197]  ? __lock_acquire+0x1657/0x5b00
[ 3040.859082]  ___sys_sendmsg+0xf3/0x170
[ 3040.859878]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3040.860817]  ? lock_downgrade+0x6d0/0x6d0
[ 3040.861685]  ? lock_downgrade+0x6d0/0x6d0
[ 3040.862537]  ? __fget_files+0x296/0x480
[ 3040.863364]  ? __fget_light+0xea/0x290
[ 3040.864172]  __sys_sendmmsg+0x195/0x470
[ 3040.864991]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3040.865884]  ? lock_downgrade+0x6d0/0x6d0
[ 3040.866756]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3040.867752]  ? wait_for_completion_io+0x270/0x270
[ 3040.868738]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3040.869692]  ? vfs_write+0x354/0xa30
[ 3040.870462]  ? fput_many+0x2f/0x1a0
[ 3040.871210]  ? ksys_write+0x1a9/0x260
[ 3040.871998]  __x64_sys_sendmmsg+0x99/0x100
[ 3040.872860]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3040.873933]  do_syscall_64+0x33/0x40
[ 3040.874701]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3040.875746] RIP: 0033:0x7fc6b3968b19
[ 3040.876514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3040.880285] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3040.881847] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3040.883309] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3040.884758] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3040.886221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3040.887671] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3040.909135] FAULT_INJECTION: forcing a failure.
[ 3040.909135] name failslab, interval 1, probability 0, space 0, times 0
[ 3040.911774] CPU: 1 PID: 17871 Comm: syz-executor.0 Not tainted 5.10.168 #1
[ 3040.913171] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3040.914839] FAULT_INJECTION: forcing a failure.
[ 3040.914839] name failslab, interval 1, probability 0, space 0, times 0
[ 3040.917032] Call Trace:
[ 3040.917062]  dump_stack+0x107/0x167
[ 3040.917084]  should_fail.cold+0x5/0xa
[ 3040.917110]  ? create_object.isra.0+0x3a/0xa20
[ 3040.920046]  should_failslab+0x5/0x20
[ 3040.920810]  kmem_cache_alloc+0x5b/0x360
[ 3040.921650]  create_object.isra.0+0x3a/0xa20
[ 3040.922538]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3040.923572]  kmem_cache_alloc_node+0x169/0x370
[ 3040.924505]  __alloc_skb+0x6d/0x5b0
[ 3040.925245]  ? do_raw_spin_unlock+0x4f/0x220
[ 3040.926144]  alloc_skb_with_frags+0x92/0x570
[ 3040.927032]  ? find_held_lock+0x2c/0x110
[ 3040.927857]  sock_alloc_send_pskb+0x7af/0x930
[ 3040.928774]  ? sk_alloc+0x350/0x350
[ 3040.929539]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3040.930607]  ? mark_lock+0xf5/0x2df0
[ 3040.931377]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3040.932401]  ? ip6_mtu+0x1bb/0x370
[ 3040.933127]  ? lock_downgrade+0x6d0/0x6d0
[ 3040.933966]  ? ip_frag_init+0x350/0x350
[ 3040.934781]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3040.935719]  ? ip6_mtu+0x1e9/0x370
[ 3040.936444]  ? ip6_setup_cork+0xfb7/0x1740
[ 3040.937305]  ip6_make_skb+0x2de/0x4e0
[ 3040.938100]  ? ip_frag_init+0x350/0x350
[ 3040.938904]  ? ip_frag_init+0x350/0x350
[ 3040.939713]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3040.940676]  ? ip6_dst_check+0x379/0x820
[ 3040.941506]  ? sk_dst_check+0x235/0x460
[ 3040.942328]  udpv6_sendmsg+0x2043/0x29b0
[ 3040.943171]  ? ip_frag_init+0x350/0x350
[ 3040.943985]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3040.945030]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3040.946107]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3040.947204]  ? trace_hardirqs_on+0x5b/0x180
[ 3040.948095]  ? find_held_lock+0x2c/0x110
[ 3040.948931]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3040.949946]  ? __import_iovec+0x458/0x590
[ 3040.950781]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3040.951826]  inet6_sendmsg+0x105/0x140
[ 3040.952619]  ? inet6_compat_ioctl+0x320/0x320
[ 3040.953533]  sock_sendmsg+0xf2/0x190
[ 3040.954291]  ____sys_sendmsg+0x334/0x870
[ 3040.955119]  ? kernel_sendmsg+0x50/0x50
[ 3040.955916]  ? do_recvmmsg+0x6d0/0x6d0
[ 3040.956716]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3040.957787]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3040.958882]  ? trace_hardirqs_on+0x5b/0x180
[ 3040.959760]  ___sys_sendmsg+0xf3/0x170
[ 3040.960551]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3040.961477]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3040.962401]  ? _raw_spin_unlock_irq+0x27/0x30
[ 3040.963315]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3040.964222]  ? finish_task_switch+0x126/0x5d0
[ 3040.965129]  ? finish_task_switch+0xef/0x5d0
[ 3040.966020]  ? __switch_to+0x572/0xff0
[ 3040.966803]  ? __switch_to_asm+0x3a/0x60
[ 3040.967620]  ? __switch_to_asm+0x34/0x60
[ 3040.968448]  ? __schedule+0x850/0x1ed0
[ 3040.969247]  ? io_schedule_timeout+0x140/0x140
[ 3040.970222]  __sys_sendmmsg+0x195/0x470
[ 3040.971032]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3040.971903]  ? lock_downgrade+0x6d0/0x6d0
[ 3040.972759]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3040.973744]  ? wait_for_completion_io+0x270/0x270
[ 3040.974726]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3040.975668]  ? vfs_write+0x354/0xa30
[ 3040.976428]  ? fput_many+0x2f/0x1a0
[ 3040.977176]  ? ksys_write+0x1a9/0x260
[ 3040.977970]  __x64_sys_sendmmsg+0x99/0x100
[ 3040.978823]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3040.979867]  do_syscall_64+0x33/0x40
[ 3040.980628]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3040.981673] RIP: 0033:0x7fe3cda85b19
[ 3040.982437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3040.986159] RSP: 002b:00007fe3caffb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3040.987694] RAX: ffffffffffffffda RBX: 00007fe3cdb98f60 RCX: 00007fe3cda85b19
[ 3040.989153] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3040.990606] RBP: 00007fe3caffb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3040.992041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3040.993483] R13: 00007ffc6dcd9d6f R14: 00007fe3caffb300 R15: 0000000000022000
[ 3040.995126] CPU: 0 PID: 17878 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 3040.996556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3040.998262] Call Trace:
[ 3040.998802]  dump_stack+0x107/0x167
[ 3040.999548]  should_fail.cold+0x5/0xa
[ 3041.000331]  should_failslab+0x5/0x20
[ 3041.001108]  __kmalloc_node_track_caller+0x74/0x3f0
[ 3041.002132]  ? alloc_skb_with_frags+0x92/0x570
[ 3041.003069]  __alloc_skb+0xb1/0x5b0
[ 3041.003816]  alloc_skb_with_frags+0x92/0x570
[ 3041.004711]  ? find_held_lock+0x2c/0x110
[ 3041.005571]  sock_alloc_send_pskb+0x7af/0x930
[ 3041.006495]  ? sk_alloc+0x350/0x350
[ 3041.007243]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3041.008305]  ? mark_lock+0xf5/0x2df0
[ 3041.009073]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3041.010110]  ? ip6_mtu+0x1bb/0x370
[ 3041.010833]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.011671]  ? ip_frag_init+0x350/0x350
[ 3041.012493]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3041.013443]  ? ip6_mtu+0x1e9/0x370
[ 3041.014175]  ? ip6_setup_cork+0xfb7/0x1740
[ 3041.015058]  ip6_make_skb+0x2de/0x4e0
[ 3041.015828]  ? ip_frag_init+0x350/0x350
[ 3041.016642]  ? ip_frag_init+0x350/0x350
[ 3041.017457]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3041.018427]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3041.019500]  ? ip6_dst_check+0x379/0x820
[ 3041.020334]  ? sk_dst_check+0x235/0x460
[ 3041.021150]  udpv6_sendmsg+0x2043/0x29b0
[ 3041.021983]  ? ip_frag_init+0x350/0x350
[ 3041.022804]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3041.023847]  ? trace_hardirqs_on+0x5b/0x180
[ 3041.024731]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3041.025845]  ? irqentry_enter+0x26/0x60
[ 3041.026660]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3041.027727]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3041.028830]  ? trace_hardirqs_on+0x5b/0x180
[ 3041.029716]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3041.030857]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3041.031855]  ? __import_iovec+0x458/0x590
[ 3041.032701]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3041.033772]  inet6_sendmsg+0x105/0x140
[ 3041.034575]  ? inet6_compat_ioctl+0x320/0x320
[ 3041.035478]  sock_sendmsg+0xf2/0x190
[ 3041.036237]  ____sys_sendmsg+0x334/0x870
[ 3041.037063]  ? kernel_sendmsg+0x50/0x50
[ 3041.037882]  ? do_recvmmsg+0x6d0/0x6d0
[ 3041.038675]  ? find_held_lock+0x2c/0x110
[ 3041.039515]  ___sys_sendmsg+0xf3/0x170
[ 3041.040310]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3041.041239]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3041.042361]  ? finish_task_switch+0xef/0x5d0
[ 3041.043256]  ? __schedule+0x857/0x1ed0
[ 3041.044062]  ? io_schedule_timeout+0x140/0x140
[ 3041.045001]  __sys_sendmmsg+0x195/0x470
[ 3041.045826]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3041.046703]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.047562]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3041.048550]  ? wait_for_completion_io+0x270/0x270
[ 3041.049548]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3041.050496]  ? vfs_write+0x354/0xa30
[ 3041.051256]  ? fput_many+0x2f/0x1a0
[ 3041.052015]  ? ksys_write+0x1a9/0x260
[ 3041.052803]  __x64_sys_sendmmsg+0x99/0x100
[ 3041.053679]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3041.054740]  do_syscall_64+0x33/0x40
[ 3041.055503]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3041.056548] RIP: 0033:0x7fc11dcebb19
[ 3041.057306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3041.061056] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3041.062620] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 3041.064069] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3041.065530] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3041.066981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3041.068434] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
11:17:39 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 17)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:39 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 19)

[ 3041.355218] FAULT_INJECTION: forcing a failure.
[ 3041.355218] name failslab, interval 1, probability 0, space 0, times 0
[ 3041.357614] CPU: 0 PID: 17898 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 3041.359020] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3041.360704] Call Trace:
[ 3041.361247]  dump_stack+0x107/0x167
[ 3041.362002]  should_fail.cold+0x5/0xa
[ 3041.362778]  ? create_object.isra.0+0x3a/0xa20
[ 3041.363706]  should_failslab+0x5/0x20
[ 3041.364482]  kmem_cache_alloc+0x5b/0x360
[ 3041.365312]  create_object.isra.0+0x3a/0xa20
[ 3041.366230]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3041.367274]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 3041.368309]  ? alloc_skb_with_frags+0x92/0x570
[ 3041.369242]  __alloc_skb+0xb1/0x5b0
[ 3041.370016]  alloc_skb_with_frags+0x92/0x570
[ 3041.370926]  ? find_held_lock+0x2c/0x110
[ 3041.371770]  sock_alloc_send_pskb+0x7af/0x930
[ 3041.372696]  ? sk_alloc+0x350/0x350
[ 3041.373450]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3041.374527]  ? mark_lock+0xf5/0x2df0
[ 3041.375300]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3041.376321]  ? ip6_mtu+0x1bb/0x370
[ 3041.377045]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.377905]  ? ip_frag_init+0x350/0x350
[ 3041.378722]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3041.379665]  ? ip6_mtu+0x1e9/0x370
[ 3041.380386]  ? ip6_setup_cork+0xfb7/0x1740
[ 3041.381249]  ip6_make_skb+0x2de/0x4e0
[ 3041.382035]  ? ip_frag_init+0x350/0x350
[ 3041.382846]  ? ip_frag_init+0x350/0x350
[ 3041.383659]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3041.384632]  ? ip6_dst_check+0x379/0x820
[ 3041.385461]  ? sk_dst_check+0x235/0x460
[ 3041.386291]  udpv6_sendmsg+0x2043/0x29b0
[ 3041.387112]  ? ip_frag_init+0x350/0x350
[ 3041.387930]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3041.388984]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3041.390075]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3041.391174]  ? trace_hardirqs_on+0x5b/0x180
[ 3041.392071]  ? find_held_lock+0x2c/0x110
[ 3041.392921]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3041.393938]  ? __import_iovec+0x458/0x590
[ 3041.394780]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3041.395823]  inet6_sendmsg+0x105/0x140
[ 3041.396615]  ? inet6_compat_ioctl+0x320/0x320
[ 3041.397518]  sock_sendmsg+0xf2/0x190
[ 3041.398299]  ____sys_sendmsg+0x334/0x870
[ 3041.399122]  ? kernel_sendmsg+0x50/0x50
[ 3041.399920]  ? do_recvmmsg+0x6d0/0x6d0
[ 3041.400712]  ? find_held_lock+0x2c/0x110
[ 3041.401557]  ___sys_sendmsg+0xf3/0x170
[ 3041.402346]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3041.403271]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3041.404334]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3041.405240]  ? trace_hardirqs_on+0x5b/0x180
[ 3041.406123]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3041.407035]  ? finish_task_switch+0x126/0x5d0
[ 3041.407938]  ? finish_task_switch+0xef/0x5d0
[ 3041.408825]  ? __switch_to+0x572/0xff0
[ 3041.409623]  ? __switch_to_asm+0x3a/0x60
[ 3041.410437]  ? __switch_to_asm+0x34/0x60
[ 3041.411260]  ? __schedule+0x850/0x1ed0
[ 3041.412050]  ? io_schedule_timeout+0x140/0x140
[ 3041.412978]  __sys_sendmmsg+0x195/0x470
[ 3041.413793]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3041.414667]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.415521]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3041.416493]  ? wait_for_completion_io+0x270/0x270
[ 3041.417470]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3041.418429]  ? vfs_write+0x354/0xa30
[ 3041.419180]  ? fput_many+0x2f/0x1a0
[ 3041.419913]  ? ksys_write+0x1a9/0x260
[ 3041.420691]  __x64_sys_sendmmsg+0x99/0x100
[ 3041.421547]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3041.422591]  do_syscall_64+0x33/0x40
[ 3041.423350]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3041.424381] RIP: 0033:0x7fc11dcebb19
[ 3041.425136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3041.428840] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3041.430380] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 3041.431820] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3041.433266] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3041.434707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3041.436143] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
11:17:39 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x31, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:39 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 10)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3041.562426] FAULT_INJECTION: forcing a failure.
[ 3041.562426] name failslab, interval 1, probability 0, space 0, times 0
[ 3041.565294] CPU: 0 PID: 17910 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3041.566679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3041.568283] Call Trace:
[ 3041.568802]  dump_stack+0x107/0x167
[ 3041.569522]  should_fail.cold+0x5/0xa
[ 3041.570265]  ? create_object.isra.0+0x3a/0xa20
[ 3041.571165]  should_failslab+0x5/0x20
[ 3041.571902]  kmem_cache_alloc+0x5b/0x360
[ 3041.572697]  create_object.isra.0+0x3a/0xa20
[ 3041.573558]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3041.574566]  __kmalloc+0x16e/0x3f0
[ 3041.575273]  ext4_find_extent+0xa3d/0xd30
[ 3041.576098]  ext4_ext_map_blocks+0x1c8/0x5b90
[ 3041.576987]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3041.578031]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3041.579054]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3041.579995]  ? ext4_ext_release+0x10/0x10
[ 3041.580806]  ? ext4_map_blocks+0x5e0/0x1970
[ 3041.581659]  ? lock_release+0x6b0/0x6b0
[ 3041.582427]  ? ext4_es_lookup_extent+0x48d/0xbe0
[ 3041.583343]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.584147]  ? jbd2_journal_dirty_metadata+0x1bb/0xa10
[ 3041.585175]  ? down_write+0xe0/0x160
[ 3041.585921]  ? down_write_killable+0x180/0x180
[ 3041.586826]  ext4_map_blocks+0x652/0x1970
[ 3041.587645]  ? down_write_nested+0x160/0x160
[ 3041.588492]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 3041.589352]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3041.590287]  ? ext4_es_lookup_extent+0xc4/0xbe0
[ 3041.591204]  ext4_getblk+0x144/0x680
[ 3041.591925]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[ 3041.592879]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 3041.593760]  ? __brelse+0x84/0xa0
[ 3041.594432]  ? __ext4_new_inode+0x148/0x5400
[ 3041.595300]  ext4_bread+0x29/0x1f0
[ 3041.595984]  ext4_append+0x228/0x4e0
[ 3041.596711]  ? ext4_move_extents+0x3270/0x3270
[ 3041.597616]  ? ext4_mark_inode_used+0x14a0/0x14a0
[ 3041.598558]  ext4_init_new_dir+0x25e/0x4d0
[ 3041.599373]  ? ext4_init_dot_dotdot+0x610/0x610
[ 3041.600273]  ext4_mkdir+0x3c1/0xb10
[ 3041.600979]  ? ext4_rmdir+0xf70/0xf70
[ 3041.601735]  vfs_mkdir+0x41f/0x660
[ 3041.602421]  do_mkdirat+0x145/0x2a0
[ 3041.603128]  ? user_path_create+0xf0/0xf0
[ 3041.603928]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3041.604934]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3041.605684] FAULT_INJECTION: forcing a failure.
[ 3041.605684] name failslab, interval 1, probability 0, space 0, times 0
[ 3041.605943]  do_syscall_64+0x33/0x40
[ 3041.605997]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3041.606009] RIP: 0033:0x7fd3579f1b19
[ 3041.606028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3041.606038] RSP: 002b:00007fd354f46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3041.606058] RAX: ffffffffffffffda RBX: 00007fd357b05020 RCX: 00007fd3579f1b19
[ 3041.606069] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000008
[ 3041.606079] RBP: 00007fd354f461d0 R08: 0000000000000000 R09: 0000000000000000
[ 3041.606091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3041.606111] R13: 00007ffc675ec60f R14: 00007fd354f46300 R15: 0000000000022000
[ 3041.623539] CPU: 1 PID: 17915 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3041.624968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3041.626657] Call Trace:
[ 3041.627206]  dump_stack+0x107/0x167
[ 3041.627974]  should_fail.cold+0x5/0xa
[ 3041.628755]  ? ___slab_alloc+0x155/0x700
[ 3041.629589]  ? create_object.isra.0+0x3a/0xa20
[ 3041.630520]  should_failslab+0x5/0x20
[ 3041.631301]  kmem_cache_alloc+0x5b/0x360
[ 3041.632136]  create_object.isra.0+0x3a/0xa20
[ 3041.633030]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3041.634088]  kmem_cache_alloc_node+0x169/0x370
[ 3041.635030]  __alloc_skb+0x6d/0x5b0
[ 3041.635777]  skb_copy+0x137/0x2f0
[ 3041.636508]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 3041.637737]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 3041.638791]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 3041.639965]  ? find_held_lock+0x2c/0x110
[ 3041.640802]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 3041.641859]  mac80211_hwsim_tx+0x574/0x1270
[ 3041.642742]  ? trace_hardirqs_on+0x5b/0x180
[ 3041.643628]  ieee80211_tx_frags+0x59c/0x9f0
[ 3041.644524]  ? fq_skb_free_func+0x20/0x20
[ 3041.645381]  __ieee80211_tx+0x1ad/0x620
[ 3041.646207]  ieee80211_tx+0x329/0x410
[ 3041.646990]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 3041.648031]  ? __ieee80211_tx+0x620/0x620
[ 3041.648878]  ? ieee80211_skb_resize+0x116/0x630
[ 3041.649854]  ieee80211_xmit+0x220/0x2a0
[ 3041.650671]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 3041.651733]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 3041.652782]  ieee80211_subif_start_xmit+0xef/0xf30
[ 3041.653790]  ? skb_network_protocol+0x145/0x570
[ 3041.654750]  ? skb_crc32c_csum_help+0x80/0x80
[ 3041.655661]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 3041.656748]  ? lock_acquire+0x197/0x490
[ 3041.657571]  ? sch_direct_xmit+0x31a/0x790
[ 3041.658442]  ? lock_release+0x6b0/0x6b0
[ 3041.659269]  dev_hard_start_xmit+0x1cb/0x840
[ 3041.660180]  sch_direct_xmit+0x25f/0x790
[ 3041.661011]  ? find_held_lock+0x2c/0x110
[ 3041.661855]  ? dev_watchdog+0xc60/0xc60
[ 3041.662664]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 3041.663598]  __qdisc_run+0x4aa/0x1610
[ 3041.664408]  __dev_queue_xmit+0xd99/0x2730
[ 3041.665270]  ? ip6_finish_output2+0x171f/0x1f30
[ 3041.666249]  ? find_held_lock+0x2c/0x110
[ 3041.667085]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 3041.668025]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.668883]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 3041.669961]  ip6_finish_output2+0x171f/0x1f30
[ 3041.670898]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3041.671923]  ip6_output+0x3b1/0x7f0
[ 3041.672675]  ip6_local_out+0xb4/0x1a0
[ 3041.673454]  ip6_send_skb+0xb7/0x350
[ 3041.674251]  udp_v6_send_skb+0x7aa/0x15b0
[ 3041.675118]  udpv6_sendmsg+0x2086/0x29b0
[ 3041.675946]  ? ip_frag_init+0x350/0x350
[ 3041.676771]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3041.677853]  ? find_held_lock+0x2c/0x110
[ 3041.678689]  ? __might_fault+0xd3/0x180
[ 3041.679524]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3041.680543]  ? __import_iovec+0x458/0x590
[ 3041.681385]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3041.682445]  inet6_sendmsg+0x105/0x140
[ 3041.683238]  ? inet6_compat_ioctl+0x320/0x320
[ 3041.684150]  sock_sendmsg+0xf2/0x190
[ 3041.684912]  ____sys_sendmsg+0x334/0x870
[ 3041.685763]  ? kernel_sendmsg+0x50/0x50
[ 3041.686568]  ? do_recvmmsg+0x6d0/0x6d0
[ 3041.687366]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3041.688436]  ? mark_lock+0xf5/0x2df0
[ 3041.689199]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3041.690272]  ? __lock_acquire+0x1657/0x5b00
[ 3041.691162]  ___sys_sendmsg+0xf3/0x170
[ 3041.691963]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3041.692902]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.693770]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.694621]  ? __fget_files+0x296/0x480
[ 3041.695447]  ? __fget_light+0xea/0x290
[ 3041.696249]  __sys_sendmmsg+0x195/0x470
[ 3041.697067]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3041.697948]  ? lock_downgrade+0x6d0/0x6d0
[ 3041.698813]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3041.699794]  ? wait_for_completion_io+0x270/0x270
[ 3041.700773]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3041.701733]  ? vfs_write+0x354/0xa30
[ 3041.702494]  ? fput_many+0x2f/0x1a0
[ 3041.703234]  ? ksys_write+0x1a9/0x260
[ 3041.704024]  __x64_sys_sendmmsg+0x99/0x100
[ 3041.704878]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3041.705931]  do_syscall_64+0x33/0x40
[ 3041.706684]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3041.707722] RIP: 0033:0x7fc6b3968b19
[ 3041.708482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3041.712196] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3041.713743] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3041.715180] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3041.716620] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3041.718073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3041.719514] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
11:17:39 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xc, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:39 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:39 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:39 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x30, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:40 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x30, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:40 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 18)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:40 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3042.209530] FAULT_INJECTION: forcing a failure.
[ 3042.209530] name failslab, interval 1, probability 0, space 0, times 0
[ 3042.211290] CPU: 0 PID: 17952 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 3042.212141] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3042.213148] Call Trace:
[ 3042.213476]  dump_stack+0x107/0x167
[ 3042.213925]  should_fail.cold+0x5/0xa
[ 3042.214393]  ? create_object.isra.0+0x3a/0xa20
11:17:40 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x32, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3042.214952]  should_failslab+0x5/0x20
11:17:40 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 20)

[ 3042.215555]  kmem_cache_alloc+0x5b/0x360
[ 3042.216100]  create_object.isra.0+0x3a/0xa20
[ 3042.216631]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3042.217244]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 3042.217876]  ? alloc_skb_with_frags+0x92/0x570
[ 3042.218433]  __alloc_skb+0xb1/0x5b0
[ 3042.218886]  alloc_skb_with_frags+0x92/0x570
[ 3042.219425]  ? find_held_lock+0x2c/0x110
[ 3042.219925]  sock_alloc_send_pskb+0x7af/0x930
[ 3042.220478]  ? sk_alloc+0x350/0x350
[ 3042.220940]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3042.221634]  ? __ip6_append_data.isra.0+0x54c/0x3a70
[ 3042.222283]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3042.222923]  ? ip6_mtu+0x1bb/0x370
[ 3042.223373]  ? lock_downgrade+0x6d0/0x6d0
[ 3042.223892]  ? ip_frag_init+0x350/0x350
[ 3042.224378]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3042.224962]  ? ip6_mtu+0x1e9/0x370
[ 3042.225416]  ? ip6_setup_cork+0xfb7/0x1740
[ 3042.225966]  ip6_make_skb+0x2de/0x4e0
[ 3042.226433]  ? ip_frag_init+0x350/0x350
[ 3042.226926]  ? ip_frag_init+0x350/0x350
[ 3042.227421]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3042.228009]  ? ip6_dst_check+0x379/0x820
[ 3042.228515]  ? sk_dst_check+0x235/0x460
[ 3042.229011]  udpv6_sendmsg+0x2043/0x29b0
[ 3042.229499]  ? ip_frag_init+0x350/0x350
[ 3042.230017]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3042.230650]  ? perf_event_task_disable+0x390/0x390
[ 3042.231251]  ? lock_downgrade+0x6d0/0x6d0
[ 3042.231772]  ? hrtimer_start_range_ns+0x336/0x980
[ 3042.232369]  ? irqentry_enter+0x26/0x60
[ 3042.232869]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3042.233562]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3042.234185]  ? __import_iovec+0x458/0x590
[ 3042.234696]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3042.235314]  inet6_sendmsg+0x105/0x140
[ 3042.235801]  ? inet6_compat_ioctl+0x320/0x320
[ 3042.236358]  sock_sendmsg+0xf2/0x190
[ 3042.236817]  ____sys_sendmsg+0x334/0x870
[ 3042.237313]  ? kernel_sendmsg+0x50/0x50
[ 3042.237793]  ? do_recvmmsg+0x6d0/0x6d0
[ 3042.238273]  ? find_held_lock+0x2c/0x110
[ 3042.238783]  ___sys_sendmsg+0xf3/0x170
[ 3042.239253]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3042.239810]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3042.240454]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3042.241003]  ? trace_hardirqs_on+0x5b/0x180
[ 3042.241530]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3042.242073]  ? finish_task_switch+0x126/0x5d0
[ 3042.242623]  ? finish_task_switch+0xef/0x5d0
[ 3042.243169]  ? __switch_to+0x572/0xff0
[ 3042.243651]  ? __switch_to_asm+0x3a/0x60
[ 3042.244150]  ? __switch_to_asm+0x34/0x60
[ 3042.244649]  ? __schedule+0x850/0x1ed0
[ 3042.245129]  ? io_schedule_timeout+0x140/0x140
[ 3042.245708]  __sys_sendmmsg+0x195/0x470
[ 3042.246195]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3042.246725]  ? lock_downgrade+0x6d0/0x6d0
[ 3042.247243]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3042.247829]  ? wait_for_completion_io+0x270/0x270
[ 3042.248418]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3042.248980]  ? vfs_write+0x354/0xa30
[ 3042.249450]  ? fput_many+0x2f/0x1a0
[ 3042.249888]  ? ksys_write+0x1a9/0x260
[ 3042.250360]  __x64_sys_sendmmsg+0x99/0x100
[ 3042.250867]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3042.251490]  do_syscall_64+0x33/0x40
[ 3042.251944]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3042.252574] RIP: 0033:0x7fc11dcebb19
[ 3042.253022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3042.255292] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3042.256214] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 3042.257044] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3042.257930] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3042.258800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3042.259666] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
[ 3042.312825] FAULT_INJECTION: forcing a failure.
[ 3042.312825] name failslab, interval 1, probability 0, space 0, times 0
[ 3042.314515] CPU: 0 PID: 17960 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3042.315285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3042.316206] Call Trace:
[ 3042.316504]  dump_stack+0x107/0x167
[ 3042.316914]  should_fail.cold+0x5/0xa
[ 3042.317356]  ? selinux_kernfs_init_security+0x132/0x4c0
[ 3042.317960]  should_failslab+0x5/0x20
[ 3042.318392]  __kmalloc+0x72/0x3f0
[ 3042.318797]  selinux_kernfs_init_security+0x132/0x4c0
[ 3042.319366]  ? selinux_file_mprotect+0x600/0x600
[ 3042.319891]  ? find_held_lock+0x2c/0x110
[ 3042.320352]  ? __kernfs_new_node+0x2ad/0x850
[ 3042.320847]  ? lock_downgrade+0x6d0/0x6d0
[ 3042.321312]  ? rwlock_bug.part.0+0x90/0x90
[ 3042.321805]  security_kernfs_init_security+0x4e/0xb0
[ 3042.322376]  __kernfs_new_node+0x531/0x850
[ 3042.322875]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3042.323425]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3042.323982]  ? pcpu_alloc+0x12a/0x12f0
[ 3042.324432]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3042.325030]  kernfs_create_dir_ns+0x9c/0x230
[ 3042.325534]  cgroup_mkdir+0x318/0xfc0
[ 3042.325988]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3042.326516]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3042.326995]  vfs_mkdir+0x41f/0x660
[ 3042.327404]  do_mkdirat+0x145/0x2a0
[ 3042.327822]  ? user_path_create+0xf0/0xf0
[ 3042.328303]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3042.328895]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3042.329483]  do_syscall_64+0x33/0x40
[ 3042.329911]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3042.330493] RIP: 0033:0x7fd3579f1b19
[ 3042.330910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3042.332981] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3042.333838] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3042.334643] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3042.335458] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3042.336265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3042.337067] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:17:40 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 21)

11:17:40 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xe, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3042.485064] FAULT_INJECTION: forcing a failure.
[ 3042.485064] name failslab, interval 1, probability 0, space 0, times 0
[ 3042.486610] CPU: 0 PID: 17975 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3042.487360] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3042.488263] Call Trace:
[ 3042.488561]  dump_stack+0x107/0x167
[ 3042.488960]  should_fail.cold+0x5/0xa
[ 3042.489370]  ? create_object.isra.0+0x3a/0xa20
[ 3042.489884]  should_failslab+0x5/0x20
[ 3042.490299]  kmem_cache_alloc+0x5b/0x360
[ 3042.490742]  ? lock_is_held_type+0x42/0x110
[ 3042.491208]  create_object.isra.0+0x3a/0xa20
[ 3042.491673]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3042.492228]  __kmalloc+0x16e/0x3f0
[ 3042.492615]  selinux_kernfs_init_security+0x132/0x4c0
[ 3042.493168]  ? selinux_file_mprotect+0x600/0x600
[ 3042.493690]  ? find_held_lock+0x2c/0x110
[ 3042.494137]  ? __kernfs_new_node+0x2ad/0x850
[ 3042.494612]  ? lock_downgrade+0x6d0/0x6d0
[ 3042.495066]  security_kernfs_init_security+0x4e/0xb0
[ 3042.495609]  __kernfs_new_node+0x531/0x850
[ 3042.496065]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3042.496582]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3042.497101]  ? pcpu_alloc+0x12a/0x12f0
[ 3042.497523]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3042.498106]  kernfs_create_dir_ns+0x9c/0x230
[ 3042.498592]  cgroup_mkdir+0x318/0xfc0
[ 3042.499008]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3042.499527]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3042.499978]  vfs_mkdir+0x41f/0x660
[ 3042.500360]  do_mkdirat+0x145/0x2a0
[ 3042.500753]  ? user_path_create+0xf0/0xf0
[ 3042.501209]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3042.501769]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3042.502337]  do_syscall_64+0x33/0x40
[ 3042.502740]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3042.503293] RIP: 0033:0x7fd3579f1b19
[ 3042.503704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3042.505696] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3042.506519] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3042.507293] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3042.508054] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3042.508822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3042.509597] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:17:54 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 11)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:54 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:54 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 22)

11:17:54 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x33, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:54 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:54 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x31, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:54 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x31, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:54 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 19)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3056.960594] FAULT_INJECTION: forcing a failure.
[ 3056.960594] name failslab, interval 1, probability 0, space 0, times 0
[ 3056.963115] CPU: 1 PID: 17996 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3056.964509] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3056.966163] Call Trace:
[ 3056.966700]  dump_stack+0x107/0x167
[ 3056.967436]  should_fail.cold+0x5/0xa
[ 3056.968220]  should_failslab+0x5/0x20
[ 3056.968970]  __kmalloc_node_track_caller+0x74/0x3f0
[ 3056.969998]  ? skb_copy+0x137/0x2f0
[ 3056.970720]  __alloc_skb+0xb1/0x5b0
[ 3056.971455]  skb_copy+0x137/0x2f0
[ 3056.972151]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 3056.973366]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 3056.974404]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 3056.975571]  ? find_held_lock+0x2c/0x110
[ 3056.976388]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 3056.977443]  mac80211_hwsim_tx+0x574/0x1270
[ 3056.978339]  ? trace_hardirqs_on+0x5b/0x180
[ 3056.979220]  ieee80211_tx_frags+0x59c/0x9f0
[ 3056.980107]  ? fq_skb_free_func+0x20/0x20
[ 3056.980962]  __ieee80211_tx+0x1ad/0x620
[ 3056.981806]  ieee80211_tx+0x329/0x410
[ 3056.982587]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 3056.983621]  ? __ieee80211_tx+0x620/0x620
[ 3056.984458]  ? ieee80211_skb_resize+0x116/0x630
[ 3056.985411]  ieee80211_xmit+0x220/0x2a0
[ 3056.986234]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 3056.987283]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 3056.988298]  ieee80211_subif_start_xmit+0xef/0xf30
[ 3056.989289]  ? skb_network_protocol+0x145/0x570
[ 3056.990232]  ? skb_crc32c_csum_help+0x80/0x80
[ 3056.991148]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 3056.992204]  ? lock_acquire+0x197/0x490
[ 3056.993015]  ? sch_direct_xmit+0x31a/0x790
[ 3056.993879]  ? lock_release+0x6b0/0x6b0
[ 3056.994703]  dev_hard_start_xmit+0x1cb/0x840
[ 3056.995586]  sch_direct_xmit+0x25f/0x790
[ 3056.996417]  ? find_held_lock+0x2c/0x110
[ 3056.997215]  ? dev_watchdog+0xc60/0xc60
[ 3056.998043]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 3056.998946]  __qdisc_run+0x4aa/0x1610
[ 3056.999750]  __dev_queue_xmit+0xd99/0x2730
[ 3057.000582]  ? ip6_finish_output2+0x171f/0x1f30
[ 3057.001580]  ? find_held_lock+0x2c/0x110
[ 3057.002397]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 3057.003317]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.004152]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 3057.005208]  ip6_finish_output2+0x171f/0x1f30
[ 3057.006129]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3057.007139]  ip6_output+0x3b1/0x7f0
[ 3057.007865]  ip6_local_out+0xb4/0x1a0
[ 3057.008629]  ip6_send_skb+0xb7/0x350
[ 3057.009377]  udp_v6_send_skb+0x7aa/0x15b0
[ 3057.010249]  udpv6_sendmsg+0x2086/0x29b0
[ 3057.011059]  ? ip_frag_init+0x350/0x350
[ 3057.011855]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3057.012906]  ? find_held_lock+0x2c/0x110
[ 3057.013722]  ? __might_fault+0xd3/0x180
[ 3057.014561]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3057.015560]  ? __import_iovec+0x458/0x590
[ 3057.016387]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3057.017419]  inet6_sendmsg+0x105/0x140
[ 3057.018206]  ? inet6_compat_ioctl+0x320/0x320
[ 3057.019096]  sock_sendmsg+0xf2/0x190
[ 3057.019830]  ____sys_sendmsg+0x334/0x870
[ 3057.020644]  ? kernel_sendmsg+0x50/0x50
[ 3057.021420]  ? do_recvmmsg+0x6d0/0x6d0
[ 3057.022208]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3057.023293]  ? mark_lock+0xf5/0x2df0
[ 3057.024037]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3057.025098]  ? __lock_acquire+0x1657/0x5b00
[ 3057.025975]  ___sys_sendmsg+0xf3/0x170
[ 3057.026758]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3057.027665]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.028500]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.029330]  ? __fget_files+0x296/0x480
[ 3057.030149]  ? __fget_light+0xea/0x290
[ 3057.030936]  __sys_sendmmsg+0x195/0x470
[ 3057.031734]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3057.032594]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.033450]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3057.034423]  ? wait_for_completion_io+0x270/0x270
[ 3057.035403]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3057.036364]  ? vfs_write+0x354/0xa30
[ 3057.037110]  ? fput_many+0x2f/0x1a0
[ 3057.037853]  ? ksys_write+0x1a9/0x260
[ 3057.038625]  __x64_sys_sendmmsg+0x99/0x100
[ 3057.039498]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3057.040823]  do_syscall_64+0x33/0x40
[ 3057.041806]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3057.043075] RIP: 0033:0x7fc6b3968b19
[ 3057.044008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3057.048439] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3057.050031] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3057.051602] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3057.053064] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3057.054526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3057.055971] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3057.077550] FAULT_INJECTION: forcing a failure.
[ 3057.077550] name failslab, interval 1, probability 0, space 0, times 0
[ 3057.080757] CPU: 1 PID: 17992 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3057.082156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3057.083788] Call Trace:
[ 3057.084322]  dump_stack+0x107/0x167
[ 3057.085059]  should_fail.cold+0x5/0xa
[ 3057.085854]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3057.087009]  should_failslab+0x5/0x20
[ 3057.087773]  kmem_cache_alloc+0x5b/0x360
[ 3057.088601]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3057.089741]  idr_get_free+0x4b5/0x8f0
[ 3057.090530]  idr_alloc_u32+0x170/0x2d0
[ 3057.091320]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3057.092272]  ? lock_acquire+0x197/0x490
[ 3057.093074]  ? __kernfs_new_node+0xff/0x850
[ 3057.093971]  idr_alloc_cyclic+0x102/0x230
[ 3057.094806]  ? idr_alloc+0x130/0x130
[ 3057.095557]  ? rwlock_bug.part.0+0x90/0x90
[ 3057.096427]  __kernfs_new_node+0x117/0x850
[ 3057.097279]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3057.098277]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3057.099229]  ? pcpu_alloc+0x12a/0x12f0
[ 3057.100019]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3057.101064]  kernfs_create_dir_ns+0x9c/0x230
[ 3057.101973]  cgroup_mkdir+0x318/0xfc0
[ 3057.102749]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3057.103703]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3057.104529]  vfs_mkdir+0x41f/0x660
[ 3057.105251]  do_mkdirat+0x145/0x2a0
[ 3057.106008]  ? user_path_create+0xf0/0xf0
[ 3057.106844]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3057.107871]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3057.108913]  do_syscall_64+0x33/0x40
[ 3057.109650]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3057.110706] RIP: 0033:0x7fd3579f1b19
[ 3057.111441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3057.115248] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3057.116763] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3057.118224] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3057.119668] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3057.121115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3057.122579] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
[ 3057.128261] FAULT_INJECTION: forcing a failure.
[ 3057.128261] name failslab, interval 1, probability 0, space 0, times 0
[ 3057.130735] CPU: 1 PID: 18002 Comm: syz-executor.7 Not tainted 5.10.168 #1
[ 3057.132089] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3057.133729] Call Trace:
[ 3057.134264]  dump_stack+0x107/0x167
[ 3057.134991]  should_fail.cold+0x5/0xa
[ 3057.135754]  ? create_object.isra.0+0x3a/0xa20
[ 3057.136656]  should_failslab+0x5/0x20
[ 3057.137418]  kmem_cache_alloc+0x5b/0x360
[ 3057.138241]  create_object.isra.0+0x3a/0xa20
[ 3057.139113]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3057.140116]  kmem_cache_alloc+0x159/0x360
[ 3057.140937]  skb_clone+0x14f/0x3d0
[ 3057.141652]  ip6_finish_output2+0x1190/0x1f30
[ 3057.142775]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3057.144047]  ip6_output+0x3b1/0x7f0
[ 3057.144994]  ip6_local_out+0xb4/0x1a0
[ 3057.145983]  ip6_send_skb+0xb7/0x350
[ 3057.146926]  udp_v6_send_skb+0x7aa/0x15b0
[ 3057.147993]  udpv6_sendmsg+0x2086/0x29b0
[ 3057.148991]  ? ip_frag_init+0x350/0x350
[ 3057.149849]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3057.151011]  ? find_held_lock+0x2c/0x110
[ 3057.151874]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3057.152940]  ? __import_iovec+0x458/0x590
[ 3057.153804]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3057.154840]  inet6_sendmsg+0x105/0x140
[ 3057.155625]  ? inet6_compat_ioctl+0x320/0x320
[ 3057.156516]  sock_sendmsg+0xf2/0x190
[ 3057.157273]  ____sys_sendmsg+0x334/0x870
[ 3057.158120]  ? kernel_sendmsg+0x50/0x50
[ 3057.158925]  ? do_recvmmsg+0x6d0/0x6d0
[ 3057.159700]  ? __lock_acquire+0x1657/0x5b00
[ 3057.160585]  ___sys_sendmsg+0xf3/0x170
[ 3057.161374]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3057.162318]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.163162]  ? find_held_lock+0x2c/0x110
[ 3057.163992]  ? __might_fault+0xd3/0x180
[ 3057.164793]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.165641]  __sys_sendmmsg+0x195/0x470
[ 3057.166457]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3057.167312]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.168157]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3057.169120]  ? wait_for_completion_io+0x270/0x270
[ 3057.170102]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3057.171015]  ? vfs_write+0x354/0xa30
[ 3057.171772]  ? fput_many+0x2f/0x1a0
[ 3057.172488]  ? ksys_write+0x1a9/0x260
[ 3057.173273]  __x64_sys_sendmmsg+0x99/0x100
[ 3057.174124]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3057.175174]  do_syscall_64+0x33/0x40
[ 3057.175910]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3057.176944] RIP: 0033:0x7fc11dcebb19
[ 3057.177681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3057.181432] RSP: 002b:00007fc11b261188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3057.182960] RAX: ffffffffffffffda RBX: 00007fc11ddfef60 RCX: 00007fc11dcebb19
[ 3057.184409] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3057.185850] RBP: 00007fc11b2611d0 R08: 0000000000000000 R09: 0000000000000000
[ 3057.187298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3057.188736] R13: 00007ffce838591f R14: 00007fc11b261300 R15: 0000000000022000
11:17:55 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x30, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:55 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 12)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:55 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 23)

11:17:55 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x32, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:55 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x32, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:17:55 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x60, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3057.684734] FAULT_INJECTION: forcing a failure.
[ 3057.684734] name failslab, interval 1, probability 0, space 0, times 0
[ 3057.687350] CPU: 0 PID: 18039 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3057.688755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3057.690456] Call Trace:
[ 3057.691011]  dump_stack+0x107/0x167
[ 3057.691755]  should_fail.cold+0x5/0xa
[ 3057.692534]  ? create_object.isra.0+0x3a/0xa20
[ 3057.693465]  should_failslab+0x5/0x20
[ 3057.694258]  kmem_cache_alloc+0x5b/0x360
[ 3057.695108]  create_object.isra.0+0x3a/0xa20
[ 3057.695995]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3057.697037]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 3057.698071]  ? skb_copy+0x137/0x2f0
[ 3057.698821]  __alloc_skb+0xb1/0x5b0
[ 3057.699574]  skb_copy+0x137/0x2f0
[ 3057.700294]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0
[ 3057.701514]  ? __sanitizer_cov_trace_switch+0x45/0x80
[ 3057.702601]  ? rht_key_get_hash.constprop.0.isra.0+0x30/0x30
[ 3057.703792]  ? find_held_lock+0x2c/0x110
[ 3057.704635]  ? mac80211_hwsim_monitor_rx+0x1b8/0x810
[ 3057.705670]  mac80211_hwsim_tx+0x574/0x1270
[ 3057.706580]  ? trace_hardirqs_on+0x5b/0x180
[ 3057.707465]  ieee80211_tx_frags+0x59c/0x9f0
[ 3057.708356]  ? fq_skb_free_func+0x20/0x20
[ 3057.709227]  __ieee80211_tx+0x1ad/0x620
[ 3057.710052]  ieee80211_tx+0x329/0x410
[ 3057.710839]  ? ieee80211_tx_prepare_skb+0x440/0x440
[ 3057.711884]  ? __ieee80211_tx+0x620/0x620
[ 3057.712734]  ? ieee80211_skb_resize+0x116/0x630
[ 3057.713696]  ieee80211_xmit+0x220/0x2a0
[ 3057.714550]  __ieee80211_subif_start_xmit+0x752/0xc40
[ 3057.715619]  ? ieee80211_clear_fast_xmit+0x110/0x110
[ 3057.716678]  ieee80211_subif_start_xmit+0xef/0xf30
[ 3057.717677]  ? skb_network_protocol+0x145/0x570
[ 3057.718641]  ? skb_crc32c_csum_help+0x80/0x80
[ 3057.719555]  ? __ieee80211_subif_start_xmit+0xc40/0xc40
[ 3057.720642]  ? lock_acquire+0x197/0x490
[ 3057.721453]  ? sch_direct_xmit+0x31a/0x790
[ 3057.722332]  ? lock_release+0x6b0/0x6b0
[ 3057.723159]  dev_hard_start_xmit+0x1cb/0x840
[ 3057.724079]  sch_direct_xmit+0x25f/0x790
[ 3057.724916]  ? find_held_lock+0x2c/0x110
[ 3057.725773]  ? dev_watchdog+0xc60/0xc60
[ 3057.726589]  ? pfifo_fast_dequeue+0x599/0xbb0
[ 3057.727526]  __qdisc_run+0x4aa/0x1610
[ 3057.728329]  __dev_queue_xmit+0xd99/0x2730
[ 3057.729200]  ? ip6_finish_output2+0x171f/0x1f30
[ 3057.730160]  ? find_held_lock+0x2c/0x110
[ 3057.730994]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 3057.731928]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.732792]  ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 3057.733879]  ip6_finish_output2+0x171f/0x1f30
[ 3057.734814]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3057.735837]  ip6_output+0x3b1/0x7f0
[ 3057.736595]  ip6_local_out+0xb4/0x1a0
[ 3057.737378]  ip6_send_skb+0xb7/0x350
[ 3057.738161]  udp_v6_send_skb+0x7aa/0x15b0
[ 3057.739028]  udpv6_sendmsg+0x2086/0x29b0
[ 3057.739858]  ? ip_frag_init+0x350/0x350
[ 3057.740684]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3057.741765]  ? find_held_lock+0x2c/0x110
[ 3057.742600]  ? __might_fault+0xd3/0x180
[ 3057.743437]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3057.744440]  ? __import_iovec+0x458/0x590
[ 3057.745278]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3057.746332]  inet6_sendmsg+0x105/0x140
[ 3057.747114]  ? inet6_compat_ioctl+0x320/0x320
[ 3057.748019]  sock_sendmsg+0xf2/0x190
[ 3057.748768]  ____sys_sendmsg+0x334/0x870
[ 3057.749602]  ? kernel_sendmsg+0x50/0x50
[ 3057.750405]  ? do_recvmmsg+0x6d0/0x6d0
[ 3057.751200]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3057.752258]  ? mark_lock+0xf5/0x2df0
[ 3057.753025]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3057.754091]  ? __lock_acquire+0x1657/0x5b00
[ 3057.754977]  ___sys_sendmsg+0xf3/0x170
[ 3057.755761]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3057.756701]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.757547]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.758406]  ? __fget_files+0x296/0x480
[ 3057.759220]  ? __fget_light+0xea/0x290
[ 3057.760030]  __sys_sendmmsg+0x195/0x470
[ 3057.760843]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3057.761718]  ? lock_downgrade+0x6d0/0x6d0
[ 3057.762598]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3057.763581]  ? wait_for_completion_io+0x270/0x270
[ 3057.764561]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3057.765509]  ? vfs_write+0x354/0xa30
[ 3057.766276]  ? fput_many+0x2f/0x1a0
[ 3057.767013]  ? ksys_write+0x1a9/0x260
[ 3057.767804]  __x64_sys_sendmmsg+0x99/0x100
[ 3057.768658]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3057.769712]  do_syscall_64+0x33/0x40
[ 3057.770487]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3057.771526] RIP: 0033:0x7fc6b3968b19
[ 3057.772292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3057.775976] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3057.777561] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3057.779006] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3057.780544] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3057.781983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3057.783405] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3058.141722] FAULT_INJECTION: forcing a failure.
[ 3058.141722] name failslab, interval 1, probability 0, space 0, times 0
[ 3058.144415] CPU: 0 PID: 18064 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3058.145832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3058.147510] Call Trace:
[ 3058.148068]  dump_stack+0x107/0x167
[ 3058.148817]  should_fail.cold+0x5/0xa
[ 3058.149592]  ? ___slab_alloc+0x155/0x700
[ 3058.150440]  ? create_object.isra.0+0x3a/0xa20
[ 3058.151374]  should_failslab+0x5/0x20
[ 3058.152148]  kmem_cache_alloc+0x5b/0x360
[ 3058.152972]  create_object.isra.0+0x3a/0xa20
[ 3058.153871]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3058.154905]  kmem_cache_alloc+0x159/0x360
[ 3058.155761]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3058.156899]  idr_get_free+0x4b5/0x8f0
[ 3058.157690]  idr_alloc_u32+0x170/0x2d0
[ 3058.158504]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3058.159494]  ? lock_acquire+0x197/0x490
[ 3058.160301]  ? __kernfs_new_node+0xff/0x850
[ 3058.161179]  idr_alloc_cyclic+0x102/0x230
[ 3058.162031]  ? idr_alloc+0x130/0x130
[ 3058.162787]  ? rwlock_bug.part.0+0x90/0x90
[ 3058.163664]  __kernfs_new_node+0x117/0x850
[ 3058.164527]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3058.165496]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3058.166484]  ? pcpu_alloc+0x12a/0x12f0
[ 3058.167284]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3058.168350]  kernfs_create_dir_ns+0x9c/0x230
[ 3058.169256]  cgroup_mkdir+0x318/0xfc0
[ 3058.170062]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3058.171026]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3058.171874]  vfs_mkdir+0x41f/0x660
[ 3058.172602]  do_mkdirat+0x145/0x2a0
[ 3058.173348]  ? user_path_create+0xf0/0xf0
[ 3058.174211]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3058.175269]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3058.176326]  do_syscall_64+0x33/0x40
[ 3058.177087]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3058.178132] RIP: 0033:0x7fd3579f1b19
[ 3058.178898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3058.182643] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3058.184190] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3058.185632] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3058.187083] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3058.188530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3058.189998] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:18:11 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 24)

11:18:11 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:11 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xf0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:11 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x31, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:11 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:11 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x33, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:11 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 13)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:11 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x33, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3073.327474] FAULT_INJECTION: forcing a failure.
[ 3073.327474] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3073.329546] CPU: 1 PID: 18077 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3073.330657] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3073.332028] Call Trace:
[ 3073.332396]  dump_stack+0x107/0x167
[ 3073.332893]  should_fail.cold+0x5/0xa
[ 3073.333364]  _copy_from_user+0x2e/0x1b0
[ 3073.333846]  __copy_msghdr_from_user+0x91/0x4b0
[ 3073.334418]  ? __ia32_sys_shutdown+0x80/0x80
[ 3073.334949]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3073.335664]  ? inet6_sendmsg+0xbd/0x140
[ 3073.336189]  ? inet6_compat_ioctl+0x320/0x320
[ 3073.336720]  ? sock_sendmsg+0x55/0x190
[ 3073.337205]  sendmsg_copy_msghdr+0xa1/0x160
[ 3073.337773]  ? do_recvmmsg+0x6d0/0x6d0
[ 3073.338277]  ? __lock_acquire+0x1657/0x5b00
[ 3073.338836]  ___sys_sendmsg+0xc6/0x170
[ 3073.339331]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3073.339916]  ? lock_downgrade+0x6d0/0x6d0
[ 3073.340467]  ? find_held_lock+0x2c/0x110
[ 3073.341068]  ? __might_fault+0xd3/0x180
[ 3073.341573]  ? lock_downgrade+0x6d0/0x6d0
[ 3073.342122]  __sys_sendmmsg+0x195/0x470
[ 3073.342630]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3073.343177]  ? lock_downgrade+0x6d0/0x6d0
[ 3073.343716]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3073.344461]  ? wait_for_completion_io+0x270/0x270
[ 3073.345120]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3073.345753]  ? vfs_write+0x354/0xa30
[ 3073.346294]  ? fput_many+0x2f/0x1a0
[ 3073.346817]  ? ksys_write+0x1a9/0x260
[ 3073.347306]  __x64_sys_sendmmsg+0x99/0x100
[ 3073.347912]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3073.348568]  do_syscall_64+0x33/0x40
[ 3073.349042]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3073.349692] RIP: 0033:0x7fc6b3968b19
[ 3073.350186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3073.352495] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3073.353454] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3073.354364] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3073.355270] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3073.356172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3073.357068] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3073.397807] FAULT_INJECTION: forcing a failure.
[ 3073.397807] name failslab, interval 1, probability 0, space 0, times 0
[ 3073.399436] CPU: 1 PID: 18085 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3073.400291] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3073.401295] Call Trace:
[ 3073.401630]  dump_stack+0x107/0x167
[ 3073.402093]  should_fail.cold+0x5/0xa
[ 3073.402571]  ? selinux_kernfs_init_security+0x132/0x4c0
[ 3073.403233]  should_failslab+0x5/0x20
[ 3073.403704]  __kmalloc+0x72/0x3f0
[ 3073.404141]  selinux_kernfs_init_security+0x132/0x4c0
[ 3073.404783]  ? selinux_file_mprotect+0x600/0x600
[ 3073.405372]  ? find_held_lock+0x2c/0x110
[ 3073.405882]  ? __kernfs_new_node+0x2ad/0x850
[ 3073.406448]  ? lock_downgrade+0x6d0/0x6d0
[ 3073.406970]  ? rwlock_bug.part.0+0x90/0x90
[ 3073.407502]  security_kernfs_init_security+0x4e/0xb0
[ 3073.408134]  __kernfs_new_node+0x531/0x850
[ 3073.408663]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3073.409259]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3073.409853]  ? pcpu_alloc+0x12a/0x12f0
[ 3073.410348]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3073.410993]  kernfs_create_dir_ns+0x9c/0x230
[ 3073.411549]  cgroup_mkdir+0x318/0xfc0
[ 3073.412026]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3073.412614]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3073.413133]  vfs_mkdir+0x41f/0x660
[ 3073.413572]  do_mkdirat+0x145/0x2a0
[ 3073.414035]  ? user_path_create+0xf0/0xf0
[ 3073.414550]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3073.415191]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3073.415825]  do_syscall_64+0x33/0x40
[ 3073.416292]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3073.416920] RIP: 0033:0x7fd3579f1b19
[ 3073.417379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3073.419634] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3073.420566] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3073.421413] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3073.422292] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3073.423155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3073.424040] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:18:27 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x60, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x32, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 14)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x60, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 25)

11:18:27 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x1f4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3089.402627] FAULT_INJECTION: forcing a failure.
[ 3089.402627] name failslab, interval 1, probability 0, space 0, times 0
[ 3089.405259] CPU: 0 PID: 18128 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3089.406667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3089.408352] Call Trace:
[ 3089.408898]  dump_stack+0x107/0x167
[ 3089.409642]  should_fail.cold+0x5/0xa
[ 3089.410421]  ? __alloc_skb+0x6d/0x5b0
[ 3089.411204]  should_failslab+0x5/0x20
[ 3089.411985]  kmem_cache_alloc_node+0x55/0x370
[ 3089.412891]  __alloc_skb+0x6d/0x5b0
[ 3089.413634]  ? do_raw_spin_unlock+0x4f/0x220
[ 3089.414545]  alloc_skb_with_frags+0x92/0x570
[ 3089.415431]  ? find_held_lock+0x2c/0x110
[ 3089.416259]  sock_alloc_send_pskb+0x7af/0x930
[ 3089.417165]  ? sk_alloc+0x350/0x350
[ 3089.417917]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3089.419253]  ? mark_lock+0xf5/0x2df0
[ 3089.420061]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3089.421070]  ? ip6_mtu+0x1bb/0x370
[ 3089.421780]  ? lock_downgrade+0x6d0/0x6d0
[ 3089.422643]  ? ip_frag_init+0x350/0x350
[ 3089.423453]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3089.424397]  ? ip6_mtu+0x1e9/0x370
[ 3089.425104]  ? ip6_setup_cork+0xfb7/0x1740
[ 3089.425969]  ip6_make_skb+0x2de/0x4e0
[ 3089.426737]  ? ip_frag_init+0x350/0x350
[ 3089.427554]  ? ip_frag_init+0x350/0x350
[ 3089.428373]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3089.429351]  ? ip6_dst_check+0x379/0x820
[ 3089.430188]  ? sk_dst_check+0x235/0x460
[ 3089.430998]  udpv6_sendmsg+0x2043/0x29b0
[ 3089.431838]  ? ip_frag_init+0x350/0x350
[ 3089.432641]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3089.433708]  ? perf_event_task_disable+0x390/0x390
[ 3089.434711]  ? lock_downgrade+0x6d0/0x6d0
[ 3089.435577]  ? find_held_lock+0x2c/0x110
[ 3089.436413]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3089.437429]  ? __import_iovec+0x458/0x590
[ 3089.438284]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3089.439322]  inet6_sendmsg+0x105/0x140
[ 3089.440117]  ? inet6_compat_ioctl+0x320/0x320
[ 3089.441019]  sock_sendmsg+0xf2/0x190
[ 3089.441779]  ____sys_sendmsg+0x334/0x870
[ 3089.442624]  ? kernel_sendmsg+0x50/0x50
[ 3089.443432]  ? do_recvmmsg+0x6d0/0x6d0
[ 3089.444217]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3089.445290]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3089.446389]  ? trace_hardirqs_on+0x5b/0x180
[ 3089.447275]  ___sys_sendmsg+0xf3/0x170
[ 3089.448058]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3089.448992]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3089.449887]  ? _raw_spin_unlock_irq+0x27/0x30
[ 3089.450828]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 3089.451724]  ? finish_task_switch+0x126/0x5d0
[ 3089.452636]  ? finish_task_switch+0xef/0x5d0
[ 3089.453509]  ? __switch_to+0x572/0xff0
[ 3089.454315]  ? __switch_to_asm+0x3a/0x60
[ 3089.455122]  ? __switch_to_asm+0x34/0x60
[ 3089.455949]  ? __schedule+0x850/0x1ed0
[ 3089.456747]  ? io_schedule_timeout+0x140/0x140
[ 3089.457696]  __sys_sendmmsg+0x195/0x470
[ 3089.458522]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3089.459400]  ? lock_downgrade+0x6d0/0x6d0
[ 3089.460260]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3089.461246]  ? wait_for_completion_io+0x270/0x270
[ 3089.462241]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3089.463185]  ? vfs_write+0x354/0xa30
[ 3089.463935]  ? fput_many+0x2f/0x1a0
[ 3089.464681]  ? ksys_write+0x1a9/0x260
[ 3089.465449]  __x64_sys_sendmmsg+0x99/0x100
[ 3089.466324]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3089.467352]  do_syscall_64+0x33/0x40
[ 3089.468115]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3089.469142] RIP: 0033:0x7fc6b3968b19
[ 3089.469907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3089.471714] FAULT_INJECTION: forcing a failure.
[ 3089.471714] name failslab, interval 1, probability 0, space 0, times 0
[ 3089.473576] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3089.473598] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3089.473609] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3089.473620] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3089.473630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3089.473641] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3089.486565] CPU: 1 PID: 18137 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3089.487953] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3089.489630] Call Trace:
[ 3089.490175]  dump_stack+0x107/0x167
[ 3089.490924]  should_fail.cold+0x5/0xa
[ 3089.491698]  ? create_object.isra.0+0x3a/0xa20
[ 3089.492619]  should_failslab+0x5/0x20
[ 3089.493382]  kmem_cache_alloc+0x5b/0x360
[ 3089.494193]  ? mark_held_locks+0x9e/0xe0
[ 3089.495025]  create_object.isra.0+0x3a/0xa20
[ 3089.495904]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3089.496936]  kmem_cache_alloc+0x159/0x360
[ 3089.497800]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3089.498951]  idr_get_free+0x4b5/0x8f0
[ 3089.499739]  idr_alloc_u32+0x170/0x2d0
[ 3089.500522]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3089.501502]  ? lock_acquire+0x197/0x490
[ 3089.502325]  ? __kernfs_new_node+0xff/0x850
[ 3089.503212]  idr_alloc_cyclic+0x102/0x230
[ 3089.504052]  ? idr_alloc+0x130/0x130
[ 3089.504801]  ? rwlock_bug.part.0+0x90/0x90
[ 3089.505687]  __kernfs_new_node+0x117/0x850
[ 3089.506567]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3089.507534]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3089.508501]  ? pcpu_alloc+0x12a/0x12f0
[ 3089.509313]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3089.510375]  kernfs_create_dir_ns+0x9c/0x230
[ 3089.511276]  cgroup_mkdir+0x318/0xfc0
[ 3089.512047]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3089.513006]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3089.513846]  vfs_mkdir+0x41f/0x660
[ 3089.514583]  do_mkdirat+0x145/0x2a0
[ 3089.515333]  ? user_path_create+0xf0/0xf0
[ 3089.516171]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3089.517233]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3089.518291]  do_syscall_64+0x33/0x40
[ 3089.519062]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3089.520099] RIP: 0033:0x7fd3579f1b19
[ 3089.520864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3089.524557] RSP: 002b:00007fd354f46188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3089.526111] RAX: ffffffffffffffda RBX: 00007fd357b05020 RCX: 00007fd3579f1b19
[ 3089.527547] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3089.528995] RBP: 00007fd354f461d0 R08: 0000000000000000 R09: 0000000000000000
[ 3089.530441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3089.531889] R13: 00007ffc675ec60f R14: 00007fd354f46300 R15: 0000000000022000
11:18:27 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 15)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xf0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:27 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 26)

11:18:28 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x300, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:28 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xf0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:28 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x6, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:28 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x33, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3090.019790] FAULT_INJECTION: forcing a failure.
[ 3090.019790] name failslab, interval 1, probability 0, space 0, times 0
[ 3090.022378] CPU: 1 PID: 18170 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3090.023795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3090.025483] Call Trace:
[ 3090.026018]  dump_stack+0x107/0x167
[ 3090.026767]  should_fail.cold+0x5/0xa
[ 3090.027531]  ? create_object.isra.0+0x3a/0xa20
[ 3090.028456]  should_failslab+0x5/0x20
[ 3090.029223]  kmem_cache_alloc+0x5b/0x360
[ 3090.030048]  create_object.isra.0+0x3a/0xa20
[ 3090.030935]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3090.031960]  kmem_cache_alloc_node+0x169/0x370
[ 3090.032878]  __alloc_skb+0x6d/0x5b0
[ 3090.033615]  ? do_raw_spin_unlock+0x4f/0x220
[ 3090.034521]  alloc_skb_with_frags+0x92/0x570
[ 3090.035417]  ? find_held_lock+0x2c/0x110
[ 3090.036249]  sock_alloc_send_pskb+0x7af/0x930
[ 3090.037164]  ? sk_alloc+0x350/0x350
[ 3090.037906]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3090.038969]  ? __dev_queue_xmit+0xe4e/0x2730
[ 3090.039842]  ? __local_bh_enable_ip+0x9d/0x100
[ 3090.040785]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3090.041818]  ? ip6_mtu+0x1bb/0x370
[ 3090.042564]  ? lock_downgrade+0x6d0/0x6d0
[ 3090.043403]  ? ip_frag_init+0x350/0x350
[ 3090.044229]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3090.045164]  ? ip6_mtu+0x1e9/0x370
[ 3090.045885]  ? ip6_setup_cork+0xfb7/0x1740
[ 3090.046749]  ip6_make_skb+0x2de/0x4e0
[ 3090.047522]  ? ip_frag_init+0x350/0x350
[ 3090.048337]  ? ip_frag_init+0x350/0x350
[ 3090.049144]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3090.050102]  ? ip6_dst_check+0x379/0x820
[ 3090.050942]  ? sk_dst_check+0x235/0x460
[ 3090.051758]  udpv6_sendmsg+0x2043/0x29b0
[ 3090.052589]  ? ip_frag_init+0x350/0x350
[ 3090.053401]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3090.054491]  ? find_held_lock+0x2c/0x110
[ 3090.055333]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3090.056325]  ? __import_iovec+0x458/0x590
[ 3090.057157]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3090.058207]  inet6_sendmsg+0x105/0x140
[ 3090.058985]  ? inet6_compat_ioctl+0x320/0x320
[ 3090.059881]  sock_sendmsg+0xf2/0x190
[ 3090.060632]  ____sys_sendmsg+0x334/0x870
[ 3090.061454]  ? kernel_sendmsg+0x50/0x50
[ 3090.062264]  ? do_recvmmsg+0x6d0/0x6d0
[ 3090.063059]  ? __lock_acquire+0x1657/0x5b00
[ 3090.063936]  ___sys_sendmsg+0xf3/0x170
[ 3090.064715]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3090.065653]  ? lock_downgrade+0x6d0/0x6d0
[ 3090.066505]  ? find_held_lock+0x2c/0x110
[ 3090.067337]  ? __might_fault+0xd3/0x180
[ 3090.068141]  ? lock_downgrade+0x6d0/0x6d0
[ 3090.068993]  __sys_sendmmsg+0x195/0x470
[ 3090.069809]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3090.070688]  ? lock_downgrade+0x6d0/0x6d0
[ 3090.071544]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3090.072525]  ? wait_for_completion_io+0x270/0x270
[ 3090.073505]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3090.074458]  ? vfs_write+0x354/0xa30
[ 3090.075223]  ? fput_many+0x2f/0x1a0
[ 3090.075953]  ? ksys_write+0x1a9/0x260
[ 3090.076734]  __x64_sys_sendmmsg+0x99/0x100
[ 3090.077586]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3090.078632]  do_syscall_64+0x33/0x40
[ 3090.079389]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3090.080429] RIP: 0033:0x7fc6b3968b19
[ 3090.081186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3090.084877] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3090.086423] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3090.087865] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3090.089303] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3090.090761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3090.092191] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3090.158324] FAULT_INJECTION: forcing a failure.
[ 3090.158324] name failslab, interval 1, probability 0, space 0, times 0
[ 3090.161123] CPU: 1 PID: 18172 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3090.162517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3090.164163] Call Trace:
[ 3090.164690]  dump_stack+0x107/0x167
[ 3090.165413]  should_fail.cold+0x5/0xa
[ 3090.166211]  should_failslab+0x5/0x20
[ 3090.166987]  __kmalloc_track_caller+0x79/0x3c0
[ 3090.167903]  ? security_context_to_sid_core+0xb4/0x820
[ 3090.168952]  kmemdup_nul+0x2d/0xa0
[ 3090.169668]  security_context_to_sid_core+0xb4/0x820
[ 3090.170687]  ? security_compute_sid.part.0+0x1670/0x1670
[ 3090.171754]  ? do_raw_spin_lock+0x121/0x260
[ 3090.172608]  ? rwlock_bug.part.0+0x90/0x90
[ 3090.173444]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3090.174409]  ? do_raw_spin_unlock+0x4f/0x220
[ 3090.175276]  ? _raw_spin_unlock+0x1a/0x30
[ 3090.176098]  security_context_to_sid+0x35/0x50
[ 3090.177004]  selinux_kernfs_init_security+0x198/0x4c0
[ 3090.178019]  ? selinux_file_mprotect+0x600/0x600
[ 3090.178970]  ? find_held_lock+0x2c/0x110
[ 3090.179773]  ? __kernfs_new_node+0x2ad/0x850
[ 3090.180627]  ? lock_downgrade+0x6d0/0x6d0
[ 3090.181439]  ? rwlock_bug.part.0+0x90/0x90
[ 3090.182282]  security_kernfs_init_security+0x4e/0xb0
[ 3090.183265]  __kernfs_new_node+0x531/0x850
[ 3090.184094]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3090.185026]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3090.185976]  ? pcpu_alloc+0x12a/0x12f0
[ 3090.186767]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3090.187794]  kernfs_create_dir_ns+0x9c/0x230
[ 3090.188672]  cgroup_mkdir+0x318/0xfc0
[ 3090.189426]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3090.190359]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3090.191179]  vfs_mkdir+0x41f/0x660
[ 3090.191875]  do_mkdirat+0x145/0x2a0
[ 3090.192589]  ? user_path_create+0xf0/0xf0
[ 3090.193417]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3090.194462]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3090.195485]  do_syscall_64+0x33/0x40
[ 3090.196227]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3090.197233] RIP: 0033:0x7fd3579f1b19
[ 3090.197976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3090.201581] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3090.203062] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3090.204451] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3090.205848] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3090.207235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3090.208604] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:18:28 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x1f4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:28 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3e8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:28 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 27)

11:18:28 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:28 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x1f4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3090.595434] FAULT_INJECTION: forcing a failure.
[ 3090.595434] name failslab, interval 1, probability 0, space 0, times 0
[ 3090.597598] CPU: 1 PID: 18215 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3090.598708] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3090.600020] Call Trace:
[ 3090.600446]  dump_stack+0x107/0x167
[ 3090.601025]  should_fail.cold+0x5/0xa
[ 3090.601628]  ? create_object.isra.0+0x3a/0xa20
[ 3090.602374]  should_failslab+0x5/0x20
[ 3090.602974]  kmem_cache_alloc+0x5b/0x360
[ 3090.603617]  create_object.isra.0+0x3a/0xa20
[ 3090.604306]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3090.605104]  __kmalloc_track_caller+0x177/0x3c0
[ 3090.605826]  ? security_context_to_sid_core+0xb4/0x820
[ 3090.606654]  kmemdup_nul+0x2d/0xa0
[ 3090.607207]  security_context_to_sid_core+0xb4/0x820
[ 3090.607999]  ? security_compute_sid.part.0+0x1670/0x1670
[ 3090.608834]  ? do_raw_spin_lock+0x121/0x260
[ 3090.609503]  ? rwlock_bug.part.0+0x90/0x90
[ 3090.610156]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3090.610917]  ? do_raw_spin_unlock+0x4f/0x220
[ 3090.611602]  ? _raw_spin_unlock+0x1a/0x30
[ 3090.612237]  security_context_to_sid+0x35/0x50
[ 3090.612947]  selinux_kernfs_init_security+0x198/0x4c0
[ 3090.613743]  ? selinux_file_mprotect+0x600/0x600
[ 3090.614480]  ? find_held_lock+0x2c/0x110
[ 3090.615113]  ? __kernfs_new_node+0x2ad/0x850
[ 3090.615782]  ? lock_downgrade+0x6d0/0x6d0
[ 3090.616420]  ? rwlock_bug.part.0+0x90/0x90
[ 3090.617089]  security_kernfs_init_security+0x4e/0xb0
[ 3090.617880]  __kernfs_new_node+0x531/0x850
[ 3090.618531]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3090.619263]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3090.620000]  ? pcpu_alloc+0x12a/0x12f0
[ 3090.620599]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3090.621397]  kernfs_create_dir_ns+0x9c/0x230
[ 3090.622085]  cgroup_mkdir+0x318/0xfc0
[ 3090.622682]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3090.623412]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3090.624055]  vfs_mkdir+0x41f/0x660
[ 3090.624597]  do_mkdirat+0x145/0x2a0
[ 3090.625158]  ? user_path_create+0xf0/0xf0
[ 3090.625795]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3090.626628]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3090.627422]  do_syscall_64+0x33/0x40
[ 3090.627992]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3090.628779] RIP: 0033:0x7fd3579f1b19
[ 3090.629356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3090.632181] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3090.633346] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3090.634459] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3090.635563] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3090.636666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3090.637749] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:18:28 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x60, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x7, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x300, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 28)

11:18:43 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 16)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xf0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x5dc, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x300, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3105.357702] FAULT_INJECTION: forcing a failure.
[ 3105.357702] name failslab, interval 1, probability 0, space 0, times 0
[ 3105.359522] CPU: 1 PID: 18263 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3105.360454] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3105.361560] Call Trace:
[ 3105.361923]  dump_stack+0x107/0x167
[ 3105.362431]  should_fail.cold+0x5/0xa
[ 3105.362946]  should_failslab+0x5/0x20
[ 3105.363457]  __kmalloc_node_track_caller+0x74/0x3f0
[ 3105.364122]  ? alloc_skb_with_frags+0x92/0x570
[ 3105.364737]  __alloc_skb+0xb1/0x5b0
[ 3105.365224]  alloc_skb_with_frags+0x92/0x570
[ 3105.365817]  ? find_held_lock+0x2c/0x110
[ 3105.366378]  sock_alloc_send_pskb+0x7af/0x930
[ 3105.367006]  ? sk_alloc+0x350/0x350
[ 3105.367505]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3105.368190]  ? __dev_queue_xmit+0xe4e/0x2730
[ 3105.368783]  ? __local_bh_enable_ip+0x9d/0x100
[ 3105.369394]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3105.370076]  ? ip6_mtu+0x1bb/0x370
[ 3105.370555]  ? lock_downgrade+0x6d0/0x6d0
[ 3105.371112]  ? ip_frag_init+0x350/0x350
[ 3105.371649]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3105.372279]  ? ip6_mtu+0x1e9/0x370
[ 3105.372755]  ? ip6_setup_cork+0xfb7/0x1740
[ 3105.373342]  ip6_make_skb+0x2de/0x4e0
[ 3105.373838]  ? ip_frag_init+0x350/0x350
[ 3105.374386]  ? ip_frag_init+0x350/0x350
[ 3105.374930]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3105.375568]  ? ip6_dst_check+0x379/0x820
[ 3105.376147]  ? sk_dst_check+0x235/0x460
[ 3105.376714]  udpv6_sendmsg+0x2043/0x29b0
[ 3105.377289]  ? ip_frag_init+0x350/0x350
[ 3105.377867]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3105.378633]  ? find_held_lock+0x2c/0x110
[ 3105.379219]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3105.379993]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3105.380693]  ? __import_iovec+0x458/0x590
[ 3105.381279]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3105.382010]  inet6_sendmsg+0x105/0x140
[ 3105.382576]  ? inet6_compat_ioctl+0x320/0x320
[ 3105.383208]  sock_sendmsg+0xf2/0x190
[ 3105.383741]  ____sys_sendmsg+0x334/0x870
[ 3105.384317]  ? kernel_sendmsg+0x50/0x50
[ 3105.384877]  ? do_recvmmsg+0x6d0/0x6d0
[ 3105.385427]  ? __lock_acquire+0x1657/0x5b00
[ 3105.386046]  ___sys_sendmsg+0xf3/0x170
[ 3105.386608]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3105.387261]  ? lock_downgrade+0x6d0/0x6d0
[ 3105.387864]  ? find_held_lock+0x2c/0x110
[ 3105.388444]  ? __might_fault+0xd3/0x180
[ 3105.389010]  ? lock_downgrade+0x6d0/0x6d0
[ 3105.389610]  __sys_sendmmsg+0x195/0x470
[ 3105.390177]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3105.390790]  ? lock_downgrade+0x6d0/0x6d0
[ 3105.391383]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3105.392063]  ? wait_for_completion_io+0x270/0x270
[ 3105.392744]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3105.393396]  ? vfs_write+0x354/0xa30
[ 3105.393924]  ? fput_many+0x2f/0x1a0
[ 3105.394454]  ? ksys_write+0x1a9/0x260
[ 3105.394995]  __x64_sys_sendmmsg+0x99/0x100
[ 3105.395595]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3105.396327]  do_syscall_64+0x33/0x40
[ 3105.396856]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3105.397575] RIP: 0033:0x7fc6b3968b19
[ 3105.398103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3105.400750] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3105.401807] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3105.402808] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3105.403792] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3105.404780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3105.405775] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3105.421448] FAULT_INJECTION: forcing a failure.
[ 3105.421448] name failslab, interval 1, probability 0, space 0, times 0
[ 3105.423478] CPU: 1 PID: 18253 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3105.424403] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3105.425497] Call Trace:
[ 3105.425851]  dump_stack+0x107/0x167
[ 3105.426334]  should_fail.cold+0x5/0xa
[ 3105.426887]  should_failslab+0x5/0x20
[ 3105.427420]  __kmalloc_track_caller+0x79/0x3c0
[ 3105.428063]  ? sidtab_sid2str_get+0x17e/0x670
[ 3105.428697]  kmemdup+0x23/0x50
[ 3105.429148]  sidtab_sid2str_get+0x17e/0x670
[ 3105.429757]  sidtab_entry_to_string+0x33/0x110
[ 3105.430414]  security_sid_to_context_core+0x33d/0x570
[ 3105.431146]  selinux_kernfs_init_security+0x234/0x4c0
[ 3105.431875]  ? selinux_file_mprotect+0x600/0x600
[ 3105.432547]  ? find_held_lock+0x2c/0x110
[ 3105.433115]  ? __kernfs_new_node+0x2ad/0x850
[ 3105.433724]  ? rwlock_bug.part.0+0x90/0x90
[ 3105.434314]  security_kernfs_init_security+0x4e/0xb0
[ 3105.435025]  __kernfs_new_node+0x531/0x850
[ 3105.435616]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3105.436273]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3105.436936]  ? pcpu_alloc+0x12a/0x12f0
[ 3105.437479]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3105.438198]  kernfs_create_dir_ns+0x9c/0x230
[ 3105.438834]  cgroup_mkdir+0x318/0xfc0
[ 3105.439359]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3105.440015]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3105.440594]  vfs_mkdir+0x41f/0x660
[ 3105.441088]  do_mkdirat+0x145/0x2a0
[ 3105.441587]  ? user_path_create+0xf0/0xf0
[ 3105.442155]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3105.442879]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3105.443591]  do_syscall_64+0x33/0x40
[ 3105.444106]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3105.444810] RIP: 0033:0x7fd3579f1b19
[ 3105.445327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3105.447894] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3105.448952] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3105.449950] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3105.450953] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3105.451947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3105.452935] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:18:43 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 29)

11:18:43 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x6, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3105.707158] FAULT_INJECTION: forcing a failure.
[ 3105.707158] name failslab, interval 1, probability 0, space 0, times 0
[ 3105.708815] CPU: 1 PID: 18295 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3105.709601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3105.710560] Call Trace:
[ 3105.710865]  dump_stack+0x107/0x167
[ 3105.711287]  should_fail.cold+0x5/0xa
[ 3105.711718]  ? create_object.isra.0+0x3a/0xa20
[ 3105.712243]  should_failslab+0x5/0x20
[ 3105.712682]  kmem_cache_alloc+0x5b/0x360
[ 3105.713157]  create_object.isra.0+0x3a/0xa20
[ 3105.713667]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3105.714262]  __kmalloc_track_caller+0x177/0x3c0
[ 3105.714803]  ? sidtab_sid2str_get+0x17e/0x670
[ 3105.715342]  kmemdup+0x23/0x50
[ 3105.715709]  sidtab_sid2str_get+0x17e/0x670
[ 3105.716227]  sidtab_entry_to_string+0x33/0x110
[ 3105.716758]  security_sid_to_context_core+0x33d/0x570
[ 3105.717367]  selinux_kernfs_init_security+0x234/0x4c0
[ 3105.717957]  ? selinux_file_mprotect+0x600/0x600
[ 3105.718502]  ? find_held_lock+0x2c/0x110
[ 3105.718993]  ? __kernfs_new_node+0x2ad/0x850
[ 3105.719512]  ? rwlock_bug.part.0+0x90/0x90
[ 3105.719997]  security_kernfs_init_security+0x4e/0xb0
[ 3105.720576]  __kernfs_new_node+0x531/0x850
[ 3105.721059]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3105.721611]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3105.722173]  ? pcpu_alloc+0x12a/0x12f0
[ 3105.722646]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3105.723235]  kernfs_create_dir_ns+0x9c/0x230
[ 3105.723755]  cgroup_mkdir+0x318/0xfc0
[ 3105.724213]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3105.724786]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3105.725288]  vfs_mkdir+0x41f/0x660
[ 3105.725715]  do_mkdirat+0x145/0x2a0
[ 3105.726147]  ? user_path_create+0xf0/0xf0
[ 3105.726629]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3105.727227]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3105.727809]  do_syscall_64+0x33/0x40
[ 3105.728240]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3105.728830] RIP: 0033:0x7fd3579f1b19
[ 3105.729262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3105.731342] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3105.732224] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3105.733067] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3105.733898] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3105.734734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3105.735556] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:18:43 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x600, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 17)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3105.766639] FAULT_INJECTION: forcing a failure.
[ 3105.766639] name failslab, interval 1, probability 0, space 0, times 0
[ 3105.768120] CPU: 1 PID: 18302 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3105.768907] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3105.769849] Call Trace:
[ 3105.770153]  dump_stack+0x107/0x167
[ 3105.770573]  should_fail.cold+0x5/0xa
[ 3105.771009]  ? create_object.isra.0+0x3a/0xa20
[ 3105.771527]  should_failslab+0x5/0x20
[ 3105.771959]  kmem_cache_alloc+0x5b/0x360
[ 3105.772420]  create_object.isra.0+0x3a/0xa20
[ 3105.772919]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3105.773480]  __kmalloc_node_track_caller+0x1a6/0x3f0
[ 3105.774051]  ? alloc_skb_with_frags+0x92/0x570
[ 3105.774576]  __alloc_skb+0xb1/0x5b0
[ 3105.774991]  alloc_skb_with_frags+0x92/0x570
[ 3105.775491]  ? find_held_lock+0x2c/0x110
[ 3105.775953]  sock_alloc_send_pskb+0x7af/0x930
[ 3105.776467]  ? sk_alloc+0x350/0x350
[ 3105.776868]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3105.777466]  ? __dev_queue_xmit+0xe4e/0x2730
[ 3105.777946]  ? __local_bh_enable_ip+0x9d/0x100
[ 3105.778466]  __ip6_append_data.isra.0+0x1c12/0x3a70
[ 3105.779030]  ? ip6_mtu+0x1bb/0x370
[ 3105.779436]  ? lock_downgrade+0x6d0/0x6d0
[ 3105.779901]  ? ip_frag_init+0x350/0x350
[ 3105.780357]  ? ip6_finish_output2+0x1f30/0x1f30
[ 3105.780870]  ? ip6_mtu+0x1e9/0x370
[ 3105.781273]  ? ip6_setup_cork+0xfb7/0x1740
[ 3105.781738]  ip6_make_skb+0x2de/0x4e0
[ 3105.782161]  ? ip_frag_init+0x350/0x350
[ 3105.782606]  ? ip_frag_init+0x350/0x350
[ 3105.783051]  ? ip6_push_pending_frames+0xf0/0xf0
[ 3105.783573]  ? ip6_dst_check+0x379/0x820
[ 3105.784033]  ? sk_dst_check+0x235/0x460
[ 3105.784491]  udpv6_sendmsg+0x2043/0x29b0
[ 3105.784946]  ? ip_frag_init+0x350/0x350
[ 3105.785390]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3105.785967]  ? find_held_lock+0x2c/0x110
[ 3105.786426]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3105.786986]  ? __import_iovec+0x458/0x590
[ 3105.787439]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3105.788025]  inet6_sendmsg+0x105/0x140
[ 3105.788449]  ? inet6_compat_ioctl+0x320/0x320
[ 3105.788962]  sock_sendmsg+0xf2/0x190
[ 3105.789367]  ____sys_sendmsg+0x334/0x870
[ 3105.789829]  ? kernel_sendmsg+0x50/0x50
[ 3105.790264]  ? do_recvmmsg+0x6d0/0x6d0
[ 3105.790714]  ? __lock_acquire+0x1657/0x5b00
[ 3105.791208]  ___sys_sendmsg+0xf3/0x170
[ 3105.791629]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3105.792124]  ? lock_downgrade+0x6d0/0x6d0
[ 3105.792578]  ? find_held_lock+0x2c/0x110
[ 3105.793026]  ? __might_fault+0xd3/0x180
[ 3105.793456]  ? lock_downgrade+0x6d0/0x6d0
[ 3105.793917]  __sys_sendmmsg+0x195/0x470
[ 3105.794353]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3105.794829]  ? lock_downgrade+0x6d0/0x6d0
[ 3105.795292]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3105.795818]  ? wait_for_completion_io+0x270/0x270
[ 3105.796342]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3105.796850]  ? vfs_write+0x354/0xa30
[ 3105.797250]  ? fput_many+0x2f/0x1a0
[ 3105.797655]  ? ksys_write+0x1a9/0x260
[ 3105.798079]  __x64_sys_sendmmsg+0x99/0x100
[ 3105.798553]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3105.799122]  do_syscall_64+0x33/0x40
[ 3105.799524]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3105.800084] RIP: 0033:0x7fc6b3968b19
[ 3105.800484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3105.802548] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3105.803404] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3105.804208] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3105.805022] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3105.805824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3105.806625] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
11:18:43 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:43 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3e8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3120.832420] FAULT_INJECTION: forcing a failure.
[ 3120.832420] name failslab, interval 1, probability 0, space 0, times 0
[ 3120.835109] CPU: 1 PID: 18344 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3120.836524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3120.838181] Call Trace:
[ 3120.838735]  dump_stack+0x107/0x167
[ 3120.839458]  should_fail.cold+0x5/0xa
[ 3120.840235]  ? skb_clone+0x14f/0x3d0
[ 3120.840965]  should_failslab+0x5/0x20
[ 3120.841727]  kmem_cache_alloc+0x5b/0x360
[ 3120.842571]  skb_clone+0x14f/0x3d0
[ 3120.843300]  ip6_finish_output2+0x1190/0x1f30
[ 3120.844211]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3120.845216]  ip6_output+0x3b1/0x7f0
[ 3120.845948]  ip6_local_out+0xb4/0x1a0
[ 3120.846739]  ip6_send_skb+0xb7/0x350
[ 3120.847485]  udp_v6_send_skb+0x7aa/0x15b0
[ 3120.848325]  udpv6_sendmsg+0x2086/0x29b0
[ 3120.849138]  ? ip_frag_init+0x350/0x350
[ 3120.849952]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3120.851021]  ? find_held_lock+0x2c/0x110
[ 3120.851854]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3120.852846]  ? __import_iovec+0x458/0x590
[ 3120.853677]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3120.854720]  inet6_sendmsg+0x105/0x140
[ 3120.855503]  ? inet6_compat_ioctl+0x320/0x320
[ 3120.856407]  sock_sendmsg+0xf2/0x190
[ 3120.857159]  ____sys_sendmsg+0x334/0x870
[ 3120.857973]  ? kernel_sendmsg+0x50/0x50
[ 3120.858791]  ? do_recvmmsg+0x6d0/0x6d0
[ 3120.859581]  ? __lock_acquire+0x1657/0x5b00
[ 3120.860461]  ___sys_sendmsg+0xf3/0x170
[ 3120.861248]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3120.862181]  ? lock_downgrade+0x6d0/0x6d0
[ 3120.863033]  ? find_held_lock+0x2c/0x110
[ 3120.863856]  ? __might_fault+0xd3/0x180
[ 3120.864657]  ? lock_downgrade+0x6d0/0x6d0
[ 3120.865506]  __sys_sendmmsg+0x195/0x470
[ 3120.866315]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3120.867197]  ? lock_downgrade+0x6d0/0x6d0
[ 3120.868045]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3120.869015]  ? wait_for_completion_io+0x270/0x270
[ 3120.869985]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3120.870940]  ? vfs_write+0x354/0xa30
[ 3120.871695]  ? fput_many+0x2f/0x1a0
[ 3120.872435]  ? ksys_write+0x1a9/0x260
[ 3120.873218]  __x64_sys_sendmmsg+0x99/0x100
[ 3120.874083]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3120.875136]  do_syscall_64+0x33/0x40
[ 3120.875895]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3120.876924] RIP: 0033:0x7fc6b3968b19
[ 3120.877680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
11:18:58 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 30)

11:18:58 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x700, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:58 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 18)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:58 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x5dc, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:58 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x1f4, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:58 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3e8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:58 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x7, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:58 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x9, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3120.881886] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3120.883515] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3120.884978] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3120.886414] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3120.887876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3120.889349] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
[ 3120.969341] FAULT_INJECTION: forcing a failure.
[ 3120.969341] name failslab, interval 1, probability 0, space 0, times 0
[ 3120.972443] CPU: 1 PID: 18350 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3120.973859] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3120.975563] Call Trace:
[ 3120.976109]  dump_stack+0x107/0x167
[ 3120.976856]  should_fail.cold+0x5/0xa
[ 3120.977642]  ? __kernfs_iattrs+0xbc/0x470
[ 3120.978498]  should_failslab+0x5/0x20
[ 3120.979308]  kmem_cache_alloc+0x5b/0x360
[ 3120.980143]  __kernfs_iattrs+0xbc/0x470
[ 3120.980957]  kernfs_xattr_set+0x2b/0x80
[ 3120.981781]  selinux_kernfs_init_security+0x268/0x4c0
[ 3120.982848]  ? selinux_file_mprotect+0x600/0x600
[ 3120.983814]  ? find_held_lock+0x2c/0x110
[ 3120.984651]  ? __kernfs_new_node+0x2ad/0x850
[ 3120.985551]  ? rwlock_bug.part.0+0x90/0x90
[ 3120.986428]  security_kernfs_init_security+0x4e/0xb0
[ 3120.987481]  __kernfs_new_node+0x531/0x850
[ 3120.988349]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3120.989329]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3120.990309]  ? pcpu_alloc+0x12a/0x12f0
[ 3120.991132]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3120.992203]  kernfs_create_dir_ns+0x9c/0x230
[ 3120.993110]  cgroup_mkdir+0x318/0xfc0
[ 3120.993894]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3120.994865]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3120.995731]  vfs_mkdir+0x41f/0x660
[ 3120.996458]  do_mkdirat+0x145/0x2a0
[ 3120.997205]  ? user_path_create+0xf0/0xf0
[ 3120.998052]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3120.999136]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3121.000193]  do_syscall_64+0x33/0x40
[ 3121.000963]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3121.002005] RIP: 0033:0x7fd3579f1b19
[ 3121.002778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3121.006523] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3121.008087] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3121.009543] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3121.011010] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3121.012455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3121.013908] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:18:59 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 31)

11:18:59 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:59 executing program 1:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x600, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:59 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x900, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:59 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x5dc, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3121.412606] FAULT_INJECTION: forcing a failure.
[ 3121.412606] name failslab, interval 1, probability 0, space 0, times 0
[ 3121.415318] CPU: 0 PID: 18384 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3121.416725] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3121.418406] Call Trace:
[ 3121.418962]  dump_stack+0x107/0x167
[ 3121.419707]  should_fail.cold+0x5/0xa
[ 3121.420481]  ? create_object.isra.0+0x3a/0xa20
[ 3121.421405]  should_failslab+0x5/0x20
[ 3121.422184]  kmem_cache_alloc+0x5b/0x360
[ 3121.423035]  ? find_held_lock+0x2c/0x110
[ 3121.423867]  create_object.isra.0+0x3a/0xa20
[ 3121.424755]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3121.425790]  kmem_cache_alloc+0x159/0x360
[ 3121.426646]  __kernfs_iattrs+0xbc/0x470
[ 3121.427454]  kernfs_xattr_set+0x2b/0x80
[ 3121.428277]  selinux_kernfs_init_security+0x268/0x4c0
[ 3121.429325]  ? selinux_file_mprotect+0x600/0x600
[ 3121.430309]  ? find_held_lock+0x2c/0x110
[ 3121.431164]  ? __kernfs_new_node+0x2ad/0x850
[ 3121.432093]  ? rwlock_bug.part.0+0x90/0x90
[ 3121.432990]  security_kernfs_init_security+0x4e/0xb0
[ 3121.434046]  __kernfs_new_node+0x531/0x850
[ 3121.434952]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3121.435947]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3121.436894]  ? pcpu_alloc+0x12a/0x12f0
[ 3121.437698]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3121.438787]  kernfs_create_dir_ns+0x9c/0x230
[ 3121.439687]  cgroup_mkdir+0x318/0xfc0
[ 3121.440473]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3121.441453]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3121.442313]  vfs_mkdir+0x41f/0x660
[ 3121.443054]  do_mkdirat+0x145/0x2a0
[ 3121.443798]  ? user_path_create+0xf0/0xf0
[ 3121.444649]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3121.445713]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3121.446795]  do_syscall_64+0x33/0x40
[ 3121.447553]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3121.448597] RIP: 0033:0x7fd3579f1b19
[ 3121.449356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3121.453116] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3121.454685] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3121.456144] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3121.457591] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3121.459044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3121.460509] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:18:59 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x300, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:59 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xc, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:18:59 executing program 6:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 19)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
dup3(r0, 0xffffffffffffffff, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3121.654813] FAULT_INJECTION: forcing a failure.
[ 3121.654813] name failslab, interval 1, probability 0, space 0, times 0
[ 3121.657479] CPU: 0 PID: 18412 Comm: syz-executor.6 Not tainted 5.10.168 #1
[ 3121.658865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3121.660532] Call Trace:
[ 3121.661061]  dump_stack+0x107/0x167
[ 3121.661781]  should_fail.cold+0x5/0xa
[ 3121.662543]  ? create_object.isra.0+0x3a/0xa20
[ 3121.663473]  should_failslab+0x5/0x20
[ 3121.664251]  kmem_cache_alloc+0x5b/0x360
[ 3121.665071]  create_object.isra.0+0x3a/0xa20
[ 3121.665954]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3121.666994]  kmem_cache_alloc+0x159/0x360
[ 3121.667850]  skb_clone+0x14f/0x3d0
[ 3121.668576]  ip6_finish_output2+0x1190/0x1f30
[ 3121.669495]  __ip6_finish_output.part.0+0x4f7/0xb50
[ 3121.670503]  ip6_output+0x3b1/0x7f0
[ 3121.671279]  ip6_local_out+0xb4/0x1a0
[ 3121.672053]  ip6_send_skb+0xb7/0x350
[ 3121.672829]  udp_v6_send_skb+0x7aa/0x15b0
[ 3121.673680]  udpv6_sendmsg+0x2086/0x29b0
[ 3121.674523]  ? ip_frag_init+0x350/0x350
[ 3121.675359]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3121.676443]  ? find_held_lock+0x2c/0x110
[ 3121.677279]  ? selinux_socket_sendmsg+0x1fd/0x2b0
[ 3121.678295]  ? __import_iovec+0x458/0x590
[ 3121.679141]  ? udp_v6_push_pending_frames+0x360/0x360
[ 3121.680204]  inet6_sendmsg+0x105/0x140
[ 3121.680997]  ? inet6_compat_ioctl+0x320/0x320
[ 3121.681906]  sock_sendmsg+0xf2/0x190
[ 3121.682688]  ____sys_sendmsg+0x334/0x870
[ 3121.683521]  ? kernel_sendmsg+0x50/0x50
[ 3121.684334]  ? do_recvmmsg+0x6d0/0x6d0
[ 3121.685131]  ? __lock_acquire+0x1657/0x5b00
[ 3121.686019]  ___sys_sendmsg+0xf3/0x170
[ 3121.686827]  ? sendmsg_copy_msghdr+0x160/0x160
[ 3121.687768]  ? lock_downgrade+0x6d0/0x6d0
[ 3121.688622]  ? find_held_lock+0x2c/0x110
[ 3121.689453]  ? __might_fault+0xd3/0x180
[ 3121.690263]  ? lock_downgrade+0x6d0/0x6d0
[ 3121.691141]  __sys_sendmmsg+0x195/0x470
[ 3121.691960]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 3121.692836]  ? lock_downgrade+0x6d0/0x6d0
[ 3121.693702]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3121.694717]  ? wait_for_completion_io+0x270/0x270
[ 3121.695710]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3121.696659]  ? vfs_write+0x354/0xa30
[ 3121.697430]  ? fput_many+0x2f/0x1a0
[ 3121.698182]  ? ksys_write+0x1a9/0x260
[ 3121.698981]  __x64_sys_sendmmsg+0x99/0x100
[ 3121.699845]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3121.700900]  do_syscall_64+0x33/0x40
[ 3121.701665]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3121.702725] RIP: 0033:0x7fc6b3968b19
[ 3121.703494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3121.707252] RSP: 002b:00007fc6b0ede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3121.708799] RAX: ffffffffffffffda RBX: 00007fc6b3a7bf60 RCX: 00007fc6b3968b19
[ 3121.710259] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000003
[ 3121.711718] RBP: 00007fc6b0ede1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3121.713176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3121.714664] R13: 00007fff05fa846f R14: 00007fc6b0ede300 R15: 0000000000022000
11:18:59 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900020, &(0x7f0000000900)=ANY=[])
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000000000000000000000000000000000000000000000000000000000000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000061616161616161616161616161616161616161616161616161616161616161613131313131313131313131313131313131313131313131313131313131313131421531e83ca5a081d332b7db89cd0c3987c204758ae4531d61f4793eecd34ea89131251b657b654ec5e4f051b6c8e343278b71db367bd68e3621833141150c40bab4e5ba5f6dff4473a3624bd59db88628557fca8460fc8add21c5c9fa14f39ebfe632e592c6be09882549d0bf8103fd36b71bde3678e1d98db52eec1b2a05cd99a266a8a03c2edd79"])
unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000000040))
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fallocate(r3, 0x1, 0x3, 0xfc)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f00000001c0)={0x6, 'ip6gretap0\x00', {0xe6}, 0x200})
r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0)
dup2(r4, r0)
epoll_create1(0x80000)
mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 32)

11:19:00 executing program 7:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x9, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:19:00 executing program 3:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={0x0, 0x0, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x600, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000400)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x4000, @fd_index=0x8, 0x20, 0x1000000000004, 0x3, 0x0, 0x1}, 0x6)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:19:00 executing program 2:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xc00, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
r5 = dup3(r0, r3, 0x80000)
pread64(r5, &(0x7f00000001c0)=""/235, 0xeb, 0x6)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

11:19:00 executing program 5:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x3e8, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r4, 0x0, &(0x7f00000005c0))
dup3(r0, r3, 0x80000)
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3122.058743] FAULT_INJECTION: forcing a failure.
[ 3122.058743] name failslab, interval 1, probability 0, space 0, times 0
[ 3122.061519] CPU: 0 PID: 18427 Comm: syz-executor.4 Not tainted 5.10.168 #1
[ 3122.062949] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3122.064628] Call Trace:
[ 3122.065176]  dump_stack+0x107/0x167
[ 3122.065922]  should_fail.cold+0x5/0xa
[ 3122.066719]  ? kvmalloc_node+0x119/0x170
[ 3122.067549]  should_failslab+0x5/0x20
[ 3122.068310]  __kmalloc_node+0x76/0x4b0
[ 3122.069092]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3122.070066]  kvmalloc_node+0x119/0x170
[ 3122.070866]  simple_xattr_alloc+0x43/0xa0
[ 3122.071709]  simple_xattr_set+0x75/0x610
[ 3122.072549]  kernfs_xattr_set+0x50/0x80
[ 3122.073367]  selinux_kernfs_init_security+0x268/0x4c0
[ 3122.074424]  ? selinux_file_mprotect+0x600/0x600
[ 3122.075402]  ? find_held_lock+0x2c/0x110
[ 3122.076226]  ? __kernfs_new_node+0x2ad/0x850
[ 3122.077119]  ? rwlock_bug.part.0+0x90/0x90
[ 3122.077977]  security_kernfs_init_security+0x4e/0xb0
[ 3122.079018]  __kernfs_new_node+0x531/0x850
[ 3122.079874]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3122.080836]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 3122.081801]  ? pcpu_alloc+0x12a/0x12f0
[ 3122.082620]  ? _find_next_bit.constprop.0+0x1a3/0x200
[ 3122.083692]  kernfs_create_dir_ns+0x9c/0x230
[ 3122.084602]  cgroup_mkdir+0x318/0xfc0
[ 3122.085387]  ? cgroup_destroy_locked+0x6f0/0x6f0
[ 3122.086345]  kernfs_iop_mkdir+0x14d/0x1e0
[ 3122.087204]  vfs_mkdir+0x41f/0x660
[ 3122.087931]  do_mkdirat+0x145/0x2a0
[ 3122.088663]  ? user_path_create+0xf0/0xf0
[ 3122.089519]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3122.090575]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3122.091666]  do_syscall_64+0x33/0x40
[ 3122.092419]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 3122.093453] RIP: 0033:0x7fd3579f1b19
[ 3122.094215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3122.097916] RSP: 002b:00007fd354f67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 3122.099480] RAX: ffffffffffffffda RBX: 00007fd357b04f60 RCX: 00007fd3579f1b19
[ 3122.100929] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000009
[ 3122.102376] RBP: 00007fd354f671d0 R08: 0000000000000000 R09: 0000000000000000
[ 3122.103840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3122.105296] R13: 00007ffc675ec60f R14: 00007fd354f67300 R15: 0000000000022000
11:19:00 executing program 0:
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000005d80)={&(0x7f0000004c80), 0xc, &(0x7f0000005d40)={&(0x7f0000004cc0)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x8, @mcast2, 0x5}, 0x1c)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x5}, 0x409becb7bdf85d3, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f0000004c40)={0xa, 0x4e21, 0x2, @private0, 0x600000}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0xe, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x5, &(0x7f0000000080), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0)
connect(r0, &(0x7f00000002c0)=@isdn={0x22, 0xff, 0x1f, 0x3, 0x80}, 0x80)
openat$rtc(0xffffffffffffff9c, &(0x7f0000003580), 0x8000, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder-control\x00', 0x800, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
getsockname$packet(r3, 0x0, &(0x7f00000005c0))
socketpair(0x21, 0x1, 0x0, &(0x7f00000000c0))
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)

[ 3135.420459] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
BUG: memory leak
unreferenced object 0xffff88801cff95b0 (size 144):
  comm "syz-executor.4", pid 18427, jiffies 4297789118 (age 21.770s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 a4 05 f2 63 00 00 00 00  ...........c....
    07 d4 64 06 00 00 00 00 a4 05 f2 63 00 00 00 00  ..d........c....
  backtrace:
    [<00000000f70bc3e4>] __kernfs_iattrs+0xbc/0x470
    [<000000000ccfa5a1>] kernfs_xattr_set+0x2b/0x80
    [<0000000001dbf1bc>] selinux_kernfs_init_security+0x268/0x4c0
    [<00000000804871af>] security_kernfs_init_security+0x4e/0xb0
    [<000000003f550053>] __kernfs_new_node+0x531/0x850
    [<000000008ebe999e>] kernfs_create_dir_ns+0x9c/0x230
    [<0000000087e1c847>] cgroup_mkdir+0x318/0xfc0
    [<00000000b02541b3>] kernfs_iop_mkdir+0x14d/0x1e0
    [<00000000e937bd2b>] vfs_mkdir+0x41f/0x660
    [<00000000fff9a0ba>] do_mkdirat+0x145/0x2a0
    [<00000000bddd6e24>] do_syscall_64+0x33/0x40
    [<00000000b3fd2e89>] entry_SYSCALL_64_after_hwframe+0x61/0xc6

BUG: leak checking failed

VM DIAGNOSIS:
11:19:22  Registers:
info registers vcpu 0
RAX=ffffffff83e354a0 RBX=ffffffff84e322c0 RCX=ffffffff83e1cddc RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e35863 RBP=fffffbfff09c6458 RSP=ffffffff84e07e40
R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001
R12=0000000000000000 R13=ffffffff85672408 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e354ae RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc35d63d88 CR3=000000000e146000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=656a626f206465636e6572656665726e
XMM02=2934343120657a697328203062353966 XMM03=3120646970202c22342e726f74756365
XMM04=2e2e2e2e2e2e2e202030302030302030 XMM05=20303020303020303020303020303020
XMM06=65747962203233207473726966282070 XMM07=31322065676128203831313938373739
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=ffffffff83e354a0 RBX=ffff888008570000 RCX=ffffffff83e1cddc RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e35863 RBP=ffffed10010ae000 RSP=ffff88800857fe78
R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001
R12=0000000000000001 R13=ffffffff85672408 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e354ae RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f75e478acb0 CR3=000000000e2e8000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000004150429800000000 XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000