, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:06 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="1b5b073b39000040000000a1a22f62e0566fe10c68af347b108244ee55006eb4356af07316a089b5ef268765bd286bb4a0ca61ec7173a7c4551b9b07000e1148eb1b686d24fc2e09093e60a20429fa48fccafb1cdac6ee7d051624407e298a444001056479f049647a62badd1002f8c08215233432af6631d94f9b12ee2ae8e6ca35062c2f9cabc2037201b235ecf7522ea865308e523d"], 0x78) [ 1366.193872][ T8203] FAULT_INJECTION: forcing a failure. [ 1366.193872][ T8203] name failslab, interval 1, probability 0, space 0, times 0 [ 1366.206558][ T8203] CPU: 0 PID: 8203 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1366.215310][ T8203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1366.215348][ T8203] Call Trace: [ 1366.215354][ T8203] dump_stack+0x137/0x19d [ 1366.215378][ T8203] should_fail+0x23c/0x250 [ 1366.215396][ T8203] __should_failslab+0x81/0x90 [ 1366.215464][ T8203] ? io_issue_sqe+0x418f/0x6080 [ 1366.215485][ T8203] should_failslab+0x5/0x20 [ 1366.215505][ T8203] __kmalloc+0x66/0x360 [ 1366.215541][ T8203] ? rw_verify_area+0x136/0x250 [ 1366.215562][ T8203] io_issue_sqe+0x418f/0x6080 [ 1366.215584][ T8203] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1366.215678][ T8203] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1366.215695][ T8203] ? __io_queue_proc+0x99/0x260 [ 1366.215734][ T8203] ? vga_arb_write+0x17d0/0x17d0 [ 1366.215751][ T8203] ? io_async_queue_proc+0x3f/0x50 [ 1366.215774][ T8203] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1366.215794][ T8203] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1366.215816][ T8203] ? try_to_wake_up+0x353/0x470 [ 1366.215890][ T8203] ? io_wqe_enqueue+0x457/0x4d0 [ 1366.215911][ T8203] ? io_wq_enqueue+0x3a/0x40 [ 1366.215926][ T8203] ? io_queue_async_work+0x18d/0x230 [ 1366.322370][ T8203] __io_queue_sqe+0xe9/0x3a0 [ 1366.322422][ T8203] io_queue_sqe+0x6d/0x160 [ 1366.322444][ T8203] io_submit_sqe+0x15c7/0x30c0 03:59:06 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SYNC(r3, 0x9408, 0x0) 03:59:06 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x10000000, 0x0) [ 1366.336318][ T8203] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1366.336341][ T8203] io_submit_sqes+0x61f/0xaf0 [ 1366.336365][ T8203] __se_sys_io_uring_enter+0x217/0xb20 [ 1366.336386][ T8203] ? fput+0x2d/0x130 [ 1366.336433][ T8203] __x64_sys_io_uring_enter+0x74/0x80 [ 1366.336453][ T8203] do_syscall_64+0x34/0x50 [ 1366.336474][ T8203] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1366.336499][ T8203] RIP: 0033:0x4665f9 [ 1366.336512][ T8203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1366.336604][ T8203] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1366.336621][ T8203] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 03:59:06 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x7ffff000) 03:59:06 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x11000000, 0x0) 03:59:06 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semop(0x0, &(0x7f0000000040)=[{0x1, 0x7, 0x1000}, {0x1, 0x7f}, {0x1, 0x0, 0x1800}, {0x1, 0x6, 0x800}, {0x3, 0xffff, 0x1800}, {0x2, 0xfffc, 0x1800}, {0x4, 0x8000, 0x800}, {0x2, 0x80, 0x1000}, {0x0, 0x81, 0x800}], 0x9) r1 = semget$private(0x0, 0x2, 0x183) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000080), 0x0, &(0x7f0000000140)={r2, r3+60000000}) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r4, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r4, &(0x7f0000000080)=[{0x2, 0x4, 0x1000}, {0x1, 0x4, 0x800}, {0x3, 0x1ff, 0x1000}], 0x3) [ 1366.336634][ T8203] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1366.336647][ T8203] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:06 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$KIOCSOUND(r2, 0x4b2f, 0x1) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b5b8574050000a343d1133a0180000000000000ff0000000300001b0800884d00006d0000"], 0x78) 03:59:06 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x12000000, 0x0) [ 1366.336658][ T8203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1366.336670][ T8203] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:06 executing program 0 (fault-call:7 fault-nth:4): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:07 executing program 2: r0 = semget$private(0x0, 0x1, 0x102) semop(r0, &(0x7f0000000040)=[{0x2, 0x200}, {0x0, 0xffff, 0x1000}], 0x2) semop(r0, &(0x7f0000000000), 0x2aaaaaaaaaaaac69) r1 = semget(0x3, 0x3, 0x2b6) semctl$IPC_STAT(r1, 0x0, 0x2, &(0x7f0000000140)=""/136) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) [ 1366.712528][ T8254] FAULT_INJECTION: forcing a failure. [ 1366.712528][ T8254] name failslab, interval 1, probability 0, space 0, times 0 03:59:07 executing program 2: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x9, 0x4, 0xff, 0x2, 0x0, 0x200, 0x4004, 0x15, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x80000000, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x8, 0x4, 0x0, 0x1, 0xb62, 0xfffffffd, 0x3ff, 0x0, 0x1}, 0x0, 0xf, r0, 0xb) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:07 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x13000000, 0x0) [ 1366.712550][ T8254] CPU: 1 PID: 8254 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1366.712567][ T8254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1366.712577][ T8254] Call Trace: [ 1366.712583][ T8254] dump_stack+0x137/0x19d [ 1366.712605][ T8254] should_fail+0x23c/0x250 [ 1366.712620][ T8254] __should_failslab+0x81/0x90 [ 1366.712639][ T8254] ? io_arm_poll_handler+0x15e/0x420 03:59:07 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x14000000, 0x0) 03:59:07 executing program 0 (fault-call:7 fault-nth:5): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:07 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r2}) connect$packet(r0, &(0x7f0000000100)={0x11, 0x15, r2, 0x1, 0x6, 0x6, @broadcast}, 0x14) r4 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r4, 0x400450a, 0x0, 0x0, 0x0, 0x0) flock(r7, 0x1) [ 1366.712690][ T8254] should_failslab+0x5/0x20 [ 1366.712708][ T8254] kmem_cache_alloc_trace+0x49/0x320 [ 1366.712726][ T8254] io_arm_poll_handler+0x15e/0x420 [ 1366.712745][ T8254] ? io_wq_enqueue+0x3a/0x40 [ 1366.712757][ T8254] ? io_queue_async_work+0x18d/0x230 [ 1366.712939][ T8254] __io_queue_sqe+0x133/0x3a0 [ 1366.712955][ T8254] io_queue_sqe+0x6d/0x160 [ 1366.712974][ T8254] io_submit_sqe+0x15c7/0x30c0 [ 1366.712994][ T8254] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1366.713082][ T8254] io_submit_sqes+0x61f/0xaf0 [ 1366.713101][ T8254] __se_sys_io_uring_enter+0x217/0xb20 [ 1366.713117][ T8254] ? fput+0x2d/0x130 [ 1366.713137][ T8254] __x64_sys_io_uring_enter+0x74/0x80 [ 1366.713159][ T8254] do_syscall_64+0x34/0x50 [ 1366.713236][ T8254] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1366.713346][ T8254] RIP: 0033:0x4665f9 [ 1366.713366][ T8254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1366.713383][ T8254] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1366.713398][ T8254] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1366.713411][ T8254] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1366.713423][ T8254] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1366.713435][ T8254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1366.713447][ T8254] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1367.013398][ T8289] FAULT_INJECTION: forcing a failure. [ 1367.013398][ T8289] name failslab, interval 1, probability 0, space 0, times 0 [ 1367.013421][ T8289] CPU: 1 PID: 8289 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1367.013494][ T8289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1367.013503][ T8289] Call Trace: [ 1367.013509][ T8289] dump_stack+0x137/0x19d [ 1367.013527][ T8289] should_fail+0x23c/0x250 [ 1367.013542][ T8289] __should_failslab+0x81/0x90 [ 1367.013563][ T8289] ? io_issue_sqe+0x418f/0x6080 [ 1367.013581][ T8289] should_failslab+0x5/0x20 [ 1367.013630][ T8289] __kmalloc+0x66/0x360 [ 1367.013647][ T8289] ? rw_verify_area+0x136/0x250 [ 1367.013669][ T8289] io_issue_sqe+0x418f/0x6080 [ 1367.013692][ T8289] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1367.013716][ T8289] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1367.013779][ T8289] ? __io_queue_proc+0x99/0x260 [ 1367.013801][ T8289] ? vga_arb_write+0x17d0/0x17d0 [ 1367.013818][ T8289] ? io_async_queue_proc+0x3f/0x50 [ 1367.013917][ T8289] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1367.013934][ T8289] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1367.013960][ T8289] ? try_to_wake_up+0x353/0x470 [ 1367.013984][ T8289] ? io_wqe_enqueue+0x457/0x4d0 [ 1367.014002][ T8289] ? io_wq_enqueue+0x3a/0x40 [ 1367.014018][ T8289] ? io_queue_async_work+0x18d/0x230 [ 1367.014036][ T8289] __io_queue_sqe+0xe9/0x3a0 [ 1367.014058][ T8289] io_queue_sqe+0x6d/0x160 [ 1367.014119][ T8289] io_submit_sqe+0x15c7/0x30c0 [ 1367.014139][ T8289] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1367.014156][ T8289] io_submit_sqes+0x61f/0xaf0 [ 1367.014192][ T8289] __se_sys_io_uring_enter+0x217/0xb20 [ 1367.014210][ T8289] ? fput+0x2d/0x130 [ 1367.014295][ T8289] __x64_sys_io_uring_enter+0x74/0x80 [ 1367.014312][ T8289] do_syscall_64+0x34/0x50 [ 1367.014329][ T8289] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1367.014391][ T8289] RIP: 0033:0x4665f9 [ 1367.014401][ T8289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1367.014413][ T8289] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1367.014428][ T8289] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 03:59:07 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0xff0f0000, 0x0) 03:59:07 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x20a81, 0x0, 0x12}, 0x18) r5 = openat$full(0xffffffffffffff9c, &(0x7f00000003c0), 0x410901, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000140)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r5, 0x80, &(0x7f0000000400)=@generic={0x1d, "9b40a287ebb38821d108c0e702d52cd849ffdf83de2c1663baa838d9f9639fba48a53fc6908ee560b9d6e1d3014398f733cfe15b0e13165cca99131cc653fb362403c17add40d9ce3bef9cc89ddfe3a787f944688e9fd9f34abf69f0c03de435227408bc2ca563b1db013b2c6c56e703761238bb10a1ad753a4a29b49e79"}, 0x0, 0x0, 0x1, {0x0, r6}}, 0x0) syz_io_uring_setup(0x54e9, &(0x7f0000000240)={0x0, 0x7991, 0x20, 0x0, 0x6b, 0x0, r0}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ee6000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40, 0x1, {0x2}}, 0x3) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:07 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0xfffffdef) 03:59:07 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000040)={0x200, 0x7, 0xff, 0x2, 0x19, "9e10f45f61a40488"}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006da41bf9b49102a4c0052ed65be954ffa2134175d606a88f86e50d6600d156c6ac5ade16ce9b4007775b519b4eb3767a2d7a08926ce6538a04243541081cd504099fb628e6b6af119168e1ec646989d891e22ef8555369a1294ebed3eb1d201cfae1d4777ab79eb91348fa061bfa3738fb78c03cb3ca5089936397000057c81e01aadf170970c5ef9822529fbf95b8d0b6d0fefa24ce8882acc732c681ca4d91414da95cfc431837b195c9aa11b0d11ad1dcf21f80276aa2f022a010e0253ea411d807e3993286651695a449fdc45723b7f92223edcb743aa2"], 0x78) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r1, 0xc038943b, &(0x7f00000000c0)={0x2, 0x20, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0]}) 03:59:07 executing program 0 (fault-call:7 fault-nth:6): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:07 executing program 2: r0 = semget$private(0x0, 0x4, 0x296) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) [ 1367.014437][ T8289] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1367.014446][ T8289] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1367.014458][ T8289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1367.014471][ T8289] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:07 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x100000000000000, 0x0) 03:59:07 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x200000000000000, 0x0) [ 1367.610998][ T8330] FAULT_INJECTION: forcing a failure. [ 1367.610998][ T8330] name failslab, interval 1, probability 0, space 0, times 0 [ 1367.611022][ T8330] CPU: 0 PID: 8330 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 03:59:07 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x300000000000000, 0x0) 03:59:07 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000740)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @private2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x20}}) r5 = dup3(r0, r3, 0x80000) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r8 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r8, 0x0) preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0) setsockopt$inet6_int(r5, 0x29, 0xa, &(0x7f0000000100)=0xc1, 0x4) poll(&(0x7f0000000240)=[{r0, 0x4000}, {0xffffffffffffffff, 0x210}, {r3}, {r0, 0x350}, {r0, 0x4}, {r4, 0x8400}, {r0, 0x200}, {0xffffffffffffffff, 0x10}, {r5, 0x2222}], 0x9, 0x3a5) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:07 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x3, 0x7fff}, {0x3, 0xcb, 0x1800}, {0x0, 0x800, 0x800}, {0x0, 0x8, 0x3800}, {0x2, 0xffff, 0x1800}, {0x1, 0x76, 0x1000}, {0x3, 0x3, 0x800}], 0x7, &(0x7f0000000080)) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff, 0x800}], 0x1, 0x0) semop(r0, &(0x7f00000000c0)=[{0x1, 0xfed, 0x1800}, {0x1, 0x2, 0x1000}, {0x0, 0x8, 0x400}], 0x3) [ 1367.611041][ T8330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1367.611051][ T8330] Call Trace: 03:59:08 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0xb00000000000000, 0x0) [ 1367.611058][ T8330] dump_stack+0x137/0x19d 03:59:08 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0xc00000000000000, 0x0) [ 1367.611135][ T8330] should_fail+0x23c/0x250 03:59:08 executing program 0 (fault-call:7 fault-nth:7): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1367.611150][ T8330] __should_failslab+0x81/0x90 [ 1367.611252][ T8330] ? io_arm_poll_handler+0x15e/0x420 [ 1367.611277][ T8330] should_failslab+0x5/0x20 [ 1367.611299][ T8330] kmem_cache_alloc_trace+0x49/0x320 [ 1367.611320][ T8330] io_arm_poll_handler+0x15e/0x420 [ 1367.611386][ T8330] ? io_wq_enqueue+0x3a/0x40 [ 1367.611402][ T8330] ? io_queue_async_work+0x18d/0x230 [ 1367.611485][ T8330] __io_queue_sqe+0x133/0x3a0 [ 1367.611507][ T8330] io_queue_sqe+0x6d/0x160 [ 1367.611530][ T8330] io_submit_sqe+0x15c7/0x30c0 [ 1367.611611][ T8330] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1367.611627][ T8330] io_submit_sqes+0x61f/0xaf0 [ 1367.611703][ T8330] __se_sys_io_uring_enter+0x217/0xb20 [ 1367.611726][ T8330] ? fput+0x2d/0x130 [ 1367.611749][ T8330] __x64_sys_io_uring_enter+0x74/0x80 [ 1367.611771][ T8330] do_syscall_64+0x34/0x50 [ 1367.611848][ T8330] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1367.611939][ T8330] RIP: 0033:0x4665f9 [ 1367.611949][ T8330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1367.611964][ T8330] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1367.611980][ T8330] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1367.611989][ T8330] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1367.611998][ T8330] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1367.612009][ T8330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1367.612020][ T8330] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1367.900269][ T8370] FAULT_INJECTION: forcing a failure. [ 1367.900269][ T8370] name failslab, interval 1, probability 0, space 0, times 0 [ 1367.900294][ T8370] CPU: 1 PID: 8370 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1367.900309][ T8370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1367.900318][ T8370] Call Trace: [ 1367.900361][ T8370] dump_stack+0x137/0x19d [ 1367.900383][ T8370] should_fail+0x23c/0x250 [ 1367.900400][ T8370] __should_failslab+0x81/0x90 [ 1367.900420][ T8370] ? io_issue_sqe+0x418f/0x6080 [ 1367.900439][ T8370] should_failslab+0x5/0x20 [ 1367.900455][ T8370] __kmalloc+0x66/0x360 [ 1367.900468][ T8370] ? rw_verify_area+0x136/0x250 [ 1367.900508][ T8370] io_issue_sqe+0x418f/0x6080 [ 1367.900564][ T8370] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1367.900587][ T8370] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1367.900690][ T8370] ? __io_queue_proc+0x99/0x260 [ 1367.900718][ T8370] ? vga_arb_write+0x17d0/0x17d0 [ 1367.900735][ T8370] ? io_async_queue_proc+0x3f/0x50 [ 1367.900753][ T8370] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1367.900782][ T8370] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1367.900803][ T8370] ? try_to_wake_up+0x353/0x470 [ 1367.900887][ T8370] ? io_wqe_enqueue+0x457/0x4d0 [ 1367.900899][ T8370] ? io_wq_enqueue+0x3a/0x40 [ 1367.900910][ T8370] ? io_queue_async_work+0x18d/0x230 [ 1367.900999][ T8370] __io_queue_sqe+0xe9/0x3a0 [ 1367.901017][ T8370] io_queue_sqe+0x6d/0x160 [ 1367.901040][ T8370] io_submit_sqe+0x15c7/0x30c0 [ 1367.901064][ T8370] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1367.901082][ T8370] io_submit_sqes+0x61f/0xaf0 [ 1367.901176][ T8370] __se_sys_io_uring_enter+0x217/0xb20 [ 1367.901198][ T8370] ? fput+0x2d/0x130 [ 1367.901219][ T8370] __x64_sys_io_uring_enter+0x74/0x80 [ 1367.901241][ T8370] do_syscall_64+0x34/0x50 [ 1367.901268][ T8370] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1367.901310][ T8370] RIP: 0033:0x4665f9 [ 1367.901320][ T8370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1367.901366][ T8370] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1367.901386][ T8370] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1367.901429][ T8370] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 03:59:08 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0xfffffffffffffdef) 03:59:08 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0xd00000000000000, 0x0) 03:59:08 executing program 2: sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0c012abd7000fedbdf250100000008000500ffff06000800020001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x40000) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {0x5}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETVAL(r1, 0x4, 0xc, &(0x7f0000000140)=""/193) 03:59:08 executing program 0 (fault-call:7 fault-nth:8): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:08 executing program 4: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f00000002c0)='\x00', &(0x7f0000000300)='./file0\x00', 0xffffffffffffff9c) r1 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0) syz_io_uring_setup(0x2d61, &(0x7f0000000240)={0x0, 0x64af, 0x0, 0x0, 0x24d, 0x0, r1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ee7000/0x1000)=nil, &(0x7f0000000100), &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r1, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1367.901440][ T8370] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1367.901452][ T8370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1367.901464][ T8370] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:08 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r6, 0x5452, &(0x7f0000000200)=0x7) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32=r2, @ANYRESHEX, @ANYBLOB="0e2c11ad21dd6d2b83d1475964c5052b3904cadaf865159e2e334a2621a71d010fe0be2396c5e1bdc5d64742c68d9b137f65667436e0f53865c4f2675cef55fbe7cd74e77f5429b4cf5ed52271939902c1a5336e939f89fb5793ac9b187fdacc3c3a2f21db9d8335f363cf8273ce2f8481de03d652d96104ade7ce8a765d916dd7e1a889e64b4c", @ANYRES64=r8, @ANYRESHEX=r3, @ANYRESHEX=r4, @ANYRESDEC=r5, @ANYRES32, @ANYRES64=r7], 0x78) [ 1368.532443][ T8405] FAULT_INJECTION: forcing a failure. [ 1368.532443][ T8405] name failslab, interval 1, probability 0, space 0, times 0 [ 1368.545272][ T8405] CPU: 0 PID: 8405 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1368.553963][ T8405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1368.564020][ T8405] Call Trace: [ 1368.567298][ T8405] dump_stack+0x137/0x19d [ 1368.571656][ T8405] should_fail+0x23c/0x250 [ 1368.576081][ T8405] __should_failslab+0x81/0x90 [ 1368.576122][ T8405] ? io_arm_poll_handler+0x15e/0x420 [ 1368.576146][ T8405] should_failslab+0x5/0x20 [ 1368.590686][ T8405] kmem_cache_alloc_trace+0x49/0x320 [ 1368.596012][ T8405] io_arm_poll_handler+0x15e/0x420 [ 1368.601121][ T8405] ? io_wq_enqueue+0x3a/0x40 [ 1368.605718][ T8405] ? io_queue_async_work+0x18d/0x230 [ 1368.605741][ T8405] __io_queue_sqe+0x133/0x3a0 [ 1368.605759][ T8405] io_queue_sqe+0x6d/0x160 [ 1368.605776][ T8405] io_submit_sqe+0x15c7/0x30c0 [ 1368.605798][ T8405] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1368.605856][ T8405] io_submit_sqes+0x61f/0xaf0 [ 1368.605937][ T8405] __se_sys_io_uring_enter+0x217/0xb20 [ 1368.606025][ T8405] ? fput+0x2d/0x130 [ 1368.606111][ T8405] __x64_sys_io_uring_enter+0x74/0x80 [ 1368.606128][ T8405] do_syscall_64+0x34/0x50 [ 1368.606144][ T8405] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1368.606162][ T8405] RIP: 0033:0x4665f9 03:59:08 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0xffffffffffffffff) 03:59:08 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x4, 0xfffb}], 0x2) r1 = semget(0x2, 0x0, 0x40) semop(r0, &(0x7f0000000080)=[{0x0, 0xf584, 0x1800}, {0x0, 0x800, 0x800}, {0x1, 0x0, 0x1800}, {0x4, 0x0, 0x1000}, {0x3, 0x8000}, {0x3, 0xb49}, {0x1, 0x20, 0x1000}, {0x1, 0x9, 0x1000}, {0x4, 0x9, 0x1000}], 0x9) semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000040)=""/48) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r2 = semget(0x2, 0x1, 0x0) semctl$IPC_RMID(r2, 0x0, 0x0) 03:59:08 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000ee5000/0x3000)=nil, 0x3000, 0x2000008, 0x10010, r3, 0xedb94000) 03:59:08 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f0000000040)=[{r0, 0x1}, {r0, 0x8}, {r1, 0x20}], 0x3, 0x3) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) [ 1368.606174][ T8405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1368.606193][ T8405] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1368.606244][ T8405] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1368.606263][ T8405] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1368.606274][ T8405] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1368.606285][ T8405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1368.606296][ T8405] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:09 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0xe00000000000000, 0x0) 03:59:09 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000040), 0x0, 0x100, 0x3) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) ioctl$SNAPSHOT_S2RAM(r1, 0x330b) 03:59:09 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semop(r0, &(0x7f0000000040)=[{0x4, 0x89bb, 0x800}, {0x0, 0x40, 0x800}, {0x0, 0x3, 0x1800}, {0x0, 0x81, 0x1000}, {0x1, 0x1ff}, {0x2, 0x8000, 0x1800}, {0x0, 0xde9b, 0x800}], 0x7) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r1, 0x0, 0x0) 03:59:09 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0xf00000000000000, 0x0) 03:59:09 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$BTRFS_IOC_LOGICAL_INO(r2, 0xc0389424, &(0x7f0000000100)={0x800, 0x50, '\x00', 0x1, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000008, 0x40010, r0, 0x5933e000) 03:59:09 executing program 0 (fault-call:7 fault-nth:9): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:09 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x8, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:09 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x1000000000000000, 0x0) 03:59:09 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r4 = epoll_create1(0x80000) signalfd4(r4, &(0x7f0000000340)={[0x1]}, 0x8, 0x0) lseek(r0, 0x80, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000380), 0x40002, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) poll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x82}, {r6, 0x1004}], 0x2, 0xffffffff) write$binfmt_misc(r5, &(0x7f0000000240)={'syz1', "2ff119697e20ce5d989564b2760b11cc9f41ce60472f16f241297c498173ccead5863a9e548e2ff11a7a2dd2c35b7ede6b3425abadd7cee3adcfd9a4f72ac43b3822dfe0cc9bd70644262ce921ec8bd687c6fb6f72b236d43549f1fcce542d611df79ed31918f37e212303f290961af332f2eae1ba39723e9fb2baceea92351496120659d8ff309c28314ca4b11021a7a0fc2461f04be4e2bdf45ea0b669a567d162daed482a0b05263380ef6b50455de725e6e0aeddd2f4edeac8b79abfe665e8d97e14dab2ceb5d00ceb61bebc00fa827969cd8237d8ff0337b7940f85f14492b72e6d093ec095b463"}, 0xee) faccessat(r3, &(0x7f0000000080)='./file0\x00', 0x10) setxattr$security_ima(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)=@v2={0x7, 0x3, 0x5, 0x1, 0x9, "8c4724f238cb0e6b9d"}, 0x12, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYRES64=r2], 0x78) 03:59:09 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_setup(0x4c5f, &(0x7f0000000240)={0x0, 0xd36c, 0x4, 0x0, 0x3d2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ee7000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ee7000/0x3000)=nil, 0x3000, 0xe, 0x1, {0x0, r4}}, 0x9) r5 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1369.238923][ T8477] FAULT_INJECTION: forcing a failure. [ 1369.238923][ T8477] name failslab, interval 1, probability 0, space 0, times 0 [ 1369.251567][ T8477] CPU: 1 PID: 8477 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1369.251588][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1369.251598][ T8477] Call Trace: [ 1369.251604][ T8477] dump_stack+0x137/0x19d [ 1369.251706][ T8477] should_fail+0x23c/0x250 [ 1369.251720][ T8477] __should_failslab+0x81/0x90 03:59:09 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x1100000000000000, 0x0) [ 1369.287233][ T8477] ? io_issue_sqe+0x418f/0x6080 [ 1369.287320][ T8477] should_failslab+0x5/0x20 [ 1369.287344][ T8477] __kmalloc+0x66/0x360 [ 1369.287362][ T8477] ? rw_verify_area+0x136/0x250 03:59:09 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x1200000000000000, 0x0) [ 1369.287384][ T8477] io_issue_sqe+0x418f/0x6080 [ 1369.287407][ T8477] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1369.287437][ T8477] ? _raw_spin_unlock_irqrestore+0x27/0x40 03:59:09 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x1300000000000000, 0x0) [ 1369.287461][ T8477] ? __io_queue_proc+0x99/0x260 [ 1369.287484][ T8477] ? vga_arb_write+0x17d0/0x17d0 [ 1369.287502][ T8477] ? io_async_queue_proc+0x3f/0x50 [ 1369.287526][ T8477] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1369.287616][ T8477] ? _raw_spin_unlock_irqrestore+0x27/0x40 03:59:09 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x1400000000000000, 0x0) [ 1369.287639][ T8477] ? try_to_wake_up+0x353/0x470 [ 1369.287660][ T8477] ? io_wqe_enqueue+0x457/0x4d0 [ 1369.287677][ T8477] ? io_wq_enqueue+0x3a/0x40 [ 1369.287693][ T8477] ? io_queue_async_work+0x18d/0x230 [ 1369.287782][ T8477] __io_queue_sqe+0xe9/0x3a0 [ 1369.287804][ T8477] io_queue_sqe+0x6d/0x160 [ 1369.287827][ T8477] io_submit_sqe+0x15c7/0x30c0 [ 1369.287850][ T8477] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1369.287948][ T8477] io_submit_sqes+0x61f/0xaf0 [ 1369.287970][ T8477] __se_sys_io_uring_enter+0x217/0xb20 [ 1369.287990][ T8477] ? fput+0x2d/0x130 [ 1369.288232][ T8477] __x64_sys_io_uring_enter+0x74/0x80 [ 1369.288255][ T8477] do_syscall_64+0x34/0x50 [ 1369.288277][ T8477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1369.288304][ T8477] RIP: 0033:0x4665f9 [ 1369.288317][ T8477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1369.288329][ T8477] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1369.288344][ T8477] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1369.288356][ T8477] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1369.288368][ T8477] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1369.288418][ T8477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1369.288429][ T8477] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:09 executing program 2: r0 = semget$private(0x0, 0x3, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x3, 0xbe5a98e917109e58) semtimedop(r1, &(0x7f0000000040)=[{0x2, 0x2}, {0x4, 0x400}, {0x3, 0x9, 0x1800}, {0x2, 0x5, 0x1000}], 0x4, &(0x7f0000000080)={0x77359400}) 03:59:09 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0xff0f000000000000, 0x0) 03:59:09 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0xc) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) close(r1) 03:59:09 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x4) preadv(r2, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/27, 0x1b}, {&(0x7f0000000100)=""/241, 0xf1}, {&(0x7f0000000200)=""/68, 0x44}, {&(0x7f0000000280)=""/242, 0xf2}, {&(0x7f0000000380)=""/224, 0xe0}], 0x5, 0x8000, 0x8000) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x7fff, 0x1000}, {0x0, 0x1}]}) 03:59:09 executing program 0 (fault-call:7 fault-nth:10): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:09 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000100)='.\x00', 0x8000, 0xa0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ppoll(&(0x7f00000001c0)=[{r3, 0x4}, {r0, 0xa0}, {r4, 0x8}, {r5}, {r0, 0x10}], 0x5, &(0x7f0000000240)={0x0, 0x3938700}, &(0x7f0000000280)={[0x5]}, 0x8) [ 1369.739027][ T8525] FAULT_INJECTION: forcing a failure. [ 1369.739027][ T8525] name failslab, interval 1, probability 0, space 0, times 0 [ 1369.751692][ T8525] CPU: 1 PID: 8525 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1369.760362][ T8525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1369.770438][ T8525] Call Trace: [ 1369.773714][ T8525] dump_stack+0x137/0x19d [ 1369.778043][ T8525] should_fail+0x23c/0x250 [ 1369.782452][ T8525] __should_failslab+0x81/0x90 03:59:10 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000080000000001b080000006d"], 0x78) [ 1369.787244][ T8525] ? io_arm_poll_handler+0x15e/0x420 [ 1369.792535][ T8525] should_failslab+0x5/0x20 [ 1369.797048][ T8525] kmem_cache_alloc_trace+0x49/0x320 [ 1369.802330][ T8525] io_arm_poll_handler+0x15e/0x420 [ 1369.807440][ T8525] ? io_wq_enqueue+0x3a/0x40 [ 1369.812026][ T8525] ? io_queue_async_work+0x18d/0x230 [ 1369.817311][ T8525] __io_queue_sqe+0x133/0x3a0 [ 1369.821988][ T8525] io_queue_sqe+0x6d/0x160 [ 1369.826404][ T8525] io_submit_sqe+0x15c7/0x30c0 [ 1369.831197][ T8525] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:10 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x2) [ 1369.836651][ T8525] io_submit_sqes+0x61f/0xaf0 [ 1369.841563][ T8525] __se_sys_io_uring_enter+0x217/0xb20 [ 1369.847051][ T8525] ? fput+0x2d/0x130 [ 1369.850949][ T8525] __x64_sys_io_uring_enter+0x74/0x80 [ 1369.856399][ T8525] do_syscall_64+0x34/0x50 [ 1369.860812][ T8525] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1369.866707][ T8525] RIP: 0033:0x4665f9 03:59:10 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockopt$SO_TIMESTAMP(r2, 0x1, 0x31, &(0x7f0000000040), &(0x7f0000000080)=0x4) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) [ 1369.870595][ T8525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1369.890273][ T8525] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1369.898692][ T8525] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1369.906660][ T8525] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1369.914651][ T8525] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1369.922631][ T8525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1369.930607][ T8525] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:10 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) preadv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f0000001440)=""/250, 0xfa}, {&(0x7f0000001540)=""/26, 0x1a}], 0x2, 0x2, 0x9) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f00000013c0)=[{&(0x7f0000000040)=""/118, 0x76}, {&(0x7f00000000c0)=""/179, 0xb3}, {&(0x7f00000001c0)=""/12, 0xc}, {&(0x7f0000000200)=""/203, 0xcb}, {&(0x7f0000000300)=""/24, 0x18}, {&(0x7f0000000340)=""/73, 0x49}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x7, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYRES64=r2, @ANYRES64, @ANYRESDEC=0x0, @ANYRES16], 0x78) 03:59:10 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x3) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:10 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x3) 03:59:10 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000140), &(0x7f0000000180)) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r5) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f00000001c0)={{0x3, r2, 0xee00, r3, r5, 0x0, 0x7f}, 0x732, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfb}) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x8, 0x1000}, {0x1, 0x8, 0xc00}, {0x4, 0x6, 0x1000}, {0x4, 0x42c, 0x800}], 0x4, &(0x7f0000000080)) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:10 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) fstatfs(r0, &(0x7f0000000040)=""/61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) pread64(r0, &(0x7f0000000080)=""/122, 0x7a, 0x10000) chroot(&(0x7f0000000100)='./file0\x00') 03:59:10 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xb) 03:59:10 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) mmap(&(0x7f00005ac000/0x1000)=nil, 0x1000, 0x1000000, 0x100010, r2, 0xce26000) mmap(&(0x7f00005ab000/0x2000)=nil, 0x2000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b2c21dca10fc2338f2a073bb4d5af605c62e8ca23584cba16dd9d3938000008000069b90980ed891f3350006655a40d8500ce380900000000"], 0x78) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_script(r3, &(0x7f0000000140)={'#! ', './file0', [{0x20, '}*'}, {0x20, '%'}]}, 0x10) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000080)="37d511d8b87564071bf5822ca095991c86aaa3e4c254043ba15780e8bf7b4cdef3e2b04e32a985ca39e9eec89010") 03:59:10 executing program 0 (fault-call:7 fault-nth:11): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1370.366465][ T8589] FAULT_INJECTION: forcing a failure. [ 1370.366465][ T8589] name failslab, interval 1, probability 0, space 0, times 0 [ 1370.379200][ T8589] CPU: 0 PID: 8589 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1370.387881][ T8589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1370.397921][ T8589] Call Trace: [ 1370.401188][ T8589] dump_stack+0x137/0x19d [ 1370.405523][ T8589] should_fail+0x23c/0x250 [ 1370.410036][ T8589] __should_failslab+0x81/0x90 [ 1370.414800][ T8589] ? io_issue_sqe+0x418f/0x6080 [ 1370.419704][ T8589] should_failslab+0x5/0x20 [ 1370.424316][ T8589] __kmalloc+0x66/0x360 [ 1370.428473][ T8589] ? rw_verify_area+0x136/0x250 [ 1370.433329][ T8589] io_issue_sqe+0x418f/0x6080 [ 1370.437992][ T8589] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1370.443361][ T8589] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1370.449170][ T8589] ? __io_queue_proc+0x99/0x260 [ 1370.454109][ T8589] ? flat_send_IPI_mask+0x42/0x70 [ 1370.459137][ T8589] ? vga_arb_write+0x17d0/0x17d0 [ 1370.464079][ T8589] ? io_async_queue_proc+0x3f/0x50 [ 1370.469203][ T8589] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1370.474574][ T8589] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1370.480415][ T8589] ? try_to_wake_up+0x353/0x470 [ 1370.485343][ T8589] ? io_wqe_enqueue+0x485/0x4d0 [ 1370.490309][ T8589] ? io_wq_enqueue+0x3a/0x40 [ 1370.494894][ T8589] ? io_queue_async_work+0x18d/0x230 [ 1370.500231][ T8589] __io_queue_sqe+0xe9/0x3a0 [ 1370.504829][ T8589] io_queue_sqe+0x6d/0x160 [ 1370.509295][ T8589] io_submit_sqe+0x15c7/0x30c0 [ 1370.514088][ T8589] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1370.519540][ T8589] io_submit_sqes+0x61f/0xaf0 [ 1370.524239][ T8589] __se_sys_io_uring_enter+0x217/0xb20 [ 1370.529715][ T8589] ? fput+0x2d/0x130 [ 1370.533623][ T8589] __x64_sys_io_uring_enter+0x74/0x80 [ 1370.539065][ T8589] do_syscall_64+0x34/0x50 [ 1370.543483][ T8589] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1370.549378][ T8589] RIP: 0033:0x4665f9 [ 1370.553258][ T8589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1370.572866][ T8589] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1370.581279][ T8589] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1370.589256][ T8589] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1370.597228][ T8589] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1370.605199][ T8589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:10 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4007, @fd=r0, 0x3, 0x0, 0x0, 0x4, 0x0, {0x1}}, 0x8001) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/cgroups\x00', 0x0, 0x0) io_uring_enter(r3, 0x63a9, 0xb56b, 0x0, &(0x7f0000000240)={[0x5]}, 0x8) 03:59:10 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xc) 03:59:10 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) write(r4, &(0x7f0000000080)="1f0000000104ff00fd4354c007110000f30501000800017f16c6d23d371779", 0x10001) socket$nl_netfilter(0x10, 0x3, 0xc) splice(r3, 0x0, r5, 0x0, 0x4ffe0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:10 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0xc0506617, &(0x7f0000000080)={@id={0x2, 0x0, @b}, 0x40, 0x0, '\x00', @a}) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1ba077da6a738b8332fd13bfaed05b073b0000080000000009000000000008080000016d0000"], 0x78) 03:59:10 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xd) [ 1370.613168][ T8589] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:10 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xe) 03:59:10 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x10001}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xd4}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44090}, 0x40001) [ 1370.695757][ T8618] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1370.859225][ T8622] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. 03:59:11 executing program 0 (fault-call:7 fault-nth:12): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:11 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="06000000ae0000000000000000090000000000000800000066"], 0x78) vmsplice(r1, &(0x7f0000000040), 0x0, 0x6) 03:59:11 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xf) 03:59:11 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget(0x1, 0x1, 0x10) semop(r1, &(0x7f0000000000)=[{0x2, 0x80}, {0x1, 0xf800}], 0x2) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r1, &(0x7f0000000080)=[{0x2, 0x3, 0x800}, {0x0, 0x8, 0x1000}, {0x2, 0x8, 0x800}, {0x1, 0x8, 0x1000}, {0x3, 0x3, 0x800}, {0x4, 0x3ff, 0x800}, {0x1, 0x2d, 0x800}], 0x7) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r2, &(0x7f0000000040)=[{0x3, 0x2, 0x800}, {0x3, 0xe123}, {0x1, 0x6, 0x1000}, {0x0, 0x7, 0x1800}], 0x4) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:11 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000040)='%)%\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = perf_event_open(&(0x7f0000001900)={0x5, 0x80, 0xfa, 0x1, 0x1f, 0x5, 0x0, 0xfb, 0x59000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x7282, 0x3, @perf_bp={&(0x7f00000018c0), 0xc}, 0xa, 0x7fffffff, 0x5, 0x5, 0x2, 0x5, 0x0, 0x0, 0x3, 0x0, 0xadc}, 0xffffffffffffffff, 0x8, r1, 0x1) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000001980)=0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r5 = eventfd2(0xb7, 0x1) r6 = openat$vga_arbiter(0xffffffffffffff9c, 0xfffffffffffffffc, 0x800, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) pipe(&(0x7f00000019c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r10, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) sendmmsg$unix(r1, &(0x7f0000001d80)=[{&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000140)="0ddc9398251bdd", 0x7}, {&(0x7f00000001c0)="cfc346c87c1be7e1592d62a721fbff587e1117eecf2bea4c37b2ce138587d88bbb17ab75f8d1d6c3972b948648cd52e46bd573482bb90c338912d58662ddc168a5806cd5fd0966ce54365366a51f9a1bd19da8a77d4b11248c220d2ca987446782355e48af37aaf856862bcf696ec01149c27a4a0c0a1bab1a5614dfc21f2e266ea578986b48832e8bc94e9bd23c040cf1bd44241e24af57f8cfc8eb67693c71645c3cefaf5abb5033bf3866", 0xac}, {&(0x7f0000000280)="3ea0ff12522e3f2eadcef4558c30b45136eeb9a013788ece136a333613fb9b61d67430e819a5f231fafe0998c8814e687f89dcb55a03c0d2f45c79d4c067d531a0d2570b1c846e1f5b360da2153fa65342167a46bb21e5dc913794153cb794134c358549809d180c94bc11b9b6e35202d1d24da97747cdc7f9ad663d97c9be27110a902a74f3c9b1b843dcd9dd3a88be6bdf8dffc6f616a4e58c9f741ad7d51229b571ae7bd834380d825e2b4eda7baf4e6289", 0xb3}, {&(0x7f0000000340)="9bd859098f1291554e23c5de9f928bb89d82aba6789d2fe16a7c03f4a92faf4094468cde88", 0x25}], 0x4, 0x0, 0x0, 0x1}, {&(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000680)=[{&(0x7f0000000440)="ce8f8934cb4195eaa361ca8914cbea4668c44b3e0c7f5b137708760644a2049b6c5fc7ef81604109d4402bd7f82d3e185c6d5af2585cdd5137bd0d2ce67c4802b29dfffaac4e766ef8584c0917b347ee9d706741bab2be14f7911f8a71e629b17c85c6ea8c3568bd30ce5656877ffe0493ab8a4ad1ddd3", 0x77}, {&(0x7f00000004c0)="5f94668f567e6d34f8774efe4a23c3846f6038fafc81e20f54ccd3311bcbf68c7d4badfb07b15cb1b9f72d6f4a0bfb035f32149295861892ce03f3387eb1ba52f88d81e2ecfc392a96bf15913ae5064d49dad42d5f797808f610e70f0cd7a397192ed9dedd8a148a5d8f6119d73bfee6fd344ee7d868f15a684cc7d09fb40f4ebbbec27396a5264a7795381add82247056be671d17f91e4bda9b595764a3164ce80ff09600498e17fbf636630587e2e17736188d647fe5786ae39a9bb655e8966059fd67d3b6b1c8b6dd21e3252bec09fa1239d73a8c27d0c1ae51a51e3e5a60c1897b7b0f83dd4ccb2391ee71f67b8f0ad3c911e63b03abc5f5975b29be", 0xfe}, {&(0x7f00000005c0)="a78d75399e180c3a585e3c1009b97499c16adabf3f98122729714d07e2ec45d3d7dfc2d6b1dbe5d027c12faaf08b5e62aeeb7f5313cde01fd952637ded203aa9b3752b0ddb413a78aa942acc94ee72e70cdab767367cd643a354d2a3f39bea9f4caca77b09f0bfd6be0a94764a6f6c56403fe46f08fe08540e47a4f5b018396ebb9f", 0x82}], 0x3, &(0x7f0000001a00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, 0xee00}}}, @rights={{0x20, 0x1, 0x1, [r0, r1, r0, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xee00}}}, @rights={{0x28, 0x1, 0x1, [r1, 0xffffffffffffffff, r1, r0, r2, r0]}}, @cred={{0x1c, 0x1, 0x2, {r3, 0xee01, 0xee00}}}, @rights={{0x30, 0x1, 0x1, [r4, r1, r5, r6, r7, r8, r1, r9]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r10]}}], 0x148, 0x20000001}, {&(0x7f0000001b80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001d00)=[{&(0x7f0000001c00)="913aea099017e7a758e4975ff866b71e76e4b4043a6d335cbfe00ad9cd727a9bb84bd35a0426a033a13a8bec5a51943b9ba198d65b2d22804c1f1672d376b611844266b79a9b820d3c3222216a917775ff2b740c4fedbbae0efefa9c0947bf1277582ac592679ac4aa04e7a0369be3f87efda9caef11f096f0a59857ed258190c036000ab6f279dfe6ba32aa38a8d1108a6db941949323207207d4cb944f46a1fbb58788435c705070901235c69556e733b16b433437f98c86710a6004080ed38e8f", 0xc2}], 0x1, &(0x7f0000001d40), 0x0, 0x10}], 0x3, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:11 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x130, r1, 0x329, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_IE={0x106, 0x2a, [@measure_req={0x26, 0x100, {0x0, 0x0, 0x0, "369eddbb15a30143481faccb067077d8054ade3b2750e35b561af9b1e3e91d0daf4174768fa8fda714806888755657e13ed4c1d7ca48783b59e4dc150c780e836497c88fe55eeb3c2c617e1d319f3206f0adaa6073ae4e05118a358f64deae3a833764e5c2f7fdefa446a5da1303b22c8374ce5ed250de7dd1e30d2a30d78b9da2681b2207be5074c82d2a10a67a8dd84187459eb54b8ed5a29e9cc9af1f80dd6eff21629cbfa23aaf9ce9e4c23a1bf20e1706ad6b898fa63f118833d71a59389976c91efeeebc1b9d2da95001d22c17dce05bea07a1d426d13b16de6aa540367a0fbfa97f49b85008a6fee37516d9759207ddd76d60d86d6a141b263b"}}]}]}, 0x130}}, 0x0) sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x34, r1, 0xc1c, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1400000, 0x26}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x34}}, 0x8051) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000380), 0x450080, 0x0) r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000400), r0) sendmsg$SMC_PNETID_GET(r2, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, r3, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4800) r4 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r4, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1371.014454][ T8645] FAULT_INJECTION: forcing a failure. [ 1371.014454][ T8645] name failslab, interval 1, probability 0, space 0, times 0 [ 1371.027125][ T8645] CPU: 0 PID: 8645 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 03:59:11 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x10) [ 1371.027144][ T8645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1371.027238][ T8645] Call Trace: [ 1371.027245][ T8645] dump_stack+0x137/0x19d [ 1371.027267][ T8645] should_fail+0x23c/0x250 [ 1371.027284][ T8645] __should_failslab+0x81/0x90 [ 1371.027311][ T8645] ? io_arm_poll_handler+0x15e/0x420 [ 1371.027335][ T8645] should_failslab+0x5/0x20 03:59:11 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x11) [ 1371.027383][ T8645] kmem_cache_alloc_trace+0x49/0x320 [ 1371.027423][ T8645] io_arm_poll_handler+0x15e/0x420 [ 1371.027451][ T8645] ? io_wq_enqueue+0x3a/0x40 [ 1371.027468][ T8645] ? io_queue_async_work+0x18d/0x230 03:59:11 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x12) [ 1371.027560][ T8645] __io_queue_sqe+0x133/0x3a0 [ 1371.027603][ T8645] io_queue_sqe+0x6d/0x160 [ 1371.027624][ T8645] io_submit_sqe+0x15c7/0x30c0 [ 1371.027707][ T8645] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:11 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x13) 03:59:11 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_setup(0x1b7a, &(0x7f0000000380)={0x0, 0x3577, 0x20, 0x0, 0x2b8, 0x0, r3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000400), &(0x7f0000000440)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = fsmount(0xffffffffffffffff, 0x1, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r4, 0x10000000) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) getsockopt$packet_int(r4, 0x107, 0x9, &(0x7f0000000300), &(0x7f0000000340)=0x4) syz_io_uring_submit(r1, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r4, &(0x7f0000000240)={0x2480, 0x10, 0x5}, &(0x7f0000000280)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r6}}, 0xff) r7 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1800002, 0x4010, r7, 0x0) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r8 = syz_open_dev$vcsn(&(0x7f0000000100), 0x7ffd, 0x404000) io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, &(0x7f00000001c0)=r8, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1371.027721][ T8645] io_submit_sqes+0x61f/0xaf0 [ 1371.027823][ T8645] __se_sys_io_uring_enter+0x217/0xb20 03:59:11 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x14) [ 1371.027846][ T8645] ? __fpregs_load_activate+0x8f/0x1b0 [ 1371.027869][ T8645] __x64_sys_io_uring_enter+0x74/0x80 [ 1371.027889][ T8645] do_syscall_64+0x34/0x50 [ 1371.027991][ T8645] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1371.028014][ T8645] RIP: 0033:0x4665f9 [ 1371.028026][ T8645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:59:11 executing program 0 (fault-call:7 fault-nth:13): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1371.028042][ T8645] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1371.028059][ T8645] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1371.028071][ T8645] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1371.028082][ T8645] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1371.028169][ T8645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1371.028181][ T8645] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1371.491682][ T8692] FAULT_INJECTION: forcing a failure. [ 1371.491682][ T8692] name failslab, interval 1, probability 0, space 0, times 0 [ 1371.491717][ T8692] CPU: 0 PID: 8692 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1371.491743][ T8692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1371.491754][ T8692] Call Trace: [ 1371.491761][ T8692] dump_stack+0x137/0x19d [ 1371.491787][ T8692] should_fail+0x23c/0x250 [ 1371.491803][ T8692] __should_failslab+0x81/0x90 [ 1371.491821][ T8692] ? io_issue_sqe+0x418f/0x6080 [ 1371.491840][ T8692] should_failslab+0x5/0x20 [ 1371.565052][ T8692] __kmalloc+0x66/0x360 [ 1371.565074][ T8692] ? rw_verify_area+0x136/0x250 [ 1371.565146][ T8692] io_issue_sqe+0x418f/0x6080 [ 1371.565168][ T8692] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1371.584174][ T8692] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1371.584200][ T8692] ? __io_queue_proc+0x99/0x260 [ 1371.584219][ T8692] ? vga_arb_write+0x17d0/0x17d0 [ 1371.584238][ T8692] ? io_async_queue_proc+0x3f/0x50 [ 1371.584287][ T8692] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1371.584308][ T8692] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1371.616059][ T8692] ? try_to_wake_up+0x353/0x470 [ 1371.616084][ T8692] ? io_wqe_enqueue+0x457/0x4d0 [ 1371.616099][ T8692] ? io_wq_enqueue+0x3a/0x40 [ 1371.616113][ T8692] ? io_queue_async_work+0x18d/0x230 [ 1371.635594][ T8692] __io_queue_sqe+0xe9/0x3a0 [ 1371.635625][ T8692] io_queue_sqe+0x6d/0x160 [ 1371.635642][ T8692] io_submit_sqe+0x15c7/0x30c0 [ 1371.635660][ T8692] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1371.635676][ T8692] io_submit_sqes+0x61f/0xaf0 [ 1371.635733][ T8692] __se_sys_io_uring_enter+0x217/0xb20 [ 1371.635750][ T8692] __x64_sys_io_uring_enter+0x74/0x80 [ 1371.635770][ T8692] do_syscall_64+0x34/0x50 [ 1371.635843][ T8692] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1371.635930][ T8692] RIP: 0033:0x4665f9 [ 1371.635943][ T8692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1371.635961][ T8692] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1371.635981][ T8692] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1371.635991][ T8692] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1371.636003][ T8692] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1371.636015][ T8692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1371.636028][ T8692] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:12 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x300) 03:59:12 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0x0, 0x3}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000100), 0xe994, 0x602001) write$vga_arbiter(r3, &(0x7f00000001c0)=@target={'target ', {'PCI:', 'f', ':', 'b', ':', '0', '.', '1'}}, 0x13) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x482) tee(r4, r3, 0x8, 0x8) write$vga_arbiter(r3, &(0x7f0000000280)=@target={'target ', {'PCI:', '7', ':', '2', ':', '1e', '.', '3'}}, 0x14) 03:59:12 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100), 0x0, 0x0) 03:59:12 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:12 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_mount_image$msdos(&(0x7f0000000480), &(0x7f00000004c0)='./file0\x00', 0x8, 0x3, &(0x7f00000005c0)=[{0xfffffffffffffffe, 0x0, 0x5}, {&(0x7f0000000500)="851c604eba5ff42d050666879037aa4678dc71feb825b6da6d5affc8f09d737a794e0a18705e1da0e40d7df479e1bc2631ffb719c2c40889dff311d8061b3057c15e28689b30d6c82c2e382a14c23b88f4d0672dedcec0536a84b7361938f7eeb30bb694969b765953e80e1eff5adc833c13ab8275893a167e2b45dc", 0x7c, 0x3}, {&(0x7f0000000580)=':', 0x1, 0x6000000}], 0x200008, &(0x7f0000000640)={[{@dots}, {@fat=@nfs_nostale_ro}, {@nodots}], [{@measure}, {@fsmagic={'fsmagic', 0x3d, 0xef7}}, {@obj_type={'obj_type', 0x3d, '$'}}, {@smackfshat={'smackfshat', 0x3d, 'ip6gre0\x00'}}]}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x7}}) readahead(r2, 0xfffffffffffffeff, 0xe9c) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x10401, 0x0) preadv(r3, &(0x7f0000000280)=[{&(0x7f0000000080)=""/209, 0xd1}, {&(0x7f00000001c0)=""/144, 0x90}], 0x2, 0x1, 0x5) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r4 = accept4(r2, &(0x7f0000000300)=@hci, &(0x7f0000000380)=0x80, 0x800) sendto(r4, &(0x7f00000003c0)="dc059ad93ad6a2b6a2", 0x9, 0x4010, &(0x7f0000000400)=@l2tp6={0xa, 0x0, 0x7, @mcast1, 0x1, 0x2}, 0x80) r5 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$PIO_UNISCRNMAP(r5, 0x4b6a, &(0x7f00000002c0)="b18e9443fb3fcee21295acd81e6842ba1f9c668636242a2e8fd606bd7ba5119ba61f7bc46eee155237b8f273f1d144") 03:59:12 executing program 0 (fault-call:7 fault-nth:14): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:12 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xb00) [ 1371.914810][ T8729] loop3: detected capacity change from 0 to 264192 [ 1371.916610][ T8729] FAT-fs (loop3): Unrecognized mount option "measure" or missing value [ 1371.937354][ T8735] FAULT_INJECTION: forcing a failure. [ 1371.937354][ T8735] name failslab, interval 1, probability 0, space 0, times 0 03:59:12 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xc00) 03:59:12 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xd00) [ 1371.937433][ T8735] CPU: 1 PID: 8735 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 03:59:12 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x2c, r3, 0x701, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}]}, 0x2c}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private2}}, &(0x7f00000001c0)=0xe8) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000340)={0x0, @loopback, @loopback}, &(0x7f0000000380)=0xc) r6 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r6, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r6, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r8 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r7}) r9 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r9, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r11 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r11, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r10}) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000600)={&(0x7f00000003c0)={0x240, r3, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x90, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}]}, 0x240}, 0x1, 0x0, 0x0, 0x11}, 0x40004) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:12 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xe00) [ 1371.937452][ T8735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1371.937460][ T8735] Call Trace: [ 1371.937466][ T8735] dump_stack+0x137/0x19d [ 1371.937538][ T8735] should_fail+0x23c/0x250 03:59:12 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xf00) [ 1371.937555][ T8735] __should_failslab+0x81/0x90 [ 1371.937576][ T8735] ? io_arm_poll_handler+0x15e/0x420 [ 1371.937597][ T8735] should_failslab+0x5/0x20 03:59:12 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1100) [ 1371.937617][ T8735] kmem_cache_alloc_trace+0x49/0x320 [ 1371.937641][ T8735] io_arm_poll_handler+0x15e/0x420 [ 1371.937719][ T8735] ? io_wq_enqueue+0x3a/0x40 03:59:12 executing program 0 (fault-call:7 fault-nth:15): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1371.937734][ T8735] ? io_queue_async_work+0x18d/0x230 [ 1371.937754][ T8735] __io_queue_sqe+0x133/0x3a0 [ 1371.937770][ T8735] io_queue_sqe+0x6d/0x160 [ 1371.937844][ T8735] io_submit_sqe+0x15c7/0x30c0 [ 1371.937914][ T8735] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1371.938011][ T8735] io_submit_sqes+0x61f/0xaf0 [ 1371.938030][ T8735] __se_sys_io_uring_enter+0x217/0xb20 [ 1371.938105][ T8735] ? fput+0x2d/0x130 [ 1371.938123][ T8735] __x64_sys_io_uring_enter+0x74/0x80 [ 1371.938140][ T8735] do_syscall_64+0x34/0x50 [ 1371.938159][ T8735] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1371.938184][ T8735] RIP: 0033:0x4665f9 [ 1371.938196][ T8735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1371.938285][ T8735] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1371.938304][ T8735] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1371.938317][ T8735] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1371.938329][ T8735] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1371.938342][ T8735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1371.938354][ T8735] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1372.309005][ T8771] FAULT_INJECTION: forcing a failure. [ 1372.309005][ T8771] name failslab, interval 1, probability 0, space 0, times 0 [ 1372.309104][ T8771] CPU: 0 PID: 8771 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1372.309119][ T8771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1372.309204][ T8771] Call Trace: [ 1372.309210][ T8771] dump_stack+0x137/0x19d [ 1372.309228][ T8771] should_fail+0x23c/0x250 [ 1372.309300][ T8771] __should_failslab+0x81/0x90 [ 1372.309321][ T8771] ? io_issue_sqe+0x418f/0x6080 [ 1372.309345][ T8771] should_failslab+0x5/0x20 [ 1372.309368][ T8771] __kmalloc+0x66/0x360 [ 1372.309406][ T8771] ? rw_verify_area+0x136/0x250 [ 1372.309422][ T8771] io_issue_sqe+0x418f/0x6080 [ 1372.309478][ T8771] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1372.309501][ T8771] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1372.309524][ T8771] ? __io_queue_proc+0x99/0x260 [ 1372.309548][ T8771] ? vga_arb_write+0x17d0/0x17d0 [ 1372.309582][ T8771] ? io_async_queue_proc+0x3f/0x50 [ 1372.309621][ T8771] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1372.309644][ T8771] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1372.309668][ T8771] ? try_to_wake_up+0x353/0x470 [ 1372.309690][ T8771] ? io_wqe_enqueue+0x457/0x4d0 [ 1372.309720][ T8771] ? io_wq_enqueue+0x3a/0x40 [ 1372.309732][ T8771] ? io_queue_async_work+0x18d/0x230 [ 1372.309751][ T8771] __io_queue_sqe+0xe9/0x3a0 [ 1372.309771][ T8771] io_queue_sqe+0x6d/0x160 [ 1372.309868][ T8771] io_submit_sqe+0x15c7/0x30c0 [ 1372.309897][ T8771] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1372.309960][ T8771] io_submit_sqes+0x61f/0xaf0 [ 1372.309978][ T8771] __se_sys_io_uring_enter+0x217/0xb20 [ 1372.310070][ T8771] ? fput+0x2d/0x130 [ 1372.310127][ T8771] __x64_sys_io_uring_enter+0x74/0x80 [ 1372.310149][ T8771] do_syscall_64+0x34/0x50 [ 1372.310192][ T8771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1372.310216][ T8771] RIP: 0033:0x4665f9 [ 1372.310229][ T8771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1372.310245][ T8771] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1372.310261][ T8771] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 03:59:13 executing program 2: r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000c00), 0x80000) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000c40)={'syz_tun\x00'}) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0xa000, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000b00)={{{@in=@broadcast, @in6=@mcast1}}, {{@in=@empty}, 0x0, @in6=@mcast1}}, 0xfffffffffffffffc) recvmmsg(r1, &(0x7f0000000a00)=[{{&(0x7f0000000140)=@ax25={{}, [@default, @rose, @remote, @rose, @rose, @bcast, @remote, @netrom]}, 0x80, &(0x7f0000000640)=[{&(0x7f00000000c0)}, {&(0x7f00000001c0)=""/166, 0xa6}, {&(0x7f0000000280)=""/170, 0xaa}, {&(0x7f0000000340)=""/242, 0xf2}, {&(0x7f0000000440)=""/15, 0xf}, {&(0x7f0000000480)=""/158, 0x9e}, {&(0x7f0000000540)=""/241, 0xf1}], 0x7}, 0x6}, {{&(0x7f00000006c0)=@pppol2tp, 0x80, &(0x7f0000000900)=[{&(0x7f0000000740)=""/206, 0xce}, {&(0x7f0000000840)=""/144, 0x90}], 0x2, &(0x7f0000000940)=""/189, 0xbd}, 0x5}], 0x2, 0x100, &(0x7f0000000a80)={0x0, 0x989680}) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r3, &(0x7f0000000040)=[{0x0, 0x2, 0x1800}, {0x1, 0x5}, {0x0, 0x9, 0x800}, {0x2, 0x8, 0x3000}], 0x4, &(0x7f0000000ac0)={0x0, 0x3938700}) 03:59:13 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write(r2, &(0x7f0000000040)="ef9aabb5df279661a9a0cc7ff0e9d90a38bd7997b49ee78ccf42659f18389c906a816e", 0x23) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:13 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1200) 03:59:13 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) write$binfmt_elf64(r0, &(0x7f0000001840)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x91, 0x7, 0x92, 0x6, 0x3, 0x6, 0x8, 0x171, 0x40, 0x32e, 0x80, 0x9e, 0x38, 0x1, 0x389, 0x0, 0x61d}, [{0x6, 0x12, 0x3f, 0xafdb, 0xffffffffffff2f5f, 0x1, 0xffffffffffffffff, 0x1a22}], "201f67d1dbdcd01d4459cbce67c74c9af7f9a0c45ba5f0fc708c27dc99c2a6013088a83c9cca6e7336919205a39c23b4d23c7036ac1468fe1a4761b79ccfb0d34af5505cc166510f86bee98f4cbf36cd7a63ab47910fb797288db5570821aa29aa1986592b539592c45799a250fa1aa4df03afb16bb7747b65b9d2cbebda05461c4d3c", ['\x00', '\x00']}, 0x2fb) preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000001500)=""/236, 0xec}, {&(0x7f0000001600)=""/144, 0x90}, {&(0x7f00000016c0)=""/182, 0xb6}, {&(0x7f0000001780)=""/164, 0xa4}], 0x4, 0x7, 0x3a4f) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000001480)=[{&(0x7f0000000240)=""/193, 0xc1}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000000100)=""/13, 0xd}, {&(0x7f0000001340)=""/110, 0x6e}, {&(0x7f00000013c0)=""/178, 0xb2}], 0x5) 03:59:13 executing program 0 (fault-call:7 fault-nth:16): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:13 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000040)=""/56, 0x38}, {&(0x7f0000000080)=""/14, 0xe}, {&(0x7f00000000c0)=""/181, 0xb5}, {&(0x7f00000001c0)=""/96, 0x60}, {&(0x7f0000000240)=""/96, 0x60}, {&(0x7f00000002c0)=""/109, 0x6d}, {&(0x7f0000000340)=""/184, 0xb8}], 0x7, 0x5780000, 0x5) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080001000000000000000000080000006d"], 0x78) [ 1372.310270][ T8771] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1372.310280][ T8771] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1372.310294][ T8771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1372.310306][ T8771] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1372.748421][ T8751] loop3: detected capacity change from 0 to 264192 [ 1372.860375][ T8806] FAULT_INJECTION: forcing a failure. [ 1372.860375][ T8806] name failslab, interval 1, probability 0, space 0, times 0 [ 1372.873036][ T8806] CPU: 1 PID: 8806 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1372.881770][ T8806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1372.891811][ T8806] Call Trace: [ 1372.895073][ T8806] dump_stack+0x137/0x19d [ 1372.899419][ T8806] should_fail+0x23c/0x250 [ 1372.903818][ T8806] __should_failslab+0x81/0x90 [ 1372.908649][ T8806] ? io_arm_poll_handler+0x15e/0x420 [ 1372.913917][ T8806] should_failslab+0x5/0x20 [ 1372.918401][ T8806] kmem_cache_alloc_trace+0x49/0x320 [ 1372.923666][ T8806] io_arm_poll_handler+0x15e/0x420 [ 1372.928864][ T8806] ? io_wq_enqueue+0x3a/0x40 [ 1372.933433][ T8806] ? io_queue_async_work+0x18d/0x230 [ 1372.938700][ T8806] __io_queue_sqe+0x133/0x3a0 [ 1372.943358][ T8806] io_queue_sqe+0x6d/0x160 [ 1372.947756][ T8806] io_submit_sqe+0x15c7/0x30c0 [ 1372.952589][ T8806] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1372.958075][ T8806] io_submit_sqes+0x61f/0xaf0 [ 1372.962743][ T8806] __se_sys_io_uring_enter+0x217/0xb20 [ 1372.968184][ T8806] ? fput+0x2d/0x130 [ 1372.972087][ T8806] __x64_sys_io_uring_enter+0x74/0x80 [ 1372.977454][ T8806] do_syscall_64+0x34/0x50 [ 1372.981877][ T8806] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1372.987755][ T8806] RIP: 0033:0x4665f9 [ 1372.991628][ T8806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1373.011261][ T8806] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1373.019654][ T8806] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1373.027607][ T8806] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1373.035658][ T8806] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1373.043631][ T8806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1373.051585][ T8806] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:13 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) fsetxattr$security_capability(r2, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{0x6, 0x20}, {0x3ff, 0x800}]}, 0x14, 0x2) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$cgroup_ro(r3, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) 03:59:13 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1300) 03:59:13 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1400) 03:59:13 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:13 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_elf64(r3, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0x78) 03:59:13 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xff0f) 03:59:13 executing program 2: r0 = syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x4ec, 0x1, &(0x7f0000000240)=[{&(0x7f00000001c0)="151762e8fbce74a868a5bee53cf7b4751a127907c9adaa418e1960896762e01198f9f11e1739331a81cc3248bdbbc06f714efcce6059e3c46c4058cb13b0f7d47635679eae328333cef341b472a65ad3cdfcd9081c47c4200e61b9d8d2324a7d192e5cec29d7796aedf7", 0x6a, 0x5}], 0x1002000, &(0x7f0000000040)={[{@gid}, {@sbsector={'sbsector', 0x3d, 0x400}}, {@map_off}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@dmode={'dmode', 0x3d, 0x401}}, {@map_acorn}], [{@smackfstransmute}, {@hash}, {@smackfshat={'smackfshat', 0x3d, '\xbc'}}]}) fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:13 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(r1, &(0x7f0000000040)='./file0\x00', 0x0, 0x40) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:13 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b070f3938000008000000010000000000001b080000006d"], 0x78) 03:59:13 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1000000) 03:59:13 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40000) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000001c0)={0x1, 0x0, &(0x7f0000000100)=[r3]}, 0x1) 03:59:13 executing program 0 (fault-call:7 fault-nth:17): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1373.710325][ T8866] FAULT_INJECTION: forcing a failure. [ 1373.710325][ T8866] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.722972][ T8866] CPU: 1 PID: 8866 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1373.731648][ T8866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1373.741696][ T8866] Call Trace: [ 1373.744995][ T8866] dump_stack+0x137/0x19d [ 1373.749330][ T8866] should_fail+0x23c/0x250 [ 1373.753744][ T8866] __should_failslab+0x81/0x90 [ 1373.758506][ T8866] should_failslab+0x5/0x20 [ 1373.763079][ T8866] kmem_cache_alloc_bulk+0x40/0x380 [ 1373.768338][ T8866] io_submit_sqes+0x515/0xaf0 [ 1373.773022][ T8866] __se_sys_io_uring_enter+0x217/0xb20 [ 1373.778480][ T8866] ? fput+0x2d/0x130 [ 1373.782381][ T8866] __x64_sys_io_uring_enter+0x74/0x80 [ 1373.787750][ T8866] do_syscall_64+0x34/0x50 [ 1373.792164][ T8866] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1373.798064][ T8866] RIP: 0033:0x4665f9 03:59:14 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x2000000) [ 1373.801947][ T8866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1373.821641][ T8866] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1373.830057][ T8866] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1373.838027][ T8866] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1373.845989][ T8866] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:14 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000000)="72d90bbd59b8115b637270387208ea22a4099274c7628056f728a7469989fbd27c1b1f233d43cc1ed5ef12f41a3b6aeb610087ec802a8164d751df416382b8046254903599189781f0b5a25348c42be626b9d1fcbcc501b5b5978389db288ac5b7e5ba0a35f1e78c69894db3e7cc0ad4d18c279c31f11ad873e737") mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x78) sendmsg$NL80211_CMD_STOP_NAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200c00}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0xe04, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x100, 0x2}}}}, ["", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40050}, 0x20004004) [ 1373.853957][ T8866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1373.861917][ T8866] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:14 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100), 0x0, 0x0) semop(r0, &(0x7f0000000040)=[{0x1, 0x1}], 0x1) 03:59:14 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x3000000) 03:59:14 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/61, 0x3d}, {0xffffffffffffffff}, {&(0x7f0000000080)=""/243, 0xf3}], 0x3, 0x9, 0x3) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:14 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f00000000c0)={0x9, &(0x7f0000000080)=[{0x7, 0x7}, {0x4, 0xff23}, {0x0, 0x1f}, {0x4, 0x6}, {0x1f, 0x4000}, {0x3ff, 0x8000}, {0x3, 0x40}, {0xffff, 0x55}, {0x6, 0x4}]}) 03:59:14 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xb000000) 03:59:14 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b5b073b3938100e08000000000900020009000008000087161bd13de88aa5acf68e00366439d22f3941ab056a191e5f26ef2400abf689036c90bb9039591d0bc7c9aed8d70d9f8d77927a684fea4b7f453b9ee0d30ec6413696f1ab8581ea0d2192dfc6000000000e3b8fc2ba8c5a7b08ab2188b20a1a972a24ab291a386f9caebcdac3026042c4acef9439c2700957e680fe05e77ede4043905a4542bd9bce86fb7da6c4485155571ebe55980e760fe9be815429251c1f3e2a5e85d0820ae8f20571a0d2873d6682b2dbe83e6c15d7017647998567237fee0312fac54f0b984266fe0abbaa48b494bb2650f9979822eff13b"], 0x78) mmap(&(0x7f00004bf000/0x1000)=nil, 0x1000, 0x3000000, 0x50, r1, 0xc1ce5000) 03:59:14 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xc000000) 03:59:14 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0xc810, r2, 0xfffff000) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x1) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008010000000000000000001b080000006d"], 0x78) 03:59:14 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$vga_arbiter(r3, &(0x7f0000000100)=@target={'target ', {'PCI:', '5', ':', '9', ':', '4', '.', '1e'}}, 0x14) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x204100, 0x0) write$vga_arbiter(r4, &(0x7f0000000240)=@unlock_all, 0xb) 03:59:14 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xd000000) 03:59:14 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xdc140, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) sendto(r1, &(0x7f0000000040)="44c53fe180a0617e4d9c38f5d4120042ed264ecdb43bdb402af3247e7b4f032379e63ae0d0066d6afd82618e07b1e61ba35409d19562d05730bd36c4168995", 0x3f, 0x4, &(0x7f0000000080)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x40}, 0x80) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000090000000000de7c0000006d"], 0x78) 03:59:14 executing program 0 (fault-call:7 fault-nth:18): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1374.412611][ T8952] FAULT_INJECTION: forcing a failure. [ 1374.412611][ T8952] name failslab, interval 1, probability 0, space 0, times 0 [ 1374.425263][ T8952] CPU: 1 PID: 8952 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1374.433932][ T8952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1374.444047][ T8952] Call Trace: [ 1374.447324][ T8952] dump_stack+0x137/0x19d [ 1374.451676][ T8952] should_fail+0x23c/0x250 [ 1374.456094][ T8952] __should_failslab+0x81/0x90 [ 1374.460863][ T8952] ? io_issue_sqe+0x418f/0x6080 [ 1374.465739][ T8952] should_failslab+0x5/0x20 [ 1374.470251][ T8952] __kmalloc+0x66/0x360 [ 1374.474402][ T8952] ? rw_verify_area+0x136/0x250 [ 1374.479251][ T8952] io_issue_sqe+0x418f/0x6080 [ 1374.484210][ T8952] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1374.489591][ T8952] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1374.495518][ T8952] ? __io_queue_proc+0x99/0x260 [ 1374.500415][ T8952] ? vga_arb_write+0x17d0/0x17d0 [ 1374.505354][ T8952] ? io_async_queue_proc+0x3f/0x50 [ 1374.510471][ T8952] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1374.515843][ T8952] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1374.521720][ T8952] ? try_to_wake_up+0x353/0x470 [ 1374.526584][ T8952] ? io_wqe_enqueue+0x457/0x4d0 [ 1374.531491][ T8952] ? io_wq_enqueue+0x3a/0x40 [ 1374.536071][ T8952] ? io_queue_async_work+0x18d/0x230 [ 1374.541462][ T8952] __io_queue_sqe+0xe9/0x3a0 [ 1374.546059][ T8952] io_queue_sqe+0x6d/0x160 [ 1374.550512][ T8952] io_submit_sqe+0x15c7/0x30c0 [ 1374.555283][ T8952] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1374.560792][ T8952] io_submit_sqes+0x61f/0xaf0 [ 1374.565469][ T8952] __se_sys_io_uring_enter+0x217/0xb20 [ 1374.570935][ T8952] ? fput+0x2d/0x130 [ 1374.574892][ T8952] __x64_sys_io_uring_enter+0x74/0x80 [ 1374.580273][ T8952] do_syscall_64+0x34/0x50 [ 1374.584700][ T8952] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1374.590667][ T8952] RIP: 0033:0x4665f9 [ 1374.594560][ T8952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1374.614197][ T8952] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1374.622613][ T8952] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1374.630603][ T8952] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1374.638649][ T8952] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1374.646683][ T8952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1374.654661][ T8952] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:15 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000040)=[{0x4, 0x40, 0x1400}], 0x1, &(0x7f0000000080)={0x0, 0x989680}) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f00000000c0)=[{0x1, 0x1, 0x800}, {0x0, 0x0, 0x800}, {0x4, 0x6340, 0x1800}, {0x0, 0x1}, {0x4, 0x3}], 0x5) 03:59:15 executing program 5: syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/ipc\x00') ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r0, 0xf505, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[@ANYRES64], 0x78) 03:59:15 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="3ea85262424e2bbd7e795485a146543e9bc25ffbf85f2a3c8da96a3e39eb2bc4497078a4dac7b9690d3a49a0dab597662a2b678af0fbcbd55487a983ee5caa", 0x3f}, {&(0x7f0000000100)="4148f5630c", 0x5}], 0x2) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$BTRFS_IOC_BALANCE_CTL(r2, 0x40049421, 0x0) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xe000000) 03:59:15 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x1, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xf000000) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x10000000) 03:59:15 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$TCSETSW(r1, 0x5403, &(0x7f00000016c0)={0x99d, 0x2, 0x1a600000, 0x6, 0x18, "8b8a8fc72d74399971d874d00638c9411b06d1"}) preadv(r2, &(0x7f0000001600)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f0000000040)=""/223, 0xdf}, {&(0x7f0000000140)=""/41, 0x29}, {&(0x7f00000011c0)=""/58, 0x3a}, {&(0x7f0000001200)=""/220, 0xdc}, {&(0x7f0000001300)=""/105, 0x69}, {&(0x7f0000001380)=""/234, 0xea}, {&(0x7f0000001480)=""/209, 0xd1}, {&(0x7f0000001580)=""/82, 0x52}], 0x9, 0x400, 0x7) 03:59:15 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) vmsplice(r2, &(0x7f0000001240)=[{&(0x7f00000001c0)="a006d944f9fe4d8db689b7a3abab0b2e4502aad5634660bfa569fdba7ec0cc28f48b1e8ad995f3943aec98470d27c1005e91269f7c31f3c2e16b0bc52e3bf636ec4ddf0ce899751fe118b0c8f17c5d0edce299244a136768eab2e0840a8f500c8f921bca041d3bda56275130f21301e74981110d345a43bafbfa832257373ad80146d7631fb44ac65b80e8a5d8f21f51e9d183045b0e0ff67e651ca1306e30298318ffebf7fd16efbc17e6adbcc3bbe285718ea1883abb3da7e21b43a2bd5558ee6f793836875d744bcb842302fea0564f7c14a3edba845f001ddf79081f0aab05ab00dfe7c115eecab8eec41bc3455b2f3e76d328baf541d4f3bd16e9bc6d0c7fa1b26f6b22f208d7aa0c9f125aa21cbe9b0bd0c87e01754df8ca85c306075ae84614c379899eacb021b824370bd19e45e9351727f772f8eee18547241bfa1fd9aec150861040a47fb5fbca7ab89971c01e85722208ba0458a311b32507436e69ddd8c9da5ab8826e676ca7d6f6f42acdc828cecbeca1aa56f296d3d904c6fa3513fd6b7c0be8e602891eb47e84752840526ec58374afcd7535fd31071cb62270283df411163568e5606035c62da7b8c4b19a83ca6f887fca6908538874320cd7cea18594c998f70baf7d5b824a0fb89b3c9b37b7afdbe315911fc2bfc45d9c4faea750309624c398ec48a4c37897af86cd646aec220ab5c97f5055ef462bd04c2b0a4b27b0637830309de1c4eefeb501e3aea8c21bb0ce1dbb9ca64ca0690724d93a499796bc8be51f64c9c1952d432676893228add31f31b46efdaec954e5559e0569d2997f7a07014bc3c1e434e85bfdc5ed53e935eb675304e78b547f3a7799627e717096708d0f47bc5e3136887114b33b0f3b1a5eeb6b21eb68a21fe8b6eb530163be80dc97ef39a3fa9a05248c5cb27a9c70ceca510d4f4cef74ba61751f5e575ff99391e626fdeead652b9205094d8808797e201ac6e46bc4173a364be07c9fa10649dfa61c99fb67895b7b8de9dbd5dfd88394f18ed2d493bd2311fe72a0baeb01753663fe36f8b4df16466ed2b3035f408ca328b58d7913f3a21ac886b95c670211c6cdaf2d0d19aa29b041dacd9285e3ed0a5b4c743f9e1947ec257b1be42f208ffb9aa1de9ea4edf6b984387c28031cf5bca8c5986ce8cc4133ee275571f43d9b9dd8207889c1f3258424cb722d23c8db546dc418357f2ef0b48a0e6d310f45f10d9574f317412d713ed6826a2bfd72e6e36958950ac2668b1ecf85d72cc5ade7ca7fa38f59f63a4064d1eb027af9d6b76ebd1c365dbff4baded34dac398add144d804dd7c90589e67a80fb92815f19fdec35f7d923f6f0d39570ddd328e2c1fbec87876dba61b94107ff74ae478b43b1a0d13cef72ff2d84908f8b5458e1c7be851e0f42515908e663636c38232f9bcfeb6c602f3e156b01866fabc7c51995a8720389eb53a6baac67cc630a83cbf081dc2fd503b5814bb6007ee360625b1edbf8bad8a8f78aaed1e228c0b3d3940b03a58cb9649e63018945682b89adbe28e08ea8f0695be5807cc80153914194fef3641d287567d0ecc371af2e179add86410c850ba6dd247ee4f29739b62f4cc0140ec8321a3fb7ab35951711cc02c1b9fdcb02cd2257a0f0a9b29559b800d998cd197eeea13e234b209602d754d5137850be7009e0f742f3dd16db983aff22c0c97ca18434631d85c35d14e37a03f1f58a8bfc7cb338542c7945aa2319e263fc1fe658a973d65c81a1f8f2527612060c1f488f0bdfea0d045110ec4105f1c8af920f926d5c32c613695c82c1c4971cc22db6116a4fdca441fd0690bc33d03e97b6c238e7f4af6be0f0f8484902ab8a14d027f8c9d06b3fdcc743ea5ab83f3adfb3cc878cad3bb5adbfd054c87b9fd4094266a4c3b2187d7948f8181b2ee9ed4bcb094336697c4e889b444ebbaff943a5c5c1144a358e12f99d054c7cc19d7dcb919c58fa4b44f76b6a096db21de64fdcbcaeb0a7d1be2dae64b9ce9339cf1fb776a5909b3a0b23e22498d9eacbac3e7536a539f777623148cf44627404779defcdbe83893e602532a7672549ca4a4514cd5ef1949b75918fc39ae07f0e7776d7d9f3e49187769edf4b49ca8150de904bc79f89e70269109de573e3f5cc6fe8be7bdc64c5699fdfc7e2255d997b8fcfdcfd125d6a3662bbac8eea57144223b11aaf62adea8d45cd78d76ee463e4169239843e49a6a25669ade7f06cf6918eee3bb4a264e83bd098c36d56cf3fb29907f864d1dccade06439b11223d8decaa3aa4f4aec7d302c7837effb7a3e0e1477e95bdce922e8a1037fbf067a7593e7aeac582f49618ffb7dac8fa1ce9acde1dbc58c44b7500f2d5f2c94d92ca2085b1f253814867144534c0b7f3cce45740f7f7ff451f96f9f6208b9faa25ec6b2c5faa32d953ceaf5f484ff5ba7e73790ee2fedffb52c92a6663de09243fa0db78160b592295910cd45320c624daabac82d03174a2dcc106e928664892e0a282822a775d64468d2b2525b53033e84a37cae0e7387dece545bdab92bcdebebe98999d4f98599e9791ce54e77f09a3cdd21833193ba5abdf6123e27246bd8191fd454813b120dce7bc7cffd70ba5da42e209979b0e8344ad44d348d5ead45a98d4317b499908f73e39fca419adf793e40124096d675a061816b0a60881859074d7b01fdf3558f5b687def5f027f338b0aa05c98fbbed7abe67833f94a10ce476a2ec18fc6f254bd8223ca783b299a25b45bf5abb34b9250c192dc2ad08af0ce813412e42c3098955007645a926e4f9e09b65700570f3ee9e043e7141ecfb06fb35178cae8f7b544d156e5dce481392f1bec2c8f2c707d33d62ca01018580f36ee47ca188a71a3277fb120c0a8ae16bcb6e2fc09fae039e3e058e576e8475965c4faf67cfb5f7017524a5e3dd3a24030788e3deb11cf74a3333065fe3aa19ea22dc498f0bf32e893d66d7c2c1be8f8703e2dbd594da51a9c4ea268c9cbd7e88cf0f51f15616eae80a16e3b210b70f32f41364005846ac6561759bb850a8974ea82725d6231cca08f1a65c7d1edfef69f359ed42596473a29b59de47a2d8185f2f4138f404445d5163f9381b0202f7db23293cf31161410216b6287f4294d5d63047f0faffb0e380f90ee1b141adbf53ecc95bc0c300929cb8e010ad41998e8b521f164f3587658a069dbb18393b08e4b3d952d3e572dbf0553feb61261cdbdeb37770b41b740f6fe782968bb9f551644aafdc74a1cec6b02c6e1c9dacb4afcdd7f7cddaf27801d14d9d4ddd4d2803e9106b31ae47cb08c12bdb8783ed0279c5df809eee38d4b28856078627250885c596a4ac7a03adcff090268e3d0a539f320a850c5333f921ded5e910dbbcd0a5c9c09aef392ad302d02dc7c1766fef76cdca8db0b399b1e443f62fca83385a4b6520c15b3e11c9c8a9691488cfc4db60816639a100f479405a5f1858b65248b25a4238d9d40287880a9536420d05d75c8fb055a5858d1958803c135a412d3928b9d755505d625ab6fc97aab4e932c73e332a9de93af51cf6482396d601d534d13f3658e8a60a220223f289dc50b946207f86a0f24f430bbeb31391e76e13bfbf362473d22be9d59a1c881545449368013a788cdd1f37aa571cb1a2b4c5c490ae90693c68d34ae5679fd58c0e8eca492ffe1e27f7e03ec22055d6993856cc00956b84a14991b53fa7efeb210987aca5fbf4a9134635221ddf47eca23399c7ecbf6aa03a45ab0136975fe363417e60326601187002bfee21d577f5d2aa9fb194f27e55ae6c62d091fc1776fd8fae2d52446d416a5066314052050f41d64a8d54636364420f36db4523044585a4f573d1d18269932930eaec70922178e953c5150950a31455fdcb3a7fbaf5d7cbaae9c488d1e0fc2b737a2c62a7a2f428d3c92230318d17e0439e68be92a102de79daed9400816f4cedea6773651c2aa4df52b12244a9c29304b0840ed4693b112903e895ef7e146ed1dbcc56932a69c686f253bbee04d34ca11fc94610fcc250f55e531c01b07f8c9d5baf706d3d91a448cad32de3d871fbdd5219b37695c1fb5f73a8df48e2f4566505c5ae8f7281adc27cfe0a46a38587e703e9ce0cb50840df4e77ba97626e1438240307e5fc31408fa7641b766d4a1f498bf7e300537d5697a22a5ad1fff39ca436831a531ffc25b5b6b317db12eee554130130e32c9e7ee19e2c866ee87095422ffd24f8ee556161c5189a911c59cd5404edbd9d5ae3ee58423ce2d4de53c8efafaf7d76e9bf5b04043529a9923c3b3d3c42d5ccbc2ac3ecae2aa4976a2f18d4bcdfc21daafab831c18c48d6395b434e747372099c5f38aab6af41d3994e48211d08044ae8c47d3e632ba26d44ce72d02b91c8ed3edf53f94d3087e58bed0d41be15126aa6d2c3252a30925259992596c05dd262f61ae25e8eea52b483cbc03ee811cdc6077c300e1f32df03bcb5203f3a9fe137a4b7c6402a7d3882d281a4be915b0580af6ace056ffc0823d3ca415f1e8ba3dd710ac00ad8d7623a9e652a5d0bab4cb99a8cd323983796de73498451e4de7205752883d25ab2a7c1ee59230772f3481c865f3846ce5e9726a82e1c9778c65c085b30d4c2942c1ab2021e18bc76d965b27004839fed34ba38824ab59981abc7f473796e885649a36b13e3a26d7d8f48e50e92755041128d08da7965f41ae0e407a34fef2c02920fb26a638b2d3be405948185b2fdbfc0ffe4e7ef4c135c9cc2fa22b36f6703ebfd836a7042ecfc8e396be266b21c1c7e6114fd6b30aca97ca8b36c854b9d13be3114c1a58610fe34c3ef8c9bfa340fb12efc7717cf70c3f6e6370119a634f7b4225d182a86fb0c91330ca16b3eb894e66c3c551e23c488d86b0242ff5f2d588bfdb9a35f689c0e8ef8e16f15538add06ba3bab99427d77bf21e27b95eb47cb778079d3caae8a17926de58722ea00d065f84b47754026f041fffe25c63e86be88f5f994bd67409a80ac59399cbf7b26afa388fd2267a4b359d9b830c79c25ca4706b92c1eefec1c9bfee6f1992e243b6d25b559f937b66eae7374848d74137dc780767870bc94f23ed8d25d05b1b4459d242c0b38b78f1bf8825f7870ddf439a294de38b0defbc3d912acba7db7749c2d958fbfa5ad7f2fd25bf595a5536146c016cc431640ed8b6c9a52ad24b70d2a5b956a6f05f4fb83713d5f4fc445b1e35184c84abf39ed79c841cefb7f57095f9a22672c8afab28dd57f72ecf5658ce81bccf72a6360e1da9a4212d50625895debde5652c9f628f9e1f0effb5174e27530ba3e076bd82b8e4586295eaca40a7aaa7b3c2ef30ae92af8ca129c4d63157d08e8cbcdec34d281f6c1af68f4cbae82c7abc8c4d61c85cc3d5e1d64f9a7975389e941ed277f734fff13734503ea355c61257a03b170d3ca8ea1740f756b89d6e32e130f7c00a9a9b7cbf9d3bcd4427114ee29a59507345b4e46340331c845e15f50264a24f42e6980abf264fb10cb28f4da1629ee495fa68ace862528060ebd3f98a87361132a0f77b769880bf69473d4c9f046a80b5acd70733ea29c51b99f3a0d00cdfb332fe08905bee401c20571e3366cb796d295893cc263826be65bf55d1d8cd76e77f741c64061d89e11810a4a2fca635a0f095e824eae9721a339488fffa0fcd8d9f45cbdd17d8af6868393a42c3255d6dc9b22747c884205e09cbf9c079366b4ee167a5d056b7eda06f7fbe9443eeaf1b0bcaaecf803afc82124397f804f282d722b13c51ecd33b784859d0dc594", 0x1000}, {&(0x7f00000000c0)="f73271e28f09304bb6addcdaf944b13b886638732896f9753beecf2e75894fa2f1eaa9b5f0c0114292ca660e83e70cd5a1b507a87fd1c2adeff484e84d48b2c8a7874239dbba0120da122fae063518da65fba571bf1f534d427be2f5f1a2aa1882d982eb3bf7fc1e745cf44b4260023dfd98a642d04453519657c3661938858a4e2762e87d2fc2f5fba805c16e1c9592966f9ce87de03adf82888beddd3284eea6c99dbb", 0xa4}, {&(0x7f00000011c0)="005842201773e0a4489b75f9d5fbd34e2ece94def96ea5f0d45c669a1c2042d0a769d5176c77f28fc4556363", 0x2c}, {&(0x7f0000001200)="9a0f4036e20434", 0x7}], 0x4, 0xa) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f0000000080)={0x8, 0x0, 0xa1, 0x4a6d, 0x1ff, 0x1778}) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:15 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000080)=[{0x3, 0x1}, {0x1, 0x18, 0x1800}, {0x2, 0x3}, {0x3, 0x5040, 0x800}, {0x6, 0x7, 0x800}], 0x5, &(0x7f00000000c0)) semop(r0, &(0x7f0000000000)=[{0x4, 0x80, 0x1000}, {0x1, 0xfffb, 0x800}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f0000000040)=[{0x2, 0x7, 0x1000}, {0x4, 0x7}], 0x2) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x11000000) 03:59:15 executing program 0 (fault-call:7 fault-nth:19): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:15 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r6, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r8, 0x0, 0x0}, 0x0) r9 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r12}}, 0x0) syz_io_uring_submit(r3, r7, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x5, 0x0, 0x8000, 0x0, &(0x7f0000000240)="0cd8c75897e28aeb13d6415154a218ffa8890840cb2b29d25e06ae91c065eccc6c5d9547b59013c949fe3b382e34f7eea83d83b5d607af0352e94cefdb9ad2e76d9e3de98fe16b0117d0cf550c8ae2635e72a73b20d1d22182530beb4dbb560433e51fdf26931bd329d78822f84f510aa5a84bda634c146437f9bd9c943d89fc399eb1cd1fe2f51a1b72f0320b8ab6a4be3e4055d429762cc4488c63de8e8866489194b4816e17d6be31d2e4788ce7b6dd9dce", 0x4000000, 0x0, 0x1, {0x2, r12}}, 0x9) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x6301, 0x4664, 0x1, &(0x7f0000000100)={[0x9]}, 0x8) 03:59:15 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r2, &(0x7f0000000100)=[{&(0x7f00000001c0)=""/202, 0xca}, {&(0x7f00000000c0)=""/12, 0xc}, {&(0x7f00000002c0)=""/4096, 0x1000}], 0x3, 0x5, 0x1000) mkdirat(r1, &(0x7f0000000140)='./file0\x00', 0x153) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r5 = dup(r4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) dup3(r6, r5, 0x80000) preadv(r0, &(0x7f00000000c0), 0x0, 0xd9f, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000022c0)={&(0x7f0000569000/0xe000)=nil, &(0x7f0000346000/0x2000)=nil, &(0x7f000014d000/0x4000)=nil, &(0x7f00003a6000/0x3000)=nil, &(0x7f00000e5000/0x3000)=nil, &(0x7f0000640000/0x4000)=nil, &(0x7f00006b4000/0x1000)=nil, &(0x7f000071b000/0x3000)=nil, &(0x7f000009b000/0x4000)=nil, &(0x7f00000e9000/0x2000)=nil, &(0x7f000051b000/0x3000)=nil, &(0x7f00000012c0)="0466502a11229c72f2de96dfee064b99a1f67f8022751c6fb2cb47d058d0683a2d4c5a5c21cc40366fa92004e9b1e1a91628f00b9b2d0013ee236f0bcfcc7c9d43a72a63969125d2e728bee1cf63e9463f58d98427f3cc612d046c15cb45e2735e7dd2db95ce47bcbe509bbc50fddaa6d8796d0159c9af71ffc9c541b1409ad5de44d37c29e3789179f537ab60eef31931973660d573d934995595b7aed1a7c5781673a8dd8e2b940861beb285e905585ff7a3d5b8ba4fb5af6d7919cc2e75b25c3dae7794079a13167a37d4b71f33b1d61636bb2a6ee72f90dc3fdf5b9ec08a8334ecd3292f64e75d1f700942bd634b128955c9ba7a919bf857462a2b6d91bfeb9f87ef6164752758541f507768a2a69cb3cff0e50bbabe047436de2cfb309d75a476cd9d6d1b5f65cd11a0349a23dff92c2a3ba0ff5cecbaddb0fc646a6e8e6012bce4b3f04fe00e3d3060b06b50875a8a8b830e726445ec6d19c7478068529185468f3c21ba08bec8662259190737b2cd8a0d6220b7d33476fd4c784a0ad9b4500cac7202943904eafd44537cf2582fd38d74000d023e49fafdf0582d1b2341b32ff447a4977ba9cadee4ee4f990d05843f1f60eaebe69da5a89f1193310bb8307c8f9e90db22cbeb8c62a3b863dba53960abecd4ecb4cfb0296d2756ea9167e3b59a6e22651096eabf924056879b57b17402b7412450e6d459c16ffbd3ef6bb4225d1d9fdc2d7660ef667a5aa6e21ff0c18442b119895c08905a77a86f93a14e786c9752d57a6c7a9b7c6f1a3613edbbabf41f0514626aa492f6f87a95501fe58fee7d541116ead533b0a8f3e309bb4c2b83ce50df7d1c2bcfdd4b7cd155edaab49da6abe55623824d08cd92190a481106690458916cd40698bef2c15434840c29acdaa357267d557ae6fe59f32102a55ca8da7216835d73f6cd10cf1936ff5a37240625dfea6707dccc5441745a7b1a3756e71305c47f15dfa929d1c2f88ad75fd5eda7a7a9373861f89dec3909852631d6584e01daeb912d3ea23d8e412078b58a8f646666aa065c895c1a701b289e438a0e4856fe662ca16d63e71b00b2cb5a5291e2d62cb2a586dfaa745433e60f89da176c548c9bf07abb94ef0c021fce68568cdcc5300394dc477aaa5a46a9d70aa2db7e816556ac5af61b2fa5ba48d98fd52484ec7282daadd4b35bc6a7da75ae4a690ef00a6e31005f1e39b2cfa9423c8ce7437837d23b7c4746ee236d08bd9b9aa8616aeacb5a607903fe2f8faebfdea3d71fb8f73ae5a6cd5816a14e61ae47c9ac378f11042d51de516ce75433be8a0f98295324c18dd3a639615674c08bde45976a6bcc5780cf234cbd9306e0c2aa7478a21cc38de63838c3310875c515e5c2f6a57bdc203485d942a7c6ee5a91d3a3d8ed8705c5e8d680ba9596bd15aeedb69891a3af61a7f7b4b7773eb1cf58938b2ea5c300c8441090bdfcf42084f2eaba3d7cc973d25a449872dc800c64639e276af38e207828531d74f8cab13b8079542b799094e12d01049e643cc1295f7279c5408f174f163e9a4da3cbfc6bbcdc461648d4d346db9c1dd0874b315bfcd2cce9463c676a5e977ab9c41cd1bf6bc77e3e00ccd5406396f3f0b581c4bb812a32ec7ddbd66467d7d0943a121d4a59b4fea9eb82229bccdb9f48ee66c033f19dc41ebe4d7ae738def9d13475a3a15f41586077a76f50906a1f230ab6441f752885f17cc18f4ea5899cb666c7dc17e72caecd0a0ff1c926a52bfa17668d81eec1bf654dccf8319a1b833336c8c893b639ad16ef71e478bcb6e650d4cb95184cd2f3db787b0ab73d744bf52bd2bacc07ae7b9f346a4316a8ed3a6180f47ff8e4c8d862e42600ac3453e285ace505329639f7766cce7ab1a666f55b023aeb2af10a08b991df3b9a3db65d1f0e7f64606dea80c11c3ff543f183a28269a37dc7c60f6d29ec758678cdba479224bb3141e4d7ea383ed2d858e51a2c6ac6c73b9f27c1535a0331d06a1dab109e4afb2b9bc52405b16ee33283be5ef3ff3af45af7da2fd882955e04fc49a08ffb0e964036e23c07d30ec8bcabe798fc3384031ee5ddec299cd9af7aabccd8b00d4677be02bb0fd0e65b668ceaaf1f8d9be6f6769cf58b03cd850149d670f3fe419c66c83cc9b86ef6f55fd12682796cf01b8bfc871dc5d2d66a1332724c62ef48a7488c20f792695d4744d38b8661c1088931b37d767b271dbcf8f72a4ee1b16b6af5b994dda6be7eddc04635320e968a4b9a3f96053912e4fd7293638727208af1c04f9918a7a3995d4140e291f16ed55dbf4fbdf3f91826851c083a5481419e778a2870b2804ceaf26047e1bd662c2312301f94df0c42dec75e4a00ab028e24357802bb197cedcceb9812fd6c214974da0c248a0e3ee94640853348c159ab96ca366017d42045215769a5df996771164640f13d09ae254d1076331a436252c14f55c389ad5b2b2968aef0dd42c0c9668f0a323f2ceefc4ec132cbf3c27fb4c7ad0341cf50f434ef4fa79d16b20f3ceca85d99bada8dd62c446f4609047c4ba166be2c5cc976254a7eda63c3dc6c85f9feec6801487c83e61ed6937914231727d065489aa92449312dadc21ecf7adcc8d2f776a8569d0b0c4ad5f2e150b641cc53142ef6d0b3500156e2eb4f196e77f45687d99c6b0b831b1567f97e57dde799a8178c566b6e984d90c932b0278ee2c193f6830c388be33110f20d7b359febd8081763b5cdd682afac4110f067a05e915e20a3f3c621357fac263250b3c94058f43f6c91748f00068536c924cc63db153a48fe2626414a3296dee1729ae0f995d27781d615f3e7641fe8ce18346fcc18888bf5eb4b00b62f5b39190d88525f1361baa6f86432a06a31f3b58a51b57feebc08fb1bff2976ca4d54a4e7b6410b4a82e9937cf6e161e5f4001b2ea200b0cfa485a40948f212fff9f886309b8d79cb70bcee23111962df4dabc14398a2bffd1d46013e25adf2ce3376843212cdbc782f9a343f60c494016b1cfc745bbca65c57509b4bbba38abb14885437b208b61e3de2a7d02ed569ca60e8f37fe018e670ca5b9402d1938c554588f38192d9fa4db74c8b61b2f609c1f257283f8acb2a377348ae69efdfbb80213fa49817882b5052aeb9bb9b6abb92c0ed09c442219f9e1743fc5f8a8db586228d701da60d02529f62b8b1a7732c3c92debf9ed8c6030cc6f10b60e358d2afc26ae97a1bc29402918a470e6739cda2c76d36852fd2c639208644b4374d79e1f0653c77e4fd4c4a251c1fcf3c444acd33f2333d4e2858518a74269c2a1c2e715b271a5e91f4c1ff25680f5165741c7badead5c8f164f408d6a3fc1b120e672411189f83c34d696d015e1652335a9c4276d18c36424eba64d5c8540ecd37f1d970b22500f1a65d0d1b84ac64c2e1ed0895784c31a43701b50ba6e3f04cb2bb88a1f36108a3f740b6d613f63e271ac5b90307a7c3fb6ea2cc452df5e2febe025497e43878f5cb987e4ba13e7f1c40e012630c8fbe078f7d81d72b4a25c71e85d1faba6b60a229bb47b5a39968ce23da464f553e98ac88cf9549226ef03c8ba53c2f9f59f43ec49f0c242aa7d93766077ef1d35b501b7954f222347e0e309db879c8fabde94f6f2abb788c17b9433853ff17ba8908dbbf128692244346118676e0ac1465cd1e48bd2ac80c4a3c9012804d5a2a404fce5e0d4a8b1a535a521ca377b4c6f75e1a507855c37c9c604eb2789918c7a3f139423b2675fc7a157ba924ea961bb843784d983c4d68454bef2f1ce5da8be1c701a1760292bf8ef557d5e0e7001ba9e7bf1d037271facaf509af9209346236faaa62f55efdd8521ceb19e9f830873ab991b7e7d166796d55a793bf6e70935993359c28f0cee7edfa22a7fbf59ab84441c6beaeba637efb79fa31e8e5baee394c79889a86a24aa66bfb5b7920cf43d6d171a6d686e2d48321e7454c979357dee4c069fb1354d39397b8f3e729be966c72d846c9a6a1dcf01978ec2f7966d2bfff0bee0d42fe75eca246f9be768d88d82f15dd12b2e94bd5ebb93dc209be6bb33d942154831cd46c2e9462c143b843a45b1162609ed4d229ba931fbe6be4ea4c2630e18998db0831d3aec79369fe543f87ee868c614395cbb65ac67757ddca59066bd09f23b1740470671ea0780df4ea72bcc3a19b6ba111f46a73508ed1d6e49a4cb326da166e15dc0371d3a422d3e6f94714cff6bd132b8576875c60c9bcbe7d074b1cbc9abb873b8c986c302096934a3a93a943747b4cafdc0faf906ee6eae879c873b961476f482cb6b98ad91cf6dd44b93f71999989cd85c1147c277607d24013731bb4d7b782e0ea9ae37cccd0d4af58e747b49352b0d799054a364d54740255c8a1d2ec01b738fdbd2a33d2336129c736c3e698ddbbc6213f0ecbcb2184b8e5735cd5583b12765f7af2a91860f201342d79adc3ada4949ce0b3161394bfd4665582d253e159584c998765a2d49b965b9c0225f3c1750b02c7ab24885c1a47010c1f8586dbdd3cd1a6236c4298774f29fa672ffcb09582e76bfaa24d43b8d0c90d2cb5befc63100dea0555c934ffeac409ea57b3cf648f7c0beb6bc5c4203c833b44f33729a72e9a72f37b820036cba0886a25df06776aa97e46bc015e94ebb0963b030270a384bdf7b0ac17cea9067d3be5b32b3d79f7bebfeded0f16a13f39173c4aebb574e76fb94503622f988a27e4da94222d5e15a0580a76d6600570d848b52fa18e7557d28fa0027b8f1a32b0102c1fcd66fce820e377186d1eace9c44dd90e8c03d9163f410e51a29d922b8e6b553058792258c2f60d4988fc205bfd47824c415a66987bc69e4983866c069e0df65fc36d594687c5005a24a2e08aa49d9b781195076eca795434fcb872f75ab4f56a5a71951affda658f20802d98a3ad163b9c2a45f7442a243e47a8551a3068e2ffdf799083cf79cff0a1f065e0745de4f288867e2c23e60a3faa4db3a6c8e47edabfee836da6f24fbed4886c076ac439de2a4f6d950b218b3ba6741a588c4c01dd14f6da16d54cc88791b11b5d2d575153c90740eaca63e1c1d4095eb60e30d45075712bfc43cf8302c2df37e3a7e47e961c5dbaf682d079a00a209b99191cbc307b516b840763fd87ed6409e3a66a71738f1592b3a2abbd930f4a62652836e7729759899a2bbb69845875dda69faa202de7db5a0df2a573da195cac784244fc169ef231ff9dc6fcec9df788c2ce3fdfe2617aa55704b2f9d38d85cca7c068833355cd5c29aed84520558171576bb6894da56ce7f494f1847eef128161c51c5adae941bee1d7f74137d2077dbc6fb33b35e039d1dc1c56de71c53d86c07d7682d8b3fd9280f3ce0a929cc595b5b3e76905b59c2a5414ca5f92564bd89501d2f4358fbfd1540105c4d97f5e44e465b902c0d97707e800dba191bc909ce06617ae04232e97bcf5b6cea786f445e1f153240c791ca0c66e364b0502f8abd76b110a5e9c94c86375c98c7bfe9f0c4b2f551fbfa11ed6287cb8101556966a861e8b1e9cb0080d51739098cdaab1899c7d6580d3270c40f85470bfcbb4f0ff048b793f425a46f1fa65fd1c493a1fcc85c0f8749ea41349048f3ec8777cb82a39d3fb5fac495e63c63b7ccb66f23a6f90f599760f372fe39b6abc2ae7bde7ad00c3c0e7e2c7c8c4aaeba23b0c7b106d7fa948689c344fd93aa77640c4bd3f0e1cc96612fea3397f59a21db10314a5c72b5e19ee946dbb6c5df94703064b0ebdef69a952c4764ab72a2f7a597f1283e47b42180e905fd4", 0x1000, r4}, 0x68) sendto$packet(r4, &(0x7f0000000040)="8d40044e699d917eff6a0aed69ba14d1502f69c9f64e12476655124352e8e40902d6b20bd6390e99914186cd0cb9c349d8eeb5759ea4f5f920cdd63688e972eb9104a7698d9f61e8dd149f5518fb080fba4431f738620b76af954ae610c7cf6e21ace026653dcdb62771718d9035580b8f2fad88ce9683b269f0611ac3", 0x7d, 0x4008040, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000002500)={'syztnl2\x00', &(0x7f0000002380)={'gretap0\x00', r3, 0x20, 0x700, 0xf356, 0x1, {{0x4f, 0x4, 0x1, 0x1, 0x13c, 0x65, 0x0, 0x6, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x21}, {[@timestamp_addr={0x44, 0x3c, 0xe9, 0x1, 0x9, [{@local, 0x4}, {@remote, 0x2}, {@private=0xa010101, 0x9}, {@rand_addr=0x64010100, 0xfffffffb}, {@local, 0x80000001}, {@loopback, 0x1}, {@private=0xa010100, 0x2}]}, @timestamp_prespec={0x44, 0x34, 0xb6, 0x3, 0x3, [{@private=0xa010101, 0x6121}, {@rand_addr=0x64010100}, {@multicast1, 0x3}, {@loopback, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}, {@multicast1, 0x8583}]}, @timestamp_prespec={0x44, 0x3c, 0xea, 0x3, 0x8, [{@loopback, 0xaa}, {@private=0xa010101, 0x8}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x1}, {@loopback, 0x20}, {@private=0xa010101, 0x5}, {@private=0xa010101, 0x800}, {@private=0xa010100, 0x49e34f78}]}, @timestamp_addr={0x44, 0x1c, 0x90, 0x1, 0x5, [{@broadcast, 0x7f}, {@remote, 0x5}, {@local, 0xfffffff8}]}, @end, @generic={0x7, 0xb, "dd8f840d673992bcd5"}, @timestamp_prespec={0x44, 0x54, 0xa7, 0x3, 0x8, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8965}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xfffeffff}, {@remote, 0x20}, {@dev={0xac, 0x14, 0x14, 0x11}, 0x81}, {@empty, 0x6}, {@empty, 0x7}, {@broadcast, 0x8}, {@private=0xa010101, 0x6}, {@private=0xa010100, 0x2}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xb2f}]}]}}}}}) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000002340)={0x10, 0x0, 0x0, 0x401a001}, 0xc, &(0x7f00000025c0)={&(0x7f0000002540)={0x4c, 0x12, 0x100, 0x70bd2c, 0x25dfdbfc, {0x4, 0xff, 0xac, 0x6, {0x4e20, 0x4e21, [0x5, 0xfff, 0x3, 0x3], [0x7ff, 0x3, 0x3800, 0x2], r7, [0x1000, 0x563]}, 0x80000001, 0x81}}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x4044) 03:59:15 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000040)=""/8, 0x8}, {&(0x7f0000000080)=""/123, 0x7b}], 0x2, 0x3, 0xffffffff) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) [ 1375.127828][ T9024] FAULT_INJECTION: forcing a failure. [ 1375.127828][ T9024] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.140540][ T9024] CPU: 0 PID: 9024 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1375.149217][ T9024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1375.159295][ T9024] Call Trace: [ 1375.162575][ T9024] dump_stack+0x137/0x19d [ 1375.166918][ T9024] should_fail+0x23c/0x250 [ 1375.171344][ T9024] __should_failslab+0x81/0x90 [ 1375.176112][ T9024] ? io_arm_poll_handler+0x15e/0x420 [ 1375.181422][ T9024] should_failslab+0x5/0x20 [ 1375.185923][ T9024] kmem_cache_alloc_trace+0x49/0x320 [ 1375.193001][ T9024] io_arm_poll_handler+0x15e/0x420 [ 1375.198117][ T9024] ? io_wq_enqueue+0x3a/0x40 [ 1375.202709][ T9024] ? io_queue_async_work+0x18d/0x230 [ 1375.207999][ T9024] __io_queue_sqe+0x133/0x3a0 [ 1375.212685][ T9024] io_queue_sqe+0x6d/0x160 [ 1375.217149][ T9024] io_submit_sqe+0x15c7/0x30c0 [ 1375.221926][ T9024] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1375.227391][ T9024] io_submit_sqes+0x61f/0xaf0 [ 1375.232078][ T9024] __se_sys_io_uring_enter+0x217/0xb20 [ 1375.237599][ T9024] ? fput+0x2d/0x130 [ 1375.241557][ T9024] __x64_sys_io_uring_enter+0x74/0x80 [ 1375.246945][ T9024] do_syscall_64+0x34/0x50 [ 1375.251403][ T9024] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1375.257340][ T9024] RIP: 0033:0x4665f9 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x12000000) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x13000000) 03:59:15 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semctl$GETZCNT(r0, 0x3, 0xf, &(0x7f0000000140)=""/226) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x14000000) [ 1375.261236][ T9024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1375.280846][ T9024] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1375.289264][ T9024] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1375.297401][ T9024] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1375.305377][ T9024] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1375.313352][ T9024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:15 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000076000/0x4000)=nil, 0x4000, 0x200000e, 0x12, r0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x64002, 0x2) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r3, 0x80286722, &(0x7f0000000340)={&(0x7f0000000240)=""/241, 0xf1, 0x3, 0x10000}) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000040)={0x0, 0x1, 0x15, 0x14, 0x12f, &(0x7f0000000480)="160156788dd792d932717401e64882521762a462232a8a89527cfccb37d5f5aa2887c92819d51f2204245cf3a54db3093c526ad3480a361c18c2c4307f3f8367a28d46fbdd7febb100394d860c756bb4c92fc7eed3054feb45c2450429d08b07a552168615589c52f40d022666285d872affbb9d62ef142afaf19ecc384dfdd7553caf2b1605f8cb9ec76a2ad8293e461141435c08de5b955253e965b66a09f9dc65d2eeb02912f692d187bfaef5836238b761c44fed7fff9f2c91e9b79645f0942345fb64b51748b23a496ef3d1767db9c661251eaebf70ac9e1b87e631ac09b2b04634e8a231dfec2e701f1da78fcc96e4ae77c19ad7e834ee00b814c4bf2ae4850cb1332e6e80e0964cea9faab89bca3605b9230a68b7e11c3c1a7e724e3b6dc83e98213a35ee2b1f0955724f476dc8cff35e03e6355f04d63485e02a9eb5920be59ef508d3a511e39b4bfa12667e70399402796a04bb057680221deb4c1d210af5b564ba4b32def388b7677faae75db18cc46cb3e1e49cfadb3851361f9b58d41c0bb871b60dd676b92fd3edf99f9d8c6cff99ede7de9a33bed322280d64cdf428a2c9e63e8413b873d1bf624bda4870e3d3fe4d02c3a2c08d07fd10f505ab5447f603b7fd91c70f14ac10973e44f089ea2c6627945a9ca4959c8ceade2948926626d32ac1cdf4ebd5707985d669681429acefc27d2eadd910bffe6f5576ef035911372d9a8526b5b9ed98e436456d517e01defb7276d66962da7337127d932e3fd28cdf0754c1a880aaba84426f14a862876657539d6b15c247a5fd9b04317c0c01881b0881aa7e4171a2a395f83c2bb60294fd903acd8fab49bd93bc7d7fc6b221d90c44372d7a78666b9f3e6480c56d18e0ee439daedbbfbf8c5d2ad36e27daa5998cd5e509f8ed818504405ceec3a76515ef8ecfd09ba6396f56559b2ce487497f849fe718e7bacb498ddcd79494e2fba819d1844659bc9ca14b6af12d5ff6f82b9aa0f7d1a4e7f4305b971f0566f2aae518e2f88266dc4dfa0e6e9380a0b401315ff3332207ce6ec6cb30f06a8bef6e042fc01320de518bda837eb3cf3b03d9d601b910ff3598beb482d28d2d50c8a9ffb72d3ab2b89f7083ddd4ca69b34ce2b6f54324b11fd756abeab4cb44f5545e814b4fb4f3dd2f67db668df5205adc4a2997363fccdc34dfef35c932e8e0f4cd9b60033d70ab36553561ce7a7e49dce930037d71d01a794bf3752e87b38580d62c42c325546994f6d8b9dbac2dbe5d8f5315dd6ebdb830310fd4caf3a26285dd8bcfebdabb3e7dceab24b9d268d4619d6de894a0b36be6a04cd5d5c5d5c1e601b48440a45e980ad7b695aafde2894a47b6f34cb078ce10241c4c32c7a2b92363ac0c7f3cf1acdd382b50f7eff42272aa1b9c25b86e3c96af3bf4ae0c1feda04eee183d8d67e1daf096d32ffd"}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="147d00000000000000000000000000590391a2df13250d79795a090000000000000018a79bb67edfa4377c3b38a992b7a6eca5f49c1a80348bdc2325aafe046da253c139a47cbef7cb3f9011ee265d884a1ef0d76737990100020c9832f6a7eab13d2cb3f3cfd3554d793f8d1eef821cea5c66f538213d220ea5e7489cc10300000045affd1d810743e1fdc1732d0b115d1ce4fe160be93778982408cd09a2dec769d91fb4e66b59002104d5194d0b84230ec5244d9126c7c5e3edf5059d530e9a0e0eb9d2abf213b229de803e10a52b2d9de38aa2a3dc4f7ea8b940dc461b49fb6268bc7fbddb6515c3869dc9eb7cf00adc881585ed127bcd10e1af08e606aff944dac55800cb2ea467fee158c4fdfef70e3d72a20619c05889892abfaf2a1ae5591631ed62f32e53de68c5b07aa9c6cbf35420805410943d6bef953cd03a5e0af697cd05fdad09eca0f45eac08affb8cb7def4336306d33a3608ae0f4f9919a04d9e90520337cbf0de92fd4262f2"], 0x78) [ 1375.321320][ T9024] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:15 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = syz_open_dev$sg(&(0x7f00000002c0), 0x100, 0x200140) close(r2) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffffffffffffb, 0x1, &(0x7f0000000180)=[{&(0x7f0000000100)="542fb7ae1d7511239a784e6cdd901bdb2f42e12a7b5bda993984909e7df89557c6a619fffa8712d2e6d84ae0f71566e3bb57022012d1a63c8dc55126e4dce7188d6ef5a1dc3d6d0e28f1947379d6bb0ddec0de863e5b2322f5626136be07de27388559205e", 0x65, 0x5}], 0x100080, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=00000000000000000000005,uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c6e725f626c6f636b733d3178bf25362c7365636c6162656c2c666f776e65723c", @ANYRESDEC, @ANYBLOB="2c66366e63000300"/22, @ANYRESDEC, @ANYBLOB=',smackfshat=#,\x00']) poll(&(0x7f0000000280)=[{r3, 0x3044}], 0x1, 0x1) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b39ff0000000000000000e5ff0000001b080000006d2403bc9d2b2ca6e99a2b6b9e8bcab6683d93da82"], 0x78) 03:59:15 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000), 0x0) semop(r0, &(0x7f0000000000)=[{0x1, 0xb6a, 0x1000}, {0x2, 0x1000, 0x3000}, {0x4, 0x1}, {0x4, 0xffc0, 0x1800}, {0x3, 0x7f, 0x1000}, {0x0, 0x9}, {0x2, 0x1, 0x1000}, {0x2, 0x5, 0x76d83a84f0b67985}], 0x8) semop(r0, &(0x7f0000000040)=[{0x1, 0x2, 0x1000}, {0x0, 0x8, 0x800}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x3, 0x121) semop(r1, &(0x7f0000000180)=[{0x3, 0x2}, {0x0, 0x0, 0x1800}, {0x2, 0x2, 0x1000}, {0x0, 0x3ff, 0x1000}, {0x4, 0x8001, 0x1000}], 0x5) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x4, 0x9}, {0x4, 0x400, 0x1000}, {0x7, 0x7fff, 0x800}, {0x3, 0x4, 0x1800}], 0x4, &(0x7f0000000140)={r3, r4+10000000}) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xff0f0000) [ 1375.417344][ T9063] loop5: detected capacity change from 0 to 264192 [ 1375.539750][ T9073] loop5: detected capacity change from 0 to 264192 03:59:15 executing program 0 (fault-call:7 fault-nth:20): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x100000000000000) 03:59:15 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000040)=@l2={0x1f, 0x9, @none, 0x3f, 0x2}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)="e6a6b248837fffd62eabd8fc6faf630df993519658fcaf2072401cf6fe1ed6f69afd2361305eb4a4340853558c87e2c00df9bc6d1fd6ff7577f5fa2bc250a12a35f990fb8b378e9d82471fa1ee7c5ebdef82f18934df2d623d6bace5b39c87879aaa6cf55414750506908fdaf0a7371fd28e00557521ac237e72abc392c78fd5d327c6f92d8930505c58178b261aab3a9cc8d09500b9816cf266ca8de4d41f2de443f5ca5b26145fbe7655a26608561012fd7f73e797b48230707a7e874e1a2056485639", 0xc4}], 0x1, &(0x7f00000002c0)=[{0x1010, 0xe972ae2c305f0fed, 0x5, "cdc6b8c619b19a4fb621d1d909feebf1e3287098e2919a1dac0f3611ef17df00b129c72b74b289a0d836d137b80950d95805e88a62fd3beeb607104a4931da705c1de67e24b85fee0bf8ddc0dd647dfe6efdd0c1428f52e58140bb9b3fdb0707fa186ff37caaaaa719639006da0c5d0f03d11f10d7b4ccd82f53a127ea20e0f43f12684eb3bc689d714d3ac103745aea8ddb5cadc8b2add986f63e14b91439f5702e4a1f613ab5c1dbdb56659cd7a8eca412335eee7ff963b9286f8e4ddc0e45c91fd83fc73ead4d9c8e20ba44497d57471b04c142ddf1acbde956beaf567f3bc90afc6407f1d54f536c837590065645294f8be654c1884a565f6e5e12b5086f62091c22cdd102414f8a3189533f0e4cb691218953564869f93e9fb34f50cb4cee2b1dba5f4741a2dfcdd58966cecbe94b020990723017c92aec3330e3d430d81b714a8852b0a628a087fd1a9451fde7172201ff5bbfecae33b7b11402cf9078345427c3eadb5e8d51297c87978a97edaa746c492670972cad0c2645f8321913449a56ede4ea0447f35842f5b730e5c69bf25beccdb3939748494aa9716681537ede71b5aa77d21f1aa3ed3d338f0bd4f393907a7e15dfe9ca2e30e2ed7f98b6e660805234edf47158b45432dfee07443e5a1a637655db3094bb300e36a3076dd939a539a16f402f1869cf095a36de19e5360050797df7dcdfe347741cc72629d329a5000801e506bd01230025a18adb97290249abfd225e99661558a3fe7aaa1486272242d5c23acfc3cb84876e7daf8fe4f679e174a6ff1934703b91bcdfdde7ca75f02826b2473aa46bba7efdf4872071aa6d79a6d9d29305272e27b92ecaadcfe81bb1f50fa2d00491ba13edc073a0a5ec0a5484f90a9c873b6c9f778b4916719fe0fcaf106f637e44de4e490b71182d25b9ea20d9ba4f04a28c2691a141e481717fa52ca29e90260a270eee65ef504f9fb344fd5d5460d53f2c183b9605ed62870c2428bdf84c5b340bef4a8e9b870570570701c523c4f9db3e53bfe34657a7a8ce20dff34c7dce7d3382908e944836e66deb4f48c725577e881e942b4f473055618b2e3fd2b73649e34cc5b4ca3c0688937f02649f2f2c9070dd34e653fb6f68ca87594abeedb9205aa12156c1c61848690034827f2426827ada07a947b98b48fe6ab7c3fa6c9ca90041e801082d72b1cab2b07108a7a8037d6f866c57913d94773e7ce8285cc48f7a6e3605e55ccf593b71f95f09e170b7e00bde39af9fbe604c519526d8d87111a23a6a60d74b1f02111113793b5c96ae28b37f2127e262b5776a904979414d1f36dd2378b963e681cc3f92dbd556413a0cf69e669a4478128a8fa28aae7edc5cd7b7b028417a59abad7dbc546a0572a02d3e085ed236def255420b49b97c07ef926f38867e39b2937582b3763b96c778ee9a04e40c72baeb91e5be6f626b1394b11829681fe3d8abd4776a170a01e8183662e47b9a2abc59bd807473bd53845f6f5fe47825ad16d3df206289de7a1dc857fda98e2ffb6c51e9d940639be9f32fdcb1b9208f7dbadbc17b6293a3deb311c6c86711d531d273bacb98b72f0acba9281efa62038194863f7461da828f711c3279e8e0196c83f19c1134342fcdacf43f4f888dc993963742c0f895400d49aca35e1a4747a2c1102a38c35ab4dfc7512d25a70742998ccf2f1e4363dc7f697b46ef0cee26894b0132c24f35acdae8fc4df9b71207403082660f88ad2736b948fb4e42f93eb3193aa75d8d2cb8e84a51ef764a7a76ff5b98dd751bc598bd1e931524117a6bffaa3238a125520762a0ef86dcfff4355c126e2f8e4313cf38aa40adedaf2f55816ae4d0fc3463646536f30881f180039f9b1460bf469837b62fc2b22f422bd0cc56e4f3be13af07acf7504be88b3dd766e1d93d38220789f2677c4d71dd0868c0d31b66f0ba354bd927975d8b7d324edbba65f2bc3037e65b9a3b865d044e5d72ea5e0e99bf1fc73cb0cbbe53cfaaa632b4edf2d094b458555027cf47f9cf4755dc94a2f983f202dcb74aee8b602274b9538cc2dbaacb025de345c1b491fe987f2d040eab066cbfa00ee4ea7cf5f14af5e287732b2158161c92c8072b3366b2c5a17cd4fc36618598475b8365ae19455eb52b4bbbd7c9884f9772046f98715cd9b5d3026ebe9507e5dc5571399dcadd51807672cb7dfaa9489dace524439a38ad6e9dfed219f191ac9581f75d15f0aaaf2d18618c519e68d605643211dfc4b6e192f0566b08ff153ea6c232ebb5c064825fcb67a7354f45cf25e5eb50cc98b0915173bffba785739c87199477d9fcec416ba792d108c43633f25df94107185d0a3477e6672fed8b6aba0a9b6bd52afc7446c97f71239e99e50507c968e1ffa512839ec732342f9d4b842cd98867884d01309e10048c27d1b6ed7d13569d3554462c0d575b93d9d6cd060b64bc16957f2c066d796f8588fb31bd415dd25d0e5dcee77f99a75f5026c310d21890b9fcfa49fde33ccc92766fcf45eaba9dadf6bb076ee0640f158ca950a0c597ac76da0be9a8e4f146d19a14716123457e27c3532953b339c10029d59145eba69c374ada6930d5ac878040274bf490cf395754a3c4ead576efb90987b328f5da7c8b55c412796f667231a1bd33d2bbe6436520c00fb5986d8cfa3cb2e6beabc2ea4501f5c3ff8101030e77bd1ddc350644a72f7e56253ba4c6346c296d27fadfebc20ab7f81f95362c0067a4ba2d6d39dd96a5f65259398793202a4b913550ef55a6b86587ecc0d7e93abe2105c7d29db791d049201d978fca39d700f94d4b099088eb100eab1fca8792793571098c69690a7408698b1406388f4dc4abfd7c942c7d044012bcd94f2d5bb8a676eadf19115f0152d6de9fdcc0bf9453261933761bc021b00f9331bc0fdb18e98c96627929aa0f5a38edb78ff8b2913b23554ba03a6f72b836b0c6de5a1a1645675a4c17d903e9107be504d2e3e805d86fa778f67e539db259ef36904db842591f262c6473eee82e79e57cdd240739879a8944f5830e437241862763ea87a3854f92a4d005857eae6360fd531af4a023529fd4931c3551dfab6f87c8f5659d432fd1590cbeaf78eb4ae876003e2c15a64a7c6058ef9dfb28561ec0e1bde266f9707721a1bbee564ab6faacbc7e6fad5aa91f5c4a77b47d11b4c8af68978e700bf357478c11a8e5f645859287f9751de4f07ba4f73e9307e84e330a852ad62932c9b3c7e4762b2316c4b0830b845cf9032ba3c4688099ad028275eea469e7904a41a42c8a14501468dc1deb8d4fe9b1e5ef98fa1e90bf2a3b60a566271580aec2f964b21efd49cd409fb5496e3eab40d9563972ddd0d6fd320e5f22d1645957d41e5a6216a3740fa4213a5445a6d96292f9e4bed8db4ef9d1d75ed6c3afbf1caae8becfc21c46626cc5f4bfe863135c35cb3a394007505fe7df390d84d45a1cec18e36e0dea70d915ca80e57781ffed506b24acd69713738a65ba4ee832e0ea49790663a4be0f5e0bddee8b4cdcfa954db81b390be6bce31a4937fcafcbf62dcb37de25a1f2a732d337f06c769c03b8dd32ee36324e1b60de16dabcbe886119d8125eb5818ee489594188bb9da55522bb681aa31c8b2f90ab0385876d46427efecbfd417bf951e2cd1f1a04b8de40e88a988caebc12ff612214fce7731fc91e22ee7c01642804c894c674ac9fb662455ac076f9de9c028ae0fc780577c9f751b6c43552833cd128d410ad3be290f9ad7eee52d07dd6c5241e3853f66320bec3ee295c5de883eaa831bf8eedcf7640fb3fff345f09328eff991d8cd31a027a58c48f18511344f161dbcde30bf06dda338c9390daec618723330500103330c3580d7798891fc48042ed70e29873f06b6785d3bdfbe7b301819f91055276d48080e4df5ceb3f91656b477a478b17a46b197f6a0b7142d64486dd43bfb962dc3947e7ae8bfaf4e2c707aac78cdbfbeb9e07635573b6a41f890ddf78026a78800c4f923289bc5e0ae17947a5b04106dcf49d271d2848b82f76629796cf839b474f4bdbe1df18bf65f8f6a7a8a684e1e83dae0f9d927440f730ed17c8d1f9d776e0950f0e875b6f0abf194e9080848ad3c2fb7c5a889ed31dead4ab4aff52a4ca2143ee231adce4cdea2d013b23e0454dd2a3b286247aeda7ae2609d725b602502503f5a4b1525c5300cf9f4f67fa12c64353aefe02f522e941236f3aefb4704ac5af52e6f6a77d61702c456d5a46b60d925652f13571646dbe521a4b47a547330d155043a280182e156d479351eeb68930b54b1f199df38ff14c4a8088cc5f72c1583163d8195cb2af5a515d28363b61ca8ab30c5a61920855526d6515750ddbd5e8816ab91775b47d95ebce034f4673165907ad6b95a31beefbc37fa2600dfc09bfd40643c93b60624a9a8803451f9f002c7dc9171267dac5d60c8164640d420116c16d5314022481892fa0836f9f2c989bfd2ab1a4e69e9b6a1cd318edcbcc51c1c67a9b04972500b7f3c64eb830e5b2abdb7ad1d7efe42f0d41fe2396000f6bf4922e8788a3f27043ed7d84c56d65957fc46b9d90ef5fdde0cb1855dec40917fa17e4518632f41216341d76d24569f7449da4b6737d42858f649963be6774d08080ae4f1ef54f16ef11a938161c882f4d1484a2acb2a72dae8bd3666cf030e2f54563702ce1e4f1cc192e8c793a39a54eebc23dc57be4d6e360516e5b67ffbad7024b957a26124a43c24ffd896678425abb3f65a0cb76361c26f0217a23c6f3fa396399aa26088735760b0bb90579168929e07785a07fe73f8d5941652259e6e7db09c30bf42fe2709d985d604fab4a656b3424f7348c326002310afcf0ab7b2ace87e710afc818e210cd151fc9bf6979dfefc354330e88984ec349eaff80318d8cbb93903ce7dad6b5e783047e3ebd7b9225a2c77fd3df870bbe775b3b4dfaa58d4bc60d9bae782c714b9cdfb187049454a08324a31cc8be6034701a9c66ade667b7819b41677087cb877aa90b39188307a4293dc6a3751fc7375f3b66418b24f1c6d7ffffb276ccfef2ce7832348491f3485893162308600709e3fdc4ffe8f834e269bb27eb101c50ba982469f9560dc837bdfae7e464658e09f544bd738e929e5dbf7dcee0e47db078ded703547c3e1952008c3a1755d2b5ffd86a2bc7d147ed02f9d43850da389db6907dc7ece499f4366b55134a814fd5b30e6b3b2593cccf244c99acb1211d2f0680516f060582d8391c8a2b9dc4dc62b22d221cd37e3e7f22b8feb4955922205109698affacae57a3cdfb6b02bee6581a4c904780547ee8e539a5ec005d0e278e2d1787d3e9f8d03ef0acac361994ff893968ab0349cb0ef0a41b4aa4d4bc84afeca1ff4f128960388e707f7075b185ee1d7ab8772eaab18f2dcc2f36e6629d4bfccca1fcc1508f8f56c65edd9242e553d09282492e9b7644ce8a87293a3d7e7ddc2867bb43869ceb55e6fead7b75b5b478ff99397ad6bb1855b249fdd4750ec72011cdecc0a217410a7225fc8f6f5117e4cf08e649c2a18a7fe2702be46f01427812a4d115bd092ac874b80f333a890b12f77c81c3e6e589b091685e8d449fd33d74e47e804f0b35c51710e2ce480e5080a41862003fe671e44393b3d23ae76d6c339b325ca81ef7a8587e9bd5e77c62b62bc270e788b81aaec22a4d725b7eb57a9c3b92e5c0b20ddd6d311f615f40328b1ec202fdb77fb74f9f74c419296215a90327157d28bad244d82ad23c227fcd9aeb2130dd9e45f4c9cb5859462b99"}], 0x1010}, 0x20000011) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:15 executing program 4: r0 = syz_io_uring_setup(0x15a6, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:15 executing program 2: ioctl$CHAR_RAW_BSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000000)=0xe445) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000080)=[{0x1, 0x3, 0x800}, {0x3, 0x8, 0x800}, {0x0, 0x7fff}, {0x0, 0x8000}, {0x0, 0x117, 0x800}], 0x5) semtimedop(r0, &(0x7f0000000040)=[{0x2, 0x7fff}, {0x4, 0x400, 0x800}], 0x2, 0x0) 03:59:15 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b39380000080000000000006143e417375a636f8fac157a9cead84f0919b642e8a5899c6b7088df529c8d03003f48c964d1af7d00"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r4 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r4, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r6 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r5}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000100)={'ip6_vti0\x00', r5, 0x29, 0x9, 0x7d, 0x8001, 0x31, @rand_addr=' \x01\x00', @private1, 0x40, 0x8, 0x0, 0x2}}) close_range(r2, r0, 0x2) 03:59:15 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x200000000000000) [ 1375.720019][ T9095] FAULT_INJECTION: forcing a failure. [ 1375.720019][ T9095] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.732755][ T9095] CPU: 1 PID: 9095 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1375.741425][ T9095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1375.751538][ T9095] Call Trace: [ 1375.754819][ T9095] dump_stack+0x137/0x19d [ 1375.759150][ T9095] should_fail+0x23c/0x250 [ 1375.763565][ T9095] __should_failslab+0x81/0x90 [ 1375.768327][ T9095] ? io_issue_sqe+0x418f/0x6080 [ 1375.773190][ T9095] should_failslab+0x5/0x20 [ 1375.777696][ T9095] __kmalloc+0x66/0x360 [ 1375.781842][ T9095] ? rw_verify_area+0x136/0x250 [ 1375.786696][ T9095] io_issue_sqe+0x418f/0x6080 [ 1375.791475][ T9095] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1375.796933][ T9095] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1375.802820][ T9095] ? __io_queue_proc+0x99/0x260 [ 1375.807675][ T9095] ? vga_arb_write+0x17d0/0x17d0 [ 1375.812627][ T9095] ? io_async_queue_proc+0x3f/0x50 03:59:16 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x300000000000000) [ 1375.817743][ T9095] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1375.823107][ T9095] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1375.828950][ T9095] ? try_to_wake_up+0x353/0x470 [ 1375.833824][ T9095] ? io_wqe_enqueue+0x457/0x4d0 [ 1375.838713][ T9095] ? io_wq_enqueue+0x3a/0x40 [ 1375.843337][ T9095] ? io_queue_async_work+0x18d/0x230 [ 1375.848625][ T9095] __io_queue_sqe+0xe9/0x3a0 [ 1375.853212][ T9095] io_queue_sqe+0x6d/0x160 [ 1375.857635][ T9095] io_submit_sqe+0x15c7/0x30c0 [ 1375.862401][ T9095] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1375.867892][ T9095] io_submit_sqes+0x61f/0xaf0 [ 1375.872620][ T9095] __se_sys_io_uring_enter+0x217/0xb20 [ 1375.878093][ T9095] ? fput+0x2d/0x130 [ 1375.881984][ T9095] __x64_sys_io_uring_enter+0x74/0x80 [ 1375.887373][ T9095] do_syscall_64+0x34/0x50 [ 1375.891875][ T9095] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1375.897848][ T9095] RIP: 0033:0x4665f9 03:59:16 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xb00000000000000) [ 1375.901739][ T9095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1375.921345][ T9095] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1375.929858][ T9095] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1375.937829][ T9095] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1375.945834][ T9095] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:16 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xc00000000000000) [ 1375.945848][ T9095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1375.945861][ T9095] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:16 executing program 0 (fault-call:7 fault-nth:21): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:16 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xd00000000000000) 03:59:16 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b86964e4e3446080004000000f175d6"], 0x78) [ 1376.161977][ T9131] FAULT_INJECTION: forcing a failure. [ 1376.161977][ T9131] name failslab, interval 1, probability 0, space 0, times 0 [ 1376.174653][ T9131] CPU: 1 PID: 9131 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1376.183350][ T9131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1376.193469][ T9131] Call Trace: [ 1376.196750][ T9131] dump_stack+0x137/0x19d [ 1376.201081][ T9131] should_fail+0x23c/0x250 [ 1376.205548][ T9131] __should_failslab+0x81/0x90 [ 1376.210313][ T9131] ? io_arm_poll_handler+0x15e/0x420 [ 1376.215666][ T9131] should_failslab+0x5/0x20 [ 1376.220175][ T9131] kmem_cache_alloc_trace+0x49/0x320 [ 1376.225462][ T9131] io_arm_poll_handler+0x15e/0x420 [ 1376.230576][ T9131] ? io_wq_enqueue+0x3a/0x40 [ 1376.235159][ T9131] ? io_queue_async_work+0x18d/0x230 [ 1376.240448][ T9131] __io_queue_sqe+0x133/0x3a0 [ 1376.245167][ T9131] io_queue_sqe+0x6d/0x160 [ 1376.249585][ T9131] io_submit_sqe+0x15c7/0x30c0 03:59:16 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xe00000000000000) 03:59:16 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) writev(r0, &(0x7f0000000640)=[{&(0x7f0000000040)="7474c591685f90f5bcbf0ec0f44317fbbf09d183047351e77cee55aeff4701105d7e8c97902bfc11122b7ece070405f9126efeb35209", 0x36}, {&(0x7f0000000080)='v', 0x1}, {&(0x7f00000001c0)="9e8de5d2734ea477ff7554cf9d7ac2f22e117e757861d234d2d192535e368ece3583c2834e9c73d6e391782877508a1d1f7e74af392c0653e5942837e63c581d837fb431afb83dafd8bd3509abe69ca0b9a58cb3e02290155ad6919aa5ac6d5348f8352ea8a3da673eb964b2667ca0ce575eb4e42741e320ea6c3c4607fdb063fbc96f82d9b1604cc53fd8d701b82d0c6b231a78d1db8c41547c54f0bfe34c63a762204d74dd3ea19f14d309adddc85629f9666ed32b1437344a81f8fd2d44f3cd3fc8b34ed1d19d2a06e3f561a9cddfa9c98c2199c1", 0xd6}, {&(0x7f00000000c0)="7993306f5b6a78f1b11280b1187a002d5a12d8643329492aaf5445883a7fa4cdb253a6c7e4ce76de6fc1abb7e51a8969a63e3122fa4b34153e3c5ee3352be8ae1b3a3fb99354b5cb9851754b9ae9b84abab97edacfc3136451e1ec27313ecca67a86a2ada4f513f69405d6bf6e52b60666624c3eee68aeaabdff2782979eaec62d5d2eb0d32e65c6cf10b284621c2a15d6f7a397ff9fef550f18728448a2bec261c4a33d59a4329458a198030dfada7fbb4fff9035ddeff2f4", 0xb9}, {&(0x7f00000002c0)="97d8778d331913b56441e2d7fc36a7959d7b4e34473139eb715065a04e2f4adf8605256fb9044ea8a5eaf85111949afae94efbcfa44ad0b0494824950d140860eb063f52c3c45b400f3268bba3cc81fec9eebc12235f5cd64bb59b53059da369bb46bcd2d2e8de709a17860a6873091ed2893f51c5ec0d35db5dc225189ef8711ee1d6c56362ed60a1743a524bb3b124749e8b79a4d8f94d798797ccc6575b47cf9f5c0a3136a7d389ce0b1575af6078bfc16ac9b78db1217cacfa18efa774d473c05b93dd67d810e7c5063b8f907376270e9e231afdfaa9", 0xd8}, {&(0x7f00000003c0)="76444588135697eefba82956da25cdd5731793670ef71f854f3b893bf3c876c3b00908dbc40961e06fa7f3363ce952606ea726da5f1647b135c23dc5fa5104fa8763af17ca25b2d524c6e1d6e558c4995dd57cd7eebaee44ded36b6aca", 0x5d}, {&(0x7f0000000440)="5706f6bcdcdd0939670bea51cd61ad43ed0490eebac038cc7f2b9ac5146d1b9d8bd51b9e5c8a0b423967131e3f22af5dfd74531281a75de5d1a6db95bc38f04080", 0x41}, {&(0x7f00000004c0)}, {&(0x7f0000000500)="be89d3bde93a79cf2a", 0x9}, {&(0x7f0000000540)="edca42bc0cdca959c4972e811d04de6c4c736cdb58050cd54855b8f27948de460874c1cfccb71c0a9bdbfcd2f8ba69bb379bf8638f1d1c5e5495eff38b69da9b5e59effd2a02d20f8ad35b1bda4478ee73a9a210bdba5e5ab68dfe2791f5c8ba9123fc0fe1a9b42603259d3932275504bb994dc4c500d6dd37e0e8db6c58b6e0c84917bf6846d1f43225a597fc1d6ecea972fec40dde92f1ed9828b7caca9815347ae64fc7ab1c6978d5854819a8764701209078b0a6a276a9c46f7c099af89ef9c9d7b888f4b70b7b86aa50", 0xcc}], 0xa) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800a0fe0000000000800000001f8ef11600006d"], 0x78) [ 1376.254353][ T9131] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1376.254418][ T9131] io_submit_sqes+0x61f/0xaf0 [ 1376.254443][ T9131] __se_sys_io_uring_enter+0x217/0xb20 [ 1376.254463][ T9131] ? fput+0x2d/0x130 [ 1376.254483][ T9131] __x64_sys_io_uring_enter+0x74/0x80 [ 1376.254550][ T9131] do_syscall_64+0x34/0x50 [ 1376.254573][ T9131] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1376.254595][ T9131] RIP: 0033:0x4665f9 [ 1376.254606][ T9131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1376.254656][ T9131] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1376.254712][ T9131] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1376.254722][ T9131] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1376.254731][ T9131] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:16 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r7, 0x0, 0x0}, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r2, &(0x7f00000001c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x0, {0x0, r8}}, 0x6) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) sendfile(r4, r3, &(0x7f0000000100)=0x4, 0x5) io_uring_enter(r0, 0x400450a, 0xf58c, 0x2, 0x0, 0x0) [ 1376.254741][ T9131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1376.254750][ T9131] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:16 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xf00000000000000) 03:59:16 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b39380000c98d62208f250000000009000000000000798ceb79e43f3c118dc9499f73e6ef60c92b83f522307bf1d28e8c1ea2849875ccc31b4e9418fae772111eadcab393f8f5607ec0ed2883f894a01a91e6fe1e5be885883abfd898fa6d7a49ab18cbe1a859d4729d0cdf7d18a70adbbf2370c20cac9d480f8d21b6c1cf5eb5e4ffa78a1f523c9065c183fa24c884d5f19c427a3c38a17bdc9038c5d6a553fd4b73d0f96e83f45d73883724ebcedf344212ef34cd163f9e46e5983b1c0df5dba609f943adfc1ee6804f2b2e0a03"], 0x78) 03:59:16 executing program 2: r0 = semget$private(0x0, 0x7, 0xd7a1459dadd83147) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x0, 0xfffb}], 0x2) r1 = semget(0x2, 0x0, 0x90) semctl$IPC_RMID(r1, 0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r2 = semget$private(0x0, 0x1, 0x6) semtimedop(r2, &(0x7f0000000040)=[{0x3, 0x7f}], 0x1, &(0x7f0000000080)={0x77359400}) r3 = semget$private(0x0, 0x4, 0x0) semop(r3, &(0x7f00000002c0)=[{0x1, 0x1, 0x1000}, {0x6, 0x80, 0x1800}, {0x3, 0x4, 0x1800}, {0x2, 0x2, 0x800}, {0x1, 0x6, 0x1800}], 0x5) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r5 = semget$private(0x0, 0x3, 0x40) semctl$GETZCNT(r5, 0x3, 0xf, &(0x7f0000000200)=""/138) semtimedop(r4, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r4, 0x0, 0x0) semtimedop(r0, &(0x7f0000000300)=[{0x1, 0x8000, 0x800}], 0x1, &(0x7f0000000340)) semop(r0, &(0x7f00000000c0)=[{0x3, 0x7f}, {0x3, 0x5, 0x800}, {0x0, 0x7}], 0x3) r6 = semget(0x1, 0x3, 0x49) semctl$GETALL(r6, 0x0, 0xd, &(0x7f0000000140)=""/190) 03:59:16 executing program 0 (fault-call:7 fault-nth:22): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1376.704982][ T9180] FAULT_INJECTION: forcing a failure. [ 1376.704982][ T9180] name failslab, interval 1, probability 0, space 0, times 0 [ 1376.705006][ T9180] CPU: 1 PID: 9180 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1376.705025][ T9180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1376.705036][ T9180] Call Trace: [ 1376.705043][ T9180] dump_stack+0x137/0x19d [ 1376.705063][ T9180] should_fail+0x23c/0x250 [ 1376.705076][ T9180] __should_failslab+0x81/0x90 [ 1376.705093][ T9180] ? io_issue_sqe+0x418f/0x6080 [ 1376.705115][ T9180] should_failslab+0x5/0x20 [ 1376.705201][ T9180] __kmalloc+0x66/0x360 [ 1376.705214][ T9180] ? rw_verify_area+0x136/0x250 [ 1376.705232][ T9180] io_issue_sqe+0x418f/0x6080 [ 1376.705329][ T9180] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1376.705352][ T9180] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1376.705398][ T9180] ? __io_queue_proc+0x99/0x260 [ 1376.705416][ T9180] ? vga_arb_write+0x17d0/0x17d0 [ 1376.705431][ T9180] ? io_async_queue_proc+0x3f/0x50 03:59:17 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000100)={0x0, {0x2, 0x0, @loopback}, {0x2, 0x4e20, @multicast2}, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x40, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0x8000, 0x7}) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000080)=[{0x0, 0xf79, 0x1800}, {0x2, 0x1, 0x1000}, {0x2, 0x7ff, 0x800}, {0x1, 0x3}, {0x3, 0x77ec, 0x800}, {0x0, 0x2}, {0x4, 0x7, 0x1000}, {0xf69687ef16c15ddd, 0x1, 0x1800}, {0x4, 0x3d}], 0x9) r2 = dup3(r0, r0, 0x0) pwritev(r2, &(0x7f0000001980)=[{&(0x7f00000017c0)="3796324d57273b72c66f9c2a44f1927fafc59ceeb2196719701bd6dd9b37b7522ff994c2d794e1efd6ee57", 0x2b}, {&(0x7f0000001800)="3b5c619502349bbf11a17c3246c0bf16295cadffa4d5a28570e460ccb28355e10c223ffffbd7c7ff8d8431c6a4f7aeef1884f970012250665496771715a786104395a4ac901fcaa054ec8e9c44ab4e055199df1f263e563ff5a28145159d1311fec4d3b0a92342bc917308c21c463eb371471bb2b5ce02de4d30baa786e55efb43aaa7b277f3d82c2ff256c6f49e62d0261bbbd34ab8801e42ecdd0f604d54bca210b0d6a81899daf87028a233c9", 0xae}, {&(0x7f00000018c0)="4f05a1b86c6ba19174641e617cc2fbc4c6ce3553e2485cb6e6f5a96b2ee7f8886f71658eabbc87142cd5c59c735b986655c2286335d57de2ed17566690b33af90fb07cf2e662463859bf96a278b751c6d4eed37780324714493e06a9b55ebad80ab367c166c0fe849a65dd66c40ff9444db7316685864df52bae057264e48879a5b2efd7ce45625236ad742c371b9e65ca887708264d8875da7f0050d253176f60c52974a4479b4fdac1dd0dd21e89caa4dfdcb7fb303e65359d79", 0xbb}], 0x3, 0x7, 0x0) semop(r1, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semop(r1, &(0x7f00000000c0)=[{0x4, 0xff65, 0x1000}, {0x4, 0x3b0, 0x1c00}, {0x3, 0x1000}], 0x3) r3 = syz_open_procfs$userns(0x0, &(0x7f0000000180)) preadv(r3, &(0x7f0000001740)=[{&(0x7f00000001c0)=""/142, 0x8e}, {&(0x7f0000000280)=""/165, 0xa5}, {&(0x7f0000000340)=""/226, 0xe2}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/113, 0x71}, {&(0x7f00000014c0)=""/155, 0x9b}, {&(0x7f0000001580)=""/235, 0xeb}, {&(0x7f0000001680)=""/177, 0xb1}], 0x8, 0x4, 0x1) semtimedop(r1, &(0x7f0000000040)=[{0x4, 0x20, 0x1000}], 0x1, 0x0) [ 1376.705463][ T9180] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1376.705484][ T9180] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1376.705568][ T9180] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1376.705601][ T9180] ? try_to_wake_up+0x353/0x470 [ 1376.705623][ T9180] ? io_wqe_enqueue+0x457/0x4d0 [ 1376.705635][ T9180] ? io_wq_enqueue+0x3a/0x40 [ 1376.705648][ T9180] ? io_queue_async_work+0x18d/0x230 [ 1376.705701][ T9180] __io_queue_sqe+0xe9/0x3a0 [ 1376.705784][ T9180] io_queue_sqe+0x6d/0x160 [ 1376.705802][ T9180] io_submit_sqe+0x15c7/0x30c0 [ 1376.705868][ T9180] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1376.705948][ T9180] io_submit_sqes+0x61f/0xaf0 [ 1376.705972][ T9180] __se_sys_io_uring_enter+0x217/0xb20 [ 1376.705994][ T9180] ? fput+0x2d/0x130 [ 1376.706015][ T9180] __x64_sys_io_uring_enter+0x74/0x80 [ 1376.706063][ T9180] do_syscall_64+0x34/0x50 [ 1376.706084][ T9180] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1376.706109][ T9180] RIP: 0033:0x4665f9 03:59:17 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1000000000000000) [ 1376.706122][ T9180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1376.706140][ T9180] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1376.911867][ T9180] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1376.911878][ T9180] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1376.911889][ T9180] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1376.944166][ T9180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:17 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1100000000000000) [ 1376.944179][ T9180] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:17 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1200000000000000) 03:59:17 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1300000000000000) 03:59:17 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x125) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:17 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x1400000000000000) 03:59:17 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0xff0f000000000000) 03:59:17 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) preadv(r2, &(0x7f0000000600)=[{&(0x7f0000000080)=""/108, 0x6c}, {&(0x7f00000001c0)=""/143, 0x8f}, {&(0x7f0000000280)=""/161, 0xa1}, {&(0x7f0000000340)=""/227, 0xe3}, {&(0x7f0000000100)=""/5, 0x5}, {&(0x7f0000000140)=""/32, 0x20}, {&(0x7f0000000440)=""/26, 0x1a}, {&(0x7f0000000480)}, {&(0x7f00000004c0)=""/110, 0x6e}, {&(0x7f0000000540)=""/177, 0xb1}], 0xa, 0xffffffff, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:17 executing program 0 (fault-call:7 fault-nth:23): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:17 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = syz_open_dev$vcsn(&(0x7f0000000100), 0x1f, 0x4200) io_uring_enter(r3, 0x2ac6, 0xe7f9, 0x3, &(0x7f00000001c0)={[0x9]}, 0x8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:17 executing program 5: ioctl$PTP_PIN_SETFUNC(0xffffffffffffffff, 0x40603d07, &(0x7f0000000040)={'\x00', 0x4e92, 0x2, 0x1ff}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) [ 1377.409025][ T9227] FAULT_INJECTION: forcing a failure. [ 1377.409025][ T9227] name failslab, interval 1, probability 0, space 0, times 0 [ 1377.409109][ T9227] CPU: 1 PID: 9227 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1377.409127][ T9227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1377.409157][ T9227] Call Trace: [ 1377.409165][ T9227] dump_stack+0x137/0x19d [ 1377.448022][ T9227] should_fail+0x23c/0x250 [ 1377.448043][ T9227] __should_failslab+0x81/0x90 [ 1377.457245][ T9227] ? io_arm_poll_handler+0x15e/0x420 [ 1377.457272][ T9227] should_failslab+0x5/0x20 [ 1377.457293][ T9227] kmem_cache_alloc_trace+0x49/0x320 [ 1377.457356][ T9227] io_arm_poll_handler+0x15e/0x420 [ 1377.457395][ T9227] ? io_wq_enqueue+0x3a/0x40 [ 1377.457450][ T9227] ? io_queue_async_work+0x18d/0x230 [ 1377.457470][ T9227] __io_queue_sqe+0x133/0x3a0 [ 1377.457489][ T9227] io_queue_sqe+0x6d/0x160 [ 1377.457509][ T9227] io_submit_sqe+0x15c7/0x30c0 [ 1377.457527][ T9227] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1377.457604][ T9227] io_submit_sqes+0x61f/0xaf0 [ 1377.457632][ T9227] __se_sys_io_uring_enter+0x217/0xb20 [ 1377.457655][ T9227] ? fput+0x2d/0x130 [ 1377.457674][ T9227] __x64_sys_io_uring_enter+0x74/0x80 [ 1377.457699][ T9227] do_syscall_64+0x34/0x50 [ 1377.457719][ T9227] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1377.457745][ T9227] RIP: 0033:0x4665f9 [ 1377.457759][ T9227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1377.457777][ T9227] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1377.457844][ T9227] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 03:59:18 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x2, 0x10) semop(r1, &(0x7f0000000000), 0x0) semtimedop(r0, &(0x7f0000000080)=[{0x0, 0x7fff}, {0x3, 0x2, 0x1000}], 0x2, 0x0) semop(0x0, &(0x7f0000000040)=[{0x6, 0x0, 0x1000}, {0x3, 0x83}, {0x4, 0x2, 0x800}, {0x1, 0x865, 0x800}], 0x4) r2 = semget$private(0x0, 0x1, 0xd62) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000080)) 03:59:18 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000140)={0x22, 0x8, 0x15, 0x4, 0xa, 0x6, 0x3, 0x166, 0xffffffffffffffff}) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(0x0, &(0x7f0000000000)=[{0x4, 0xcc5e}, {0x0, 0x2, 0x1000}, {0x4, 0xf330, 0x1000}, {0x1, 0x1000, 0x1000}, {0x3, 0x2c00, 0x800}, {0x2, 0x7, 0x800}, {0x3, 0x1, 0x800}], 0x7) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r1, 0x0, 0x0) semtimedop(0xffffffffffffffff, &(0x7f0000000080)=[{0x2, 0x4, 0x1000}, {0x3, 0x0, 0x1000}], 0x2, &(0x7f00000000c0)={0x0, 0x3938700}) 03:59:18 executing program 0 (fault-call:7 fault-nth:24): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:18 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000080)={0x2a8f957f, 0x38, '\x00', 0x1, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) accept4(r1, &(0x7f0000000100)=@can={0x1d, 0x0}, &(0x7f00000001c0)=0x80, 0x80000) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', r3, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x80, 0xc}}) fchown(r2, 0xee01, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r4 = eventfd2(0x8, 0x800) r5 = pkey_alloc(0x0, 0x1) pkey_mprotect(&(0x7f00001c1000/0x2000)=nil, 0x2000, 0x3, r5) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x2e7f23acd92171f7, r4, 0xb6c00000) [ 1377.457856][ T9227] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1377.457869][ T9227] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1377.457903][ T9227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1377.457915][ T9227] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:18 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r2, &(0x7f0000000280), 0x0, 0x20000da1, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) [ 1377.869548][ T9264] FAULT_INJECTION: forcing a failure. [ 1377.869548][ T9264] name failslab, interval 1, probability 0, space 0, times 0 [ 1377.882243][ T9264] CPU: 0 PID: 9264 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1377.890953][ T9264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1377.890984][ T9264] Call Trace: [ 1377.890991][ T9264] dump_stack+0x137/0x19d [ 1377.891013][ T9264] should_fail+0x23c/0x250 [ 1377.891029][ T9264] __should_failslab+0x81/0x90 [ 1377.891048][ T9264] ? io_issue_sqe+0x418f/0x6080 [ 1377.922713][ T9264] should_failslab+0x5/0x20 [ 1377.922798][ T9264] __kmalloc+0x66/0x360 [ 1377.922817][ T9264] ? rw_verify_area+0x136/0x250 [ 1377.922838][ T9264] io_issue_sqe+0x418f/0x6080 [ 1377.922889][ T9264] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1377.922917][ T9264] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1377.922938][ T9264] ? __io_queue_proc+0x99/0x260 [ 1377.923001][ T9264] ? vga_arb_write+0x17d0/0x17d0 [ 1377.923020][ T9264] ? io_async_queue_proc+0x3f/0x50 [ 1377.923124][ T9264] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1377.923217][ T9264] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1377.923238][ T9264] ? try_to_wake_up+0x353/0x470 [ 1377.923260][ T9264] ? io_wqe_enqueue+0x457/0x4d0 [ 1377.923278][ T9264] ? io_wq_enqueue+0x3a/0x40 [ 1377.923294][ T9264] ? io_queue_async_work+0x18d/0x230 [ 1377.998071][ T9264] __io_queue_sqe+0xe9/0x3a0 [ 1377.998097][ T9264] io_queue_sqe+0x6d/0x160 [ 1377.998119][ T9264] io_submit_sqe+0x15c7/0x30c0 [ 1378.011916][ T9264] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:18 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x7, 0x0) r2 = semget(0x0, 0x0, 0x8) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r2, &(0x7f0000000080)=[{0x1, 0x1, 0x1000}, {0x3, 0x9, 0x1000}, {0x0, 0x20, 0x400}, {0x1, 0x9, 0x1800}, {0x0, 0x9}, {0x0, 0x7, 0x1800}, {0x4, 0x401, 0x1800}], 0x7, &(0x7f00000000c0)={0x77359400}) semop(r1, &(0x7f0000000000)=[{0x1, 0x80}, {0x4, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f0000000040)=[{0x1, 0x1, 0x1800}, {0x3, 0x7, 0x1000}, {0x1, 0xf6f5, 0x800}, {0x39d9e7b9932d93e1, 0x7fff}, {0x4, 0x9, 0x800}, {0x4, 0xb0, 0x800}], 0x6) 03:59:18 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r1, 0x200, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7fffffff, 0x13}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x45fc}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x8}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3ff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1f}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000050}, 0x4085) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1378.011939][ T9264] io_submit_sqes+0x61f/0xaf0 [ 1378.022307][ T9264] __se_sys_io_uring_enter+0x217/0xb20 [ 1378.022334][ T9264] ? fput+0x2d/0x130 03:59:18 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget(0x2, 0x3, 0x416) semop(r0, &(0x7f0000000000)=[{0x4, 0xec72, 0x1000}, {0xc3763d252683cdb1, 0x80}, {0x3, 0x5}, {0x3, 0x3ff, 0x800}, {0x3, 0x5, 0x800}, {0x3, 0xffff}, {0x4, 0x400}, {0x4, 0x4, 0x1800}, {0x4, 0x2c96, 0x1000}], 0x9) [ 1378.022352][ T9264] __x64_sys_io_uring_enter+0x74/0x80 [ 1378.022481][ T9264] do_syscall_64+0x34/0x50 [ 1378.022505][ T9264] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1378.022568][ T9264] RIP: 0033:0x4665f9 [ 1378.022581][ T9264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:59:18 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = syz_open_dev$vcsn(&(0x7f0000000700), 0xc4bb, 0x40400) write$vga_arbiter(r4, &(0x7f0000000740)=@other={'lock', ' ', 'mem'}, 0x9) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) recvmsg(r3, &(0x7f00000006c0)={&(0x7f0000000240)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000000640)=[{&(0x7f00000002c0)=""/89, 0x59}, {&(0x7f0000000040)=""/52, 0x34}, {&(0x7f0000000340)=""/213, 0xd5}, {&(0x7f00000001c0)=""/26, 0x1a}, {&(0x7f0000000440)=""/134, 0x86}, {&(0x7f0000000500)=""/39, 0x27}, {&(0x7f0000000540)=""/220, 0xdc}], 0x7}, 0x40010020) r6 = accept$inet6(r3, &(0x7f0000000780)={0xa, 0x0, 0x0, @private1}, &(0x7f00000007c0)=0x1c) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000a40)={'syztnl0\x00', &(0x7f00000009c0)={'syztnl0\x00', r5, 0x2f, 0x50, 0x4, 0x80000000, 0x24, @private1, @rand_addr=' \x01\x00', 0x7890, 0x7800, 0x2, 0x7ff}}) r8 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r8, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r8, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r10 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r10, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r9}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) close_range(r6, 0xffffffffffffffff, 0x2) sendmmsg$inet(r6, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000800)="24eb5d8fc4d7c41c8e391aa85f7016b72f3f4bb7bf4ce6e40a15ce877dbebd6a809cdd0d10d6e5b430e49e68fb5fe11b369e2e5fd173389d6049d67c151017c362b003a675db4622b81c30d4539e4daf05b35862382a7f6f68f6edbea66c471652069927b282f62ed04905d8ea4a0dda939ceb9d46a90666aad6099492381abf9c6dbaee9105c4be6ee0ed3d1c4ffa7e0f9c75f2e6a33e9e3188e4", 0x9b}], 0x1, &(0x7f0000000a80)=[@ip_ttl={{0x14, 0x0, 0x2, 0xee91}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x87}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xcd}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xa493}}, @ip_retopts={{0x28, 0x0, 0x7, {[@cipso={0x86, 0x14, 0x1, [{0x5, 0x7, "1d7ca15836"}, {0x0, 0x7, "8b68b71024"}]}, @ra={0x94, 0x4, 0x1}]}}}, @ip_retopts={{0x14, 0x0, 0x7, {[@end]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x4}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1f}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @rand_addr=0x64010100, @private=0xa010102}}}], 0xf0}}, {{&(0x7f0000000b80)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10, &(0x7f0000000d40)=[{&(0x7f0000000bc0)="5ae90d48a5e07d51cefda032a42e20a4e6d4d4f7c9e8017d45de71737cb333dc0c3dee555059fe54107508dc79f9d1c1f37473077775e7ebc65cea36d2f1acc3221e627a865f71f6ddfc190c1bbdfb59c0044c2bc0825d8fd9196ad728ae6ca617c384564405bfb89492302dde", 0x6d}, {&(0x7f0000000c40)="61ab2c9b812988d064eeaedc8c99400298e2a839c77ac4195e9a50a72d25980e0ef5bbdc265469250d32c2ef9055398c2022fb2b89b9f25541f21db14a2f9249e7a8afb7766d8f711626f7bf5b9836e185cbf86ff665e539f3fde191f277ce95870c26b4f0ca34e9d4f9608bf4d01727557b79ad6c00d6bca25b0615f0757a2653f5fabf377782fe1c2e1f324723b76598a1e04bbfd77220d196b1e31a08a5b54e48262997a05f8ded43ef87d5e3cc522dcbd02d85ee2dcb561fb31b686f14a1a122ae5318a62abccb3ef2bca2390110baa27f83a78b2ae7a88ef7b6d24101881e4a115c8ca3dc124f131498d1be", 0xee}], 0x2, &(0x7f0000000d80)=[@ip_ttl={{0x14, 0x0, 0x2, 0x8000}}], 0x18}}, {{&(0x7f0000000dc0)={0x2, 0x4e23, @broadcast}, 0x10, &(0x7f0000001000)=[{&(0x7f0000000e00)="df5802dd3e74ab8a9a81be9b2369763bd15d56c132e681541533d868213616e1d52653d27e0fe4a5d3b8d2d0c4ccb6869a83f8cbb4cdec174d7b60373fc241fbd193eb478e3391e6ad58d19e12fd0551d0478af587f58437d5c0aa37433a98ead821f9d653420d724da9a804c26466e6981af4053ccee175db6c9b0446753541a5eccc44ce51f30978836d0e0c863373ee7a960a167ecbc85face2f3872d6d961a6c5bedade38ef6738107af9aa3ae7cc1ff8b410e402e94425b0c34ca88edef8befaab98c3167", 0xc7}, {&(0x7f0000000f00)="c2760f18", 0x4}, {&(0x7f0000000f40)="6c3eb8dc0f0d5dfb9a5c73283d372bef06aafaa23a9d19af5c722b92b63d0af4aa10ef46b8c6", 0x26}, {&(0x7f0000000f80)="2e3a4236ec3d623a3c3c55a9fc37e3acf8423d54772c1cf0cd0abab76e7d4c8ef631a29adf5e2698ba40f705d82d1838523be3a79688d7b2236cdf9accdfff93bc1efb844e1315739d63a3dc7b59be643ee58d84", 0x54}], 0x4, &(0x7f0000001040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @multicast2, @empty}}}], 0x40}}, {{&(0x7f0000001080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, &(0x7f00000025c0)=[{&(0x7f00000010c0)="fe14f03092cd8013d87b32c601645f59d7dd9b80ccbdb897e0b744749872387591b3cc58ab1bc6587029799835be42fd519d4604d9a183a53f1ef60730da112fe321d09556fdcc79fecb63254f8cfc97bef2d398f606523b22d3722743d918353c8b7d596739762a48203017978e8c3e87bc121968b3681ecd772344841f839234665080", 0x84}, {&(0x7f0000001180)="3f2d5c9c068f9988dee28d479581fabbf8732970e4be58cb29a402397961a77aa8e48934bfc712efa46d6bd7a355627be853d2ae98944c5203531913a86b2c4ad7aba87df38693da2ffe4b71238a3eb79089c2ff2fbe71f13c6b7407be4e9ea45398cb11bfcb9d66b261bf644ad26dd2e5af3bd1a500bf0ddd7b6bf6807e4df7196192e9cd48f5d032715caa7df7998a26e4881e2147759a106a289a381070bfdc20ba62ab0683f3730683652338eac2b20bdd8a8f727d67875a8e7a730f029eacf6b4e06780f5d7feb64168c07dcee1fead7c305996f694", 0xd8}, {&(0x7f0000001280)="24d3183ca6c29325a0a174f6108246a1c240d2c53281f9", 0x17}, {&(0x7f00000012c0)="8d1c3c5adaa0dcebe0f2e06c7bb27dea33011048d4cc4618c30c0c3bd315f435ca90cde545fc861d77448bceed42f46394001c99746dbf5abb30ba92c9b1e1485efdcffa7771f239c1f1fd5a0d88056d4156489094dd5bc5e88947e7dab992caa1d517c1265f5e4e8767942bc2e4e6a7524f8da5167f2edf9e4c63c97cf00f26326060293f5c297a8124166c60de7ce390b593a6846596848ad9dc1b11d15d0f7d4bb999c8e0b8659d88c69f56d647b9d9e7b3d8c2e50fa63217fe71837b5f67ded49f11b31e6d6d97e5bef989110ff02f0a9af4f0863827e4b86d28437ca731bd3979d613a772fa8dfde1ba7ae04232bdf6506c252698f090d0d4867ad7993813ac6ba23613f96e5c991da2ab73c1c99fd0198df721a5b68d6397208a72baaec44431f46aa4619c168f860a07363a43c2c7288cd718947c23c97fada16069373dac355924f2c72793325a03b3f9c978d6eb3c56b7898a5bec290fcad231cd8a8cc5e87cf6e55d133bc0c8744476c022642ab4fa4f6ef4e0494360085533c8a5ff1e7832a850f98f8718f44852b1b0d6382104ce9516ff7fddfd0d6a3e0e77102fe2b9e7bf980d01b0d5b088c38ec4e3a3587bb7e5390343a3541950625505062aca231e4dc9a35e44d76b963c943a2a04448600d1186840da6acb6d345bb710b03ce7165fe706b675dcd2cebb2c4aef278d6cea32bd2569941824c54298028aa85807ba94c05fa8614facf441dc839fbc071f72269c3632591e4b2980350234470657741b7295b4b82b108ed46bd93aa39c43e735d265de6af88e3486388fd13a570fb3a3fcecacb9ca8c12d24201de2e4d2f7bfbe7329aecc6b4542c47d95695124517f694756a4dcd958b7d4f1b008b9c0ebd483cfe212047fc9b8939ac8bb3320ff9f6d68b6b24d5124e4a49965ca51cb7eca068aab4bf41abbef933f90fd4081c7c40874fc071db581af3447bb96677734ec41b5df58bf7bd8a41565966b9bb1aa21743888baa3880db3449fc5855b8703a9d7ba841aaa8a1e8874cbb6d8b656ec55dfa93ea64f1d62c4cb03e47c544e36c7bf66b918f52f8e39f183cc73be02734cbeb23c2f25bb87a9c8951db715b30c9a0a46791c05fc1306fa04361745c18d3909309ce181717d43b9026323ee1fb48fb53997a6d2553530b7c9d97741d72578fa8ccf2dc4bb20814c96b4dc88bc335da3bec7c7d8d5006e96c7b158a9af0658ff4558f330a6860c7ed117926afa03d389c4a02cee5ed20fd37fee045bc907862aad914b0a65203d1c47d6e52dbbee7128b53af35a382b4aeb480d308da76dcde688f3ee71a445eb7c3acd0fa115ed406cae23cea81a62a4cc0ce077e4ff46a33222e98b6536c01010278bd906db569100c24d2cf0b41d50efceefc76cdea198a970b2f5a9ff0f3993723f38e8f3303db5d7a70e7725b153ac3c16e2a7f2ba30489f81c663fdabb7264fcdf20b6980c6ece2ec6160bab1acfa28f7ca695797d934302ab692bf6fec5aacb48a5fa5de9ecf9d3e438e4854c30f2a0d76f26f75a2f010a0f5640f30f80556cc425e008a515b411610b0011f5a1165313a5cf4557f539e44dcb2a8291e26d0c381daa0c1601c527aead7e33e996ca22587f7e23bbafcd50022dde74c18cd772a27d89a4c64ac789430c3fdbd83b6196b7c5628f62e3fe370c79c1b655f6b092ae21385671c311027c049b6e70a6911941e33f2855687b353009800c237a68c159a48c0c3da731434ee0b2eff53aad8d2bf0a067ac409b7748a7e1598c1ea55994182dba8a81354bca71055dea279346f8fcab0c738a2b1deb4b3f8c4f59b67c27e69dcdf0be627e831423ca1c11cbcab59a3a59b050f65ad9ff96e7e063ccfae53417d017f93c84ad540a147d4a801756ae13c0bae47fe338d50e10d1fc6e39661b529272519b929a614e249327bc1da8a54c15d390387604bcc37aad7ff3f2c56ed699e5fb5ccba5ad8c5af23226ce8094367d9daa0b933fc6c5536e79bcfd60397ac71e0f4948be2881327f3e296ee6bfefe0336e17ba668fbf47efa2a6ae5e428998699ed07bb49ac9c79fc272c51d48119de56619a035866dfc365eb70a40f0837c61f1b27d0416f6a0095a7848071634046ee88046f4f532b6c0bab81ce006ae877937934aadec2a9507419f79626e8f0a98f2117333e5b56415add36440095b7f123e6d68086df269d91027bdfb76da080112edfb35d78025cb1e89895b2250a469bc74c929e4406cf6dd52c870b21e305aae046cde4c44feaeb46d74a6e6e1179c185fefcaaa31234b95bddd64e546f597fc49b8f8da3c0a96f8239c3e5e3e5983a2beff8c1068de4a500f6f995be8542c29fe0834d0a48a209cfd6f747af11f6a967eefcc234b11836019946c8731d5f7201a589eff1c90b2d5aaee94c7c794f6e78078c566a0b4e806f6ba542d88e08da3821e47df1c5ba90dceaae3c755289fab8dc84eb4ba569201800f8abf143f2c2f42b5aae38ab82de1cd1ac590bbfb4f3571c35233d00bf222506fe24296116a786ea0c36ea2808cb8d44d9a9ac500cdaaf48d78cf54260aa7c715478032b0e88d749e71887915e341d18161878317af32563bdbe8c6766079acb579fb89fce40434bd710a3dcc8a9b36e6e19e6ca9b290facfdde4aa2e2641fb657051f255a1c7364b3b0937807d0111e5c301b337b3f97acdcd1ca4591c62c3d93779b8efaa7afc98ff23f84842164af4a3b02b004d69adab5c3fe521d5a0b3531d873aac04e979b6c4db341d0ef29a7fafbe19a42693b2b4baed23afb86ff35294e0dd9b252e5d853589e14e33dcf9bc282bc66edcea6e28cbd3390f8dd0db4e3e1945f2d2aa3fcc8e140728cf4efee1490586334f757701dd2c150af65650b4dab571ee6a66efd752127bc0ad99d1aeb26bdaffaf3af3233a8d354242fe7ef196ac38ab66e64a2a14e5cb8a85c2b10705cbfc93a29a0a78b4672983705c8ad997968cf1002f794a310e9f873118968cbb28820334784fe1a99ca0450e2914995570a8059bc3032eb49349bfdcf9a63c6fcbd105930f2f3eb82e731190a4be0d5c9d0ab449a0f4b0a44e417078a5eb1efb871d21ab1f44257d3f8fee2594dfbba7c2e186af51d58cf8a13e93d642145a3afe9fd7c463d94461f6ff7fb3cccffe65f6b4b0a0704bab8ef7f8b9a8dc0b32b1d33a603de42dea959d672c9e434b9217117ff397dbf3a3f9705e5aab8b404fc92f39af8850990bf0da268b89e8e36a687ada7d5369ce1600f9bdc8e0a145e47ba24a67d6eadfb53ef3c664c6a45326dc3b4c68a232593a0257e9df4f11a861b8ebd4d857f4ae99dece3b5d8b06d13cc61a0a29c2e550b55c3f2056643e76506a5392db2671f3cc7e011991a9818878cf5139ed7ca218134f4b1c2dfde277af341b7176af90517cfd08b95466a30fedbca17cb99207aea1c63144565262262094dfb5b9e79fdccf986ac4a2e9245a651a85840226dfdcb530ba0c1a895c7bc059136c9316aa20b271a2d064d5d2a885ab2d53419ffaaf154d99777c80c4b29300182d68aa1b3e19c83250141c6bb542ab69c2e5db397c2c0e8de6aa43e937ef434312cc5c458750e3de9234fa5fdf5dd704dc3d9901075ee724f8347e23689229821e0110061d890423a97537d4f4dac5593d6f96346f143e2042fa40c0607c51a3a92853105a250e3c6677b02a5fe77afedda78296c03dade6f70bac8ae71b414d4d599e3ae62de2714a17adb4f25105db41fc42164946def9c1c72a7b303ae4aa51e82870c653a0858d5f2c7bd30d5c6cc6d75cfaba6561c8933f1618ab15b9b8351e549d806209f0b5b5b2dd3cbeb721d0b5e960ea0dde37f2f5ba80b1168d9d89b87b75c18551d1001a439ef5d131021907571ad8d545ba62ac5e7b0e17517d32e750cf386743c0aa08213fd10e300acd77099ecbe2670aa2c9ba0789b1cac98b6d041f5ff96c9e7c0c3e22a4deb225c9c11e32d27ff1217169770fb9195c76dba0a172456855e6a3ab014e22cd89de33bf725cb2ab80fcdd51514306a6adffba7a53c41f05b2a64ce13e8b52778dd196410447b453956d961202f07a2916b3ad66f71ca2b017d37281f38ff450951ccaa1c36d50e6279f3a2ab9f2986ef34f4318e722cc8839a55e886c7ea10c753013f41b81aac9aa8a64dd70d4dd8cf931441dcb0b9399349d261f45e854712fc4e2f703a453dca2294619f3292da6114afdf727dc2c680ff7c99b7743f88068c78a055b938810d16efefefcba4e29eca278c998a896d6ddff0ec8506d69cab9cd36c4eefe70ff998717fc6b475f66ede6c3b417e66e644d2cac8ced146da3374eccb14de0d58fb479b80668bae3fef21eb8e06b3fe44322c285463b1f956546b0b77a9a50889301cc622370b3e122e6b746dddab0757aded110f9bc0785b21070e595b3cff12d9398508fca757b96baa09df3868b97973127a19171e24d522df2f14768fe7b89d51008f1a45c221ed2b41ddba8e0f6540ad11472ffadcd5dc730bfd94c57360aa87ca09e48ccfaf2af1f59660575a6b90511011408d0bc578ad7d8c7b48c4841802ca8d2a92c0396bf7d1e8031ead2354eec41f3cee57a338253463f0e71220a62d0bff317a77ddd2abaafb37621e729955fcd2b7ad0c8ab96b37ad4c3530ef89f703e25e1fb822283eeec8b616f6179ef4e3ccad9a7051788be9cac1402f44c9c4022670c9e2bfa41c00647260e662661b594fca55e8b15000b260ffb44142afe846fe4c24937e6e278970849d3b7cb54abd4836242c1122db32e507ba592dd84819acb0146b84f7b9bdee9b513c95dcb0fa48fb26f542dbb8461bc25590b89b8a39018a02bfbaac8099392b9ae67d07078bb093fc729abfc05738f385a8c7750e82366b505547b5d81ab129e6b5ce8b1f45dde2a9b4488c446605daeb9c83b279c23030482f9d20b383dd0e4573d6014f3ad9c629d7d99b28a1fe1ee82d1fad48817fae666536d83c56b2d61dafa5cb0c0592b72b8b3f30e3daeca3421eb91b3fa3c3e00575cc2dcdbd046e057ed4395c58f830d366db2e665e6ef30b54b04a3366730f3074d166185b6c489416a034465db99aa051f94c2cbc662dbaf1f38955fb390b6f38878b779d5beb8921bf1290c4dbf512b13f0b3193d8606b9d251536ca83fcac2a9aff9f1674636ea0ae009310e88e06eeaf09e474c2bca8aa27ed784160c4a956d474b7465cdfb0a9c2e4b3eeacb383591425a80832de34141689dd29c2cbd20ea106243e24d3faed46a4861e1e06d3ab764eb42175fe28f99f08102842854a531ff28613ae7e94550fa63c92d95e652d426c5fc7fa5cf60e112701de452f884bc4f4dd065c7c1e5d6dbcce9fa17a8b4c41b9e429fb88498e5a2d8505ea1f86cab631268a4b340dbdaf1a2b40f450ebcafe799b5a385d228996d6f3d9839b011cc2d3004e618da03ea99f0e42935156e3ad069a8c5c436ac4ccdd40459f34128e3494e717e3c84c2d8b497638b2d617f9e1f2b324e9812c78aba6267322fbbd44e97df9fa49ff56833c29f903681e7cfda316e959e7c482a36a6202b981a270b692bb0a48f733a30b103336b80bb6bd6aa6e52728460120f349ab3bb22ac15701c73bbf288cd019b0d96147256ff6e7f3317c391935ef3d28b59ece32de327268a33ffc92ccc72abed650025923697a8d2ed838a1e5f40f5cf099df3e1cec0e1fc9d2f598f39533631518b2c272319222fb855c15f9e214d5c27c3ef4faf1cfc2f229c49543d24e1819797362f893d3cf56fa9", 0x1000}, {&(0x7f00000022c0)="6c0916028dc6b814c7078eba20d78587dc1089ae611ddafad62dab7fb74fe6d49aabfdbf2208df109c69dcbd96d5d5279e3008fc8d2d2fcbabf41bf187fc3cb35d6f548cafd4a18b84be427bfafc782ef0ff0a", 0x53}, {&(0x7f0000002340)="eb4065298734fcc58fd554416cd7f806c02a8835e63cb6245a27bdb22d7b0bfcc5432046a02bf777076b2259694663e6fc37aef44e62e827313df22d015da7007b74d72961cf8df8788f87d4ec6102bcb120c2172e2c082ad7c948fdb3958bfa6c0d521116287b4cf5f656152ac4e91632dccc05ef1e62e8571a6adc231b4887bf1a045124571eb386737b959fce232758e444043292fb380e9f4cf6b8a589a5cfbcead4601a65b3a837ccbdd102991c5e832e6f3b1dd1e35aaf99bd037acbba5b9e669c2d54b7a07c55e8bd23f9cb4570d27e937df84f1c16a7b97186c9a81d1f87c461847aff358d5abf84d3e14deccf27", 0xf2}, {&(0x7f0000002440)="2e592cb07c8e3860f741be19af4734a5db309e814b578a6d7a5e172b9b513256b739e2dd69d83fda5dbb223cd698c3054fe47ce890d30a80027f64ef066b0390ee9d76b48b2efa0e00a9ee145db64d13799436c043047de7", 0x58}, {&(0x7f00000024c0)="30364825c0406f32986ef8ba968bf2383e98f09c499cc2a7a71ff37fa3d4c023159319bc3dc7cd0abf2f2707185d306ad19eb277744291e7496a299e77d6d66a34d58a20c5e049a780880e892bb3407a27c663781bf6238e960272d850a589b688f6e3740760e491801be3ba23d2282b52f52c015cbfa7f0439aa468c7a16ead891c80633a5dad47d9cf8b190eae26f36989f5ae4bd3baafbb38f516984ab9f7cc3c84f38321c45473b13b411b6b187c750c642dc701a11f801c86a53aedbdf9d2e1b6d5eec6b2b6265d5be038ce97381102c9fcb20d0720b778", 0xda}], 0x8, &(0x7f0000002640)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x1}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x80000000}}, @ip_ttl={{0x14, 0x0, 0x2, 0x141}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x557e}}], 0x60}}, {{0x0, 0x0, &(0x7f0000002840)=[{&(0x7f00000026c0)="79991bf9c90e750c64b1430e9d6757b01a9560d05abd05ff07ecaf64918f92b263c7cdd7d8ffc11cce65d221faafd1856635dab9e8343ed476e188904e7c432ca1809200d95c6ac2243b", 0x4a}, {&(0x7f0000002740)="1fd751df0bfeebf052d9c236075cfbea2d70f29ae9de92a42421fa58dfff266ddb9ff5c4db08f99c83add987d6300d7e0de85a071efb1c20bfa7ff0aad77c7840f292dc78d6da5ba581034ba55652be732d67ed7ae8e2840470bc84e072eaebb22ef89b4b711e50ee8d56d8b406f0d43b58776ffa47b9f4a98e5fbcf19da891f05a81998397ee42aa6662f0b0e1b7eda0414070b909547f5012a1dc871e99c9fa61a8522f73ac4ef7fd1b214620c94be54faffd668f353b44e459b57b84b5b79c77ceff9c1cdc1d4f9acf757bc3cb189fc7e824c6cc8b78794a0e369df2b8ac24db1cf89fb8ad327bd7baaaca26f52237914c18cd2396aa885abf35f", 0xfc}], 0x2, &(0x7f0000002880)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8422}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @private=0xa010102, @empty}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_ttl={{0x14}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}, @ip_ttl={{0x14, 0x0, 0x2, 0xf75e}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_retopts={{0x14, 0x0, 0x7, {[@end]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0xe0}}], 0x5, 0x4048011) 03:59:18 executing program 1: ioctl$F2FS_IOC_WRITE_CHECKPOINT(0xffffffffffffffff, 0xf507, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(0x0, &(0x7f0000000080)=[{0x1, 0x1, 0x1000}, {0x2, 0x2, 0x1000}, {0x2, 0x1, 0x1000}, {0x4, 0x83, 0x1000}, {0x2, 0xffff, 0x800}, {0x7, 0x40}], 0x6) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r1) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0xffffffffffffffff, r1, 0x1cd, 0xfffa}, 0x9, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4}) semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0x0, &(0x7f00000000c0)=[{0x0, 0x800, 0x800}, {0x3, 0x1, 0x1000}], 0x2) r2 = semget(0x1, 0x2, 0x391) semop(r2, &(0x7f0000000000)=[{0x0, 0x6, 0x800}, {0x2, 0x3, 0x1000}, {0x0, 0x8, 0x1000}], 0x3) [ 1378.022597][ T9264] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1378.022615][ T9264] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1378.022627][ T9264] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1378.022638][ T9264] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:18 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget$private(0x0, 0x3, 0x22) semop(r0, &(0x7f0000000080)=[{0x2, 0x561c, 0x2800}, {0x1, 0x2, 0x1800}, {0x0, 0xffc0, 0x1800}, {0x1, 0x4, 0x1800}, {0x2, 0x100, 0x800}, {0x4, 0x7}, {0x3, 0x3ff, 0x1000}, {0x0, 0x7ff, 0x1000}, {0x0, 0x7}, {0x0, 0x20, 0x1800}], 0xa) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) semctl$SEM_INFO(0xffffffffffffffff, 0x2, 0x13, &(0x7f00000000c0)=""/169) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x0, 0x1f, 0x1800}], 0x1) semctl$GETZCNT(r0, 0x3, 0xf, &(0x7f0000000180)=""/31) semctl$SETALL(r0, 0x0, 0x11, &(0x7f00000001c0)=[0x3, 0x1f, 0x1, 0x0, 0x884c, 0x9, 0x4, 0x1, 0x78, 0x7ce]) 03:59:18 executing program 0 (fault-call:7 fault-nth:25): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1378.022650][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1378.022688][ T9264] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1378.400162][ T9310] FAULT_INJECTION: forcing a failure. [ 1378.400162][ T9310] name failslab, interval 1, probability 0, space 0, times 0 [ 1378.412826][ T9310] CPU: 0 PID: 9310 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1378.421522][ T9310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1378.431584][ T9310] Call Trace: [ 1378.434866][ T9310] dump_stack+0x137/0x19d [ 1378.439198][ T9310] should_fail+0x23c/0x250 [ 1378.443626][ T9310] __should_failslab+0x81/0x90 [ 1378.448399][ T9310] ? io_arm_poll_handler+0x15e/0x420 [ 1378.453722][ T9310] should_failslab+0x5/0x20 [ 1378.458235][ T9310] kmem_cache_alloc_trace+0x49/0x320 [ 1378.463577][ T9310] io_arm_poll_handler+0x15e/0x420 [ 1378.468696][ T9310] ? io_wq_enqueue+0x3a/0x40 [ 1378.473287][ T9310] ? io_queue_async_work+0x18d/0x230 [ 1378.478594][ T9310] __io_queue_sqe+0x133/0x3a0 [ 1378.483346][ T9310] io_queue_sqe+0x6d/0x160 [ 1378.483373][ T9310] io_submit_sqe+0x15c7/0x30c0 [ 1378.483394][ T9310] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1378.483422][ T9310] io_submit_sqes+0x61f/0xaf0 [ 1378.502699][ T9310] __se_sys_io_uring_enter+0x217/0xb20 [ 1378.502725][ T9310] ? fput+0x2d/0x130 [ 1378.502749][ T9310] __x64_sys_io_uring_enter+0x74/0x80 [ 1378.502812][ T9310] do_syscall_64+0x34/0x50 [ 1378.502833][ T9310] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1378.502857][ T9310] RIP: 0033:0x4665f9 03:59:18 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_FS_INFO(r2, 0x8400941f, &(0x7f00000001c0)) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000000000000080000006d000000"], 0x78) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_FT_IES(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x130, r4, 0x329, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_IE={0x106, 0x2a, [@measure_req={0x26, 0x100, {0x0, 0x0, 0x0, "369eddbb15a30143481faccb067077d8054ade3b2750e35b561af9b1e3e91d0daf4174768fa8fda714806888755657e13ed4c1d7ca48783b59e4dc150c780e836497c88fe55eeb3c2c617e1d319f3206f0adaa6073ae4e05118a358f64deae3a833764e5c2f7fdefa446a5da1303b22c8374ce5ed250de7dd1e30d2a30d78b9da2681b2207be5074c82d2a10a67a8dd84187459eb54b8ed5a29e9cc9af1f80dd6eff21629cbfa23aaf9ce9e4c23a1bf20e1706ad6b898fa63f118833d71a59389976c91efeeebc1b9d2da95001d22c17dce05bea07a1d426d13b16de6aa540367a0fbfa97f49b85008a6fee37516d9759207ddd76d60d86d6a141b263b"}}]}]}, 0x130}}, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000001280)=ANY=[@ANYBLOB="cc0b00f9c88aa3ea5b71cb2bfa6bbd9ff2820063a592dbab0ac81a532006cb387c00fe28d6b1f9be6e85c3e4088df71d2fb849a5a85b91c9f41a41827d353c09f597c8f464be5023d8d72d9d7629ecc8ae4e738e7d3ebd197478e606d462d129c44589ac5c1040e10a56021583b15819618fd5bfec009c626c0835a200b0d6a41952c441fe864c259aef7c8f1166a48369681293fee8165dd93447538dadf65b91c21aeb74b4c7e212e05beb9505520f160102136ad5a8354246ff82", @ANYRES16=r4, @ANYBLOB="010028bd7000fddbdf25390000000c00990000010000680000002c015a80340003801c0001000218006c2424166c041b042436240c360c6c3006671b0b16140003000400c0ff00800800654401000001fffe70000280050004000000000005000400020000000d0001000b606c0c06120c051b00000006000100034d00003a0002003641491e3b1c0825280a4f0c0d4414180d4701322e3821145207104527004e1b3027204b28354809120f2b444104184e310e202a3e2f000005000400030000003c00038014000300000800800300020001010400cb007302240001001b301b04092402162418030c6c6c09121814040149020c030216040b18031d044800038015000100025d6c6c0c026548600905360048091b1b000000180001000500090b09126004046c36020409180560600b0114000300fa00feff08000600010007000700060018045a80b000018039000200092001564900421d0d523a4c2c25424a0b21053f202d413f50541838512a4946301543483437574c18094807460408442707512418000000190001002748361b026a056c6c160c09010109054848183602000000050001000c0000001200020031151d50241f31394b38104e130f0000210002004f430c2a482c013f3255040829423027381b25241623214915011e1c5000000005000400000000000b0001000537483024090b00300000802c0002002a3b16543b2c060237194e1b451b30404720391508471d43053c03201f4c0f21414607010a490e31b0000080460002002c114745002324411c13310a07204842100d47311d1d3f3c4333132230471d0101250033263946261825371a1f40573f1f344c331b150407501a2918492a1c180f3a00001400030001000008ffff820004000500ff07d0000500040001000000140003000200000480000000040003004e0902000400010005000400020000001200010003131816601b3509480160066006000014000300a76f0000ff000002030040000700050014000380050004000100000005000400010000007800008014000300ae3e060c0600ffff00000900fdff0900140003000900ec8601005303060029720600512514000300ff07ff010eb3070002000700210000001700010036486c060b030b091630060b091802011201090008000100061b60020500040001000000050004000100000005000400010000007000038016000200203949531b00542b9f45483f40293b37331800001c00020039093147511939042f24214a3d18483e501b371108123a26130001001b01030b09021b30020b09160b020c0005000100060000001b00020011222c36115038202c304f06550b2a4b354b490e4d30530028000280140003000104ff0301000010170c7a0fa54706000500040001000000070002002f0411006800018014000300940065000101010005000200040008000500040002000000460002003e293e3924160b4a522b2a103c4a473e433100365421272f2809154c045204173b54493b262f0c48242c18053a2e280f0500422f02004e4e070f30220d072d562d070000700000801b00010005000b4703120118040301166016183012601b0c240b4800110001000302020b6c0c09034836066c1200000014000300200001000500a9000000020001ff000005000400010000001400030002004000ff01090041000500080001000c000200433e411a2f30291d88000380120002003c4c4e3017033c280c2004092832000014000300070013e60800107e050081000100000036000200004e074916503e490d49234a1033494e5306174e3750172a08304750390e0f3c3c0f320202212f572e203e2257570351345100001400030005000100b100080002000000ffff0000050004000100000005000400010000009c005a803c00028022000100020a011b6c1212180102162401180936060a300130601218020c6012040300000b000100030b12020301000005000400020000005c00028005000400010000000a0001000b306002096000001e000200254154024f505128364804043e1a05154f384831302d52193b2d0000050004000100000006000100300600001400030002007f000100050002003f008000ff0014015a80100101803a000200370839123b48451d0c49401047171021452b3f19440231404d343e331e37263c1a1736093850290e2a1b394d045020071b441b09172a00000500040002000000150001001b65480400350309181b0c05361601030100000040000200552610341220213e110117503807383752031b192b302c4c3b2002502809250a2a16003e080e533741112e164e26081f3d551f3d421602384d225149330002004b0f1334430a242b0c48343f463c0f463e24480e173b16031609414b3d334f130906121e390e133f0a051911202838000500040002000000050004000200000021000100606c6016010901021824240401161836120b180b056c0e061b05eb241200000005000400010000001c025a809000018005000400000000001e000200081a00242b4c1a2e1a0c2d193a4c270550181b034c094b272008000014000300854001040600030008003f0067ce9b5421000100051609030624181200001b02300201060209041b6030040916301800600000001400030003000100bb0001ffef7affff010000011700020033064f36400b01362a463e3a3155100f32544800e800038006000100360200003f0002003411093741062a1a0b11252c1452521232330b4e450c3a383b0157122006254a321c0956524814320c1e57092f01121e112e2827281d4130110d0d0014000300008009000800030001011e54030003003f0002000832234515490023144a483e50031f3aa82f284147524c4c3a3d1c285454523c411124400d1f26193400363a4f370e461a39110b2719485229381e002d000200494628121e491a2753371f503423300b2d1a0b25510406420c450c45354404280c4b090c3e1b2329130000000f000100041d3e6c05480b02606c0c000500040003000000a00001801f0001001b36092409050248160216604e5d240b24300b1b1b061b020b480b000f00010036302e183005020130061b0014000300050001000900001005000101000458051400030008000300040008000500040003000900050004000200000006000100480600000500040000000000170001006c6c1605120c36125d021803000204300b24360014000300f8ff40000300070006000600060001009c025a8058000280050004000200000008000100240c600b3200020001224852484d523a282d0215112147081948492d2827243a56531a2d093c3d052d0c0001451b4b11420a2901244500000f0001007acb05609a30241d48051600300000802200010048041230060505186c24301801026c24090604051b483643d70130290b18000005000400000000002000028014000300ff00760007000300800001000500010005000400010000005c0003800c00010012601830310530051400030001800400050007000200000004000500230002002b1e202740292e4613080d360d0b30491837150e3a0b303f2002491020234700140003000200020000040200ff7f0900000802007c0000802300020018193e230d1351242553140e501c360927333d4b081730381d30481b3c55110005000400010000004b0002001704001e1a0502331d19525034112f3837203053202f51223d4e172c1d45132f52133c124c1d33404608390b28300946301c4b5008273e4f254b151b1f432651182b204726105200a800028017000100600c521b121b60052416051b1b12450c016c2000140003000104010088e2d7023f00bcde09000600050004000200000005000400010000000a0001006c0b2f36233600001d000100020b16363611006c1606300b004830020948633030091b0460000000140003000100780308000100090000000008ff0f140001000c0509300112480618030204020b010614000300ff010100000404000700ff03000004007000008014000300095f0800dc31010020a30400ff01030005000400000000000500010016000000140003000900000008000300d10c02004000020005000400000000000d00020049424b4e0a29391804000000140003000500010001800100080007000004a5060500040000000000"], 0xbcc}}, 0x4000000) 03:59:18 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semget(0x0, 0x4, 0x100) semget(0x0, 0x1, 0x8) semget(0x1, 0x1, 0x4a4) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 03:59:18 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x130, r3, 0x329, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_IE={0x106, 0x2a, [@measure_req={0x26, 0x100, {0x0, 0x0, 0x0, "369eddbb15a30143481faccb067077d8054ade3b2750e35b561af9b1e3e91d0daf4174768fa8fda714806888755657e13ed4c1d7ca48783b59e4dc150c780e836497c88fe55eeb3c2c617e1d319f3206f0adaa6073ae4e05118a358f64deae3a833764e5c2f7fdefa446a5da1303b22c8374ce5ed250de7dd1e30d2a30d78b9da2681b2207be5074c82d2a10a67a8dd84187459eb54b8ed5a29e9cc9af1f80dd6eff21629cbfa23aaf9ce9e4c23a1bf20e1706ad6b898fa63f118833d71a59389976c91efeeebc1b9d2da95001d22c17dce05bea07a1d426d13b16de6aa540367a0fbfa97f49b85008a6fee37516d9759207ddd76d60d86d6a141b263b"}}]}]}, 0x130}}, 0x0) sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, r3, 0x2, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xffffff81, 0x47}}}}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x38}, @NL80211_ATTR_PMK={0x14, 0xfe, "09c49ae5cfa5e6c725a18d248d8daa69"}, @NL80211_ATTR_PMKID={0x14, 0x55, "2862f835fb3f55007aa78ab02eee4c16"}, @NL80211_ATTR_PMK={0x14, 0xfe, "8438669346dc919e811790ae9f02b146"}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000800}, 0x40015) [ 1378.502870][ T9310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1378.502886][ T9310] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1378.551422][ T9310] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1378.551436][ T9310] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1378.551447][ T9310] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1378.551457][ T9310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1378.551468][ T9310] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:18 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x80, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:18 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) io_setup(0x5, &(0x7f0000000040)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r6 = signalfd4(r1, &(0x7f0000000380)={[0xe1]}, 0x8, 0x800) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000004c0)={0xffffffffffffffff}) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r9, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) io_submit(r2, 0x6, &(0x7f0000000640)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0x8, r3, &(0x7f0000000080)="11b2688da7c0fd9b0ea5e96113fbf6b1e259edb4a9d53de44aef0ed41be787a3daca6e224bf27fd20b7c1ee3f57a5f33e63e1dfc50181d3b3d0599d85c676b19be779c3f776a0cac880bd62fb0e2ed6e5b3c73f37cca327d4f26aa675f8ac5d414b909f4", 0x64, 0x9, 0x0, 0x3, r1}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x1, r1, &(0x7f00000001c0)="d4712ddf3b24329a5f7c6d2da06ec22e13a31fd3555ce5a4113d5195eaf93eef8f2eee08bf2cdff2c0842485d7ef3b0501f8a01ebf46f9252bc86239ff24bd24b8b3329835d2019664046ac9be9443b41346b854dd209d70028678c613c55aedcc9b66c3e36c48719aeee03f2fce2ebe5b1d", 0x72, 0x8, 0x0, 0x3, r4}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x5, 0x1, r5, &(0x7f0000000280)="3a54ccaa82e0063df6434a6f39059939399769c1be72c42d8e81c9236eec403b9b2c41415ef4cf1545ce24119d6ae6b62e4763a2d1ddd639be45d84cc3457daccef3ae61286852b96116338f99c93a8b1182265a3d6ff6c815487f88c2b21c88371b335a98db283a5f595f7fc566dba4d5421cec627fd229092849dd11b546ce2bd9a5c7ce6c6aa2be2f2a01e3cc1d02cf89eba1c7fa7d2264af7990779c41469d93861b9d08d293d46edef6135b33c1f789c3567c3f7b3c0dfee0faf63752c3c677c71b3b70aa9c2748c3a09025d1935113e403bd750fec4e385f0f37719eca60485228afbf", 0xe6, 0x7, 0x0, 0x0, r6}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x7, r7, &(0x7f0000000400)="308fea73d298343b053a9d538df0973e71b3ab4a69c6948933a2b234a246ea1cb4fd74b7ab7a42492cc747b20bc6491d2e1bb6a9337d856616f2a7326cef7940751d97b5f1e4361bacec", 0x4a, 0x0, 0x0, 0x2, r1}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x8, 0xf06, r8, &(0x7f0000000500)="509e4ef0eb34d80d06e69e2e067cc4d875", 0x11, 0x7f, 0x0, 0x0, r1}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x3, 0x0, r9, &(0x7f0000000580)="8680a672c44a4625ff36b325d06d6615680a339906f5cd6fee8b51a7bf3b2f2fa119215b9108bbc31d2d34a688a6394a3157904a12bc96b31d4669f030a79619c076f62640827b7dab06c09cf81219", 0x4f, 0x3, 0x0, 0x2, r1}]) timer_settime(0x0, 0x1, &(0x7f0000000680)={{}, {0x0, 0x3938700}}, &(0x7f00000006c0)) 03:59:19 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x0, 0xfffd, 0x4, 0x7ff]) 03:59:19 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0x0, &(0x7f0000000000)=[{0x3, 0x2}, {0x1, 0xf688, 0x1800}, {0x0, 0x8}, {0x77f99668539a008a, 0x1, 0x1000}, {0x3, 0x8, 0x1000}], 0x5) 03:59:19 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid\x00') vmsplice(r2, &(0x7f0000001300)=[{&(0x7f0000000080)="7515bdbf75cf6d707c69d28626da703a6f6a6c1221cb161a627552487ad4acec44c7668b4ff3a4af7512f831f28d655bbc9e283fc8d2b99588416dd700eaef56e07ff46a85f9d36ff9456060adee553cf84dcac12e44acf0420fe3911cd78c8efbf70a103289fa7c5bd49818b7eab35011900ff96aa7d34d4fdba8cef13b96f8ba92eac1dacaed803c8728f35832a1f5d781354ce7a760116eb01048d51b694c6dd25c67cd3363d7e20240ef83841db1200b0c36017eb3bf70dd3ed20206cac7a162d11a850580bba0b62309a334d39213b7ee9b82d565abc184cdb89c82f51add9b4e82d71f", 0xe6}, {&(0x7f00000001c0)="74f607c4336a20cabb25e9b3a793bc3a535b593f2849b910713fe5a7673b0439f3961e9b4af63c3736f699c5aa6b8b9bdb5a47826d8b03bc1578f3acf2180e190b6391b016a40f1d5912080f863e4bafa1c66f7963d2d49ae64d72ad9f2bede9a79342dd56e93b3478262a7cf287dd87dd0ec9db6fc481068ed9fc642ed4a7a32d4163cfb3e0affe3bfa2187c3d1797ebc97579fb0b23ef4fcec81c596a23f0aeecd2be957d1e05b5f", 0xa9}, {&(0x7f0000000280)="e59308d45d8df32cd432a01dad332e0a562d24f6773e086604d3b2f2152ded31c24da45a5f377df8781ce6a585c95c5ada56e05de6072b9bb0553e561ea08e33fa7e67c17519f43368795d3e6fc82e7d8d2c68c1453525d1fd11cad9ca9bebe5442707d4aa24ccabde862e62c8", 0x6d}, {&(0x7f0000000300)="4d960f4c4cba00dca8915c4c0e5a5543809b8257c6a08d7a2c0d1028abeabd7cd78bc77730e1ac57996f8e1627ea2128ef38189093292946a12e2bcc6676c2f774ed91f145fe310df351a8aa297f64a7096b5245be6cd410fe3c5e51f1379cf9ea6304465a6335a34caa33eb73a1fbc77a49361cf675bc387c9f257664c749152c73468b77ee8ae5050b6fdc1d3bb4537e2b2a8078c6ce15d9adb25f4fc9a9bf41548c4d35bd3be281112aede86f6273b7466f33d9085ae0f293cfaafd2660772c3ea979f378ee67acc92d77b57f34032d28a5bc05b5f86731a80fd040df7b59207bbbeeea687227d55d51de73bcb0d6dd9e9a19d28e0b413b4a7e9d3632691f481c090a1499a750c98fa6396eff43f0c20c06ed8a1fbc06a77032be1d28e05bc43c3b397ad043c14dbe20c816476d93e1834d4c44e87d2f4cb34c2965a9c140fa21e28c869aed5db0c2f9e6f14f29698b3128e54d9e3d5956ad621aea0e26cce20da545dcdd071f073a7494478afd466576ffdfa0a1e5a32f50674864674eede0896242808725d3dc8bbd7e896cd7cf537722e852e767edb8daa655298fe9547f6c14d214bba424ff15e22b867a469c471edc695bfe99aba70218b9c6e4d491485eea9c753cd70dc1a1910ba51fad2448a5bd66114a189f1aeabd29633644cba66c329489319e503812046ff5064d60ec284f187cde954759757aff12a2c6060302941157daf40f15ed3d94cb24632b6dec7669419292206daf342b03ca591e46a36aedf4b5ba6d5be5c6515eac5cdbd92bfdb0536f04ac3babfc909145c4fabf4a4592816aba7b40178d16c5508e066802f58db15346cbe3df24c128635e76ff9b7d749f4e7be6ebb2f970743f52a76765646ce56957332c1862207f0506d4d22ced30c04df97f12be668f33858f3e26f819f56ba9cdc701075823f44c634bbde56968e683f45b3f6085cfd58e37f3bfd1b1d33ee8cca2615e66d363227331004b6536cc91a2e556daee8b5bc2ac4eda7f7be112317554ade618f5d2ef34d9988e3034549b2f1eab8ac6da651889c2f6d1edab5b574678feeb7154399fc68eb5787585d6b7c116588462636e74167d4d73356d19b2bae7a2e4983aba2b9b9069166669e130fa3ee99a26e9aa38ce8646ec5f70a2ed1cec166bb60730d9067c56941ae819c596d9098c89704c411ba2985a6317208dabf5c5beb5c4492f70d622720c0a2758a30f5b8a1993c16b542183068808945c5422561d701799549a16e3a29edf3d292aa5f24de07967ec99e8581f7831183e7c45335fe7cc38f4c68a5f0985a09058077e8afaee4a731eb6ef7de5cab70724dd4b08a17a6fdefc5a190165168eb14508d3ddd5f2ae5e6069d9a7ff2b06d8b234d235bd2352f2a9b08cd83cc1fb68370451e06a65a161aabf8851bb77831cbb89e7f851dff06a4f6c092e0ba30166ff7c468de016f8ce803b0ead91e1d1836f626818703e294742055edb3810aaaaf1bf7b8834f03d596850e335267c77b4f9d01429a7c48a20ee0374f37981e8a1413e55ff1adaac0e7e39f2a5a6ad96c7ae0df04f848b9c1313481fa42d6cbbf1159cc1e3025380e8ad5addc399db4e9cba7911bf8fb51d5e1a899bc4edf47dbd4fcab0081d6ecfc4f52f7441e152f24e41d56650eedd72be2be659339db2fa9bd3b9bd5dc176ad1dc7fb2e8d549736f3d624ea5dafbc16add295b68afa5a6a06820bc8fe0211eeae30a3c17e66d1fcf8097934eb3ff572b465353b05952fec53d13247909c4c56d882e7d785f1322ca536ff0659388e5aeec5f57c6dbb235e071117c9487d21b57ea1432cdae0dee1ea32a1dda4f4b47a1a41b13b5a12c8ad622655b84206fc99ecf391dfdd561922dc1f466d62a029c32d8d42e872665bd013e4187b9ef0812aa2aab1fa46e024dc40e8ba3c41706e134bd50cee6b1b2b844e88c46575b2e8f9102a909592da9b866dacfc3fa57b3c0dac833dc4f32903bd7f96f862abe67960552da1cf88235e966bda3be01bbe249fa8ca7186095cc96cb8e51bdff2da5f2ab3d9ce7fb397b4d38747c87f7b1285bfdc8d9d1da19a5fbe8f97e67f7577427d8202f318bc1302eec75aa461e56f19aa43494687641d450e2523ae6b82ccb95d5e4d4e8d5b7ec6482ad01765a67869854b9e0d47e00a92c385acb5890048820179a4b5726237732a82e45c1f6ac2edffb1d9bb4491f16f8f27f2067eb297a313da841b593b8518a16097f98b766659ef439c80691c9f52815ae17126d7c8428b6dec1694a3e9ea778c9dcc10cd7ee0ec7a0fb3df05e9e28bdcbc2e481d58693d9387e3ba804cecaff4b0f0ddd6b3dc2f3c15886ccda38546782d28847396b99676fc6772eb70a1b7b74fab220970709a4f59a29449090bffd8a9303afbf66b321de2bd162cb7f3901ac5d56a647d76733dfbf872ac2053a6e82408ab82cf936d6c376a61b77ce8fb7808a8a60f2a94a1970b9db706b090c03d910bac7e543ede9f72be8868b70f9450fb89ff5a603e778945a6822b0d79621be48e75261d25864c46cd9a9b77418699aa971338bc5e30d30e5a3f6dbca279ac8dac5a217cb19b30559b3aaa63ee6798a027f2bea809577910c020ee6b726c7392de8928c3bc31712b73055b4fccf7b859e7cb5f6623305163688350c647f188a366148eee345f8dbd3c8ec0e4cbccbe7e99d23dd2d2837e45c33dcc49fa4fd54a6933e4d24dc823cef566c3e7c56165be9a8a259c59e624b8e5d9d94741b49bcfcb4a128b9b13440054e8756ee64ce792e671ab6a09b6072ad12831573b4119df2b4a1d4c77879dce908b4c48a6c052e463ae26bfdc3ff1a9fb5d8bba396892716b548c898aeace39db26db6447fb9b7972276ba3f4e7a911f9c7e43223c8796bda7bdab98af15157c45a1ae0e000a9e3630a87abdc0213ea646e35fa36d01e802a0c8a7b3ae033c72717526fab69d451ef92ca3b27f4e576dcff58f072138a470ca9be780568a5c89e1b9fb5b39d3d8af78402914807cf7f725410ee1251a36de3e713e2679cd506d6cabbc3f1cad5e5c3d1d67beee6384902ce7f2f74f2bec5fc4c69e0e5ac089a9ffec3e5ea5be6cfd5df993dc19165a338110515691f42d7e472536828c6d23a4d88c3c3becd5268e098c9f2771523f7e059d157f9c20815da04c914a79d3eebe451751e072ff20abc01fef97bb39d263b5e2ed28e1eed7a69d644e055533c581ce7ce2c71f1b73d9375c5fc23d94370ce242fe6641fa4cbb46e1dd6d512c96628257fd7c33d8d4ed63ff8512dc8ed4aca717a6d86c924b18fe5d91a1849397d4b1beb1df6afd9c62639371e1cd2ecd17e2ec8e230e8fbe0fd6ee6081ac767a4ff45b66784c20e14476609fdf08fad4c4ac9291817cf81cbff1ea12817954e9d1a0ecc5174acfc3b801ba472123baa304543865d3d9e588140e54d87171e3bd483ad316e960c93e6b7bbf473385fbdc8ba8d6935515dedc558fda2566f33bcd9a89460d10c217929a244d8769979293bbd9d4f0bb44771b87c6e87fd5205d35f85a03e9c23b840a1e817d69c9826e20129b19a706edc795b3da1d44bc29f82928cfe46f333f4dc88058f739dc7790c2132f52e0fe10dc08387a600601067da9758439216334bb28b3d60d8278ddd3d9a8f5a7dba19dc1db899f38b6fd8ca977ed516ba202dd9ad8860b5a4b55a0af335dbd7d524868820441bb2c3c208ea0bc8f759920fdecb626d076811dbefc3d9606be477da2ffd2de98f212094ef41e672a665aa0a19c1b2e4d587c97e2a2b7fb20b4f090322922c26480a96df534502d14798b331c711ef47140a20757cfd9518d3db9da38121549f8f7533fadbdd275be45a431dd38fe7e54a5b8feb5e3fb22e2db9827323b08f5c11b62640126e7fff05796141d5892d348953e975e38b4fd52d05d0b28fe27d3ded52f8bc49a1c08100ec9685cb54ab4f3bd7de95dc2842baa49214af1376cbc1fb58f79b6399b359aaf6b9eddd3375a01b50997876335fbaf12a9a8cd83b618d8f077580c4cbc921ec057884ea0be6d9ba97ed072375f0d3dd04e9483f1b54175fa496fa0997620f1daa0347163dc6b4b9e0afe79c4c5bd9ec2740f72f839717db253fe7edb92a0186ebbb3a17bd4b042888724d5ddc8bb0e420d231d33d7341caaea2e2c764a8cbcdf66dffb2fb5953607f29b2b1401681ff0f7be31ac2f2ecb6fa133a3ce3a1945e8a43216590359b0699732389892972250e725bec545be703ec83a780acdccd3dfa0bf71f1fec0f78b629387bbd9ec4438cd79edf2e0b6e19d7db01931e5fd2825f7367bf23c934f9e2c5301b06697b0f6922e8e2b91a044dde2e4ec99901eb4e056421d08da06e06d4cf90148dd471f6fa016d354fecf20ea24deb7e4992e45b2fc7be4519dc49a565a30ea7a7ccf2d38775e6616466247a8ee2b0a6a6087dd123f71c3d1ca459a6d2415d7315b895054bb9e554d6c14d5aba41c04e76e4b41d7f3d7342e10ed577b44dccc42a53b95b03a5d5173575e5f8b4f84b18f55a61c79e41000a81c6d3f76f64fdecba9984a2a31bf388d34075062341329dbd080edb921e59af7d2ffa55c7d602fe15430d78d564731e937ac5bd262e626570fbcfd7cf198b1c9f39306fcc6aadd2ff5fe81c46fd2d894b46341a0e967c7e7e8ee65cf6be9eb0ce761f793a4c57fe293733ae2003f58813c258aa2cdda10e43614ed55387f578ca9e645fdcc98c8d7cc82fa4d17888d260eab2252c14e1fe938cdaea573bd7f763847545f8183176ce1fc0ea2be156a1c357ca9c9d21edaf6728ccdf6a0c413b0db4a2fc5924bfd8e860ac10e6d20b9309dda0b29d6ea5f7276e638bbe399719ca77dc9ef333b7f3ad31d6deb80c16afa36e9ddcec3412988e4c40bfd48890e0fd0e307ce5bb1cc108c83765b0e7801c5e9925778e696d944fcab72ea6ea31314e87fa56b50add7ff997f4351c894edc46940b1f94aec3bb2817caf834107c306a97a34e30738c3ff120e0f0aa00ecc98fe103df12af32117bcb2ddf8946af29e39ea6b444c147bc95ff8ef5d8dad961a2bb2c1a8c75893a9fbd95bef2416886beafc9f21d50672b37b6865d48ae734ad3b2a150e284493969490529afc897a8be7062694e65909f9d58d067c1f61a0502d19d4d21faac50d6a1a21f5d93a17a6af850ad62ce3df319e338360152effa551201802aa7ee58d9d4afb27507a3993377e474812d8232cb98655d8d2b6fe705bd867fecdfb20086928c06a57751308ced140380fadbb9658020c835bbe9f4472289be5f9662c2c9869a5a5dcd249dc1b83ff7b9ebdc834de4cf02e88b3f08f29ce2b49776595463adb474728fcc2feb1b0bbf6d6173ee0fe272cd9d0927b1a64f8f57467b8b819952e87e32aa0b6e8f63d873430f9bedabff6dd0fb7dce836958a5caf6765f05c4a3da2114318956909c10f4f08f739f7ead366b23655ffc00846cef2080b6d727078d5676d3cb138303216ebb9056499852664b27dd52e3eef38a71ffcae40e2d83b5c62560a6e97c214ad89978f8d5870a4fc223531cb43cc3a27d8a03dc815567b98bbef7cab998b971de49b7346a200879812afeda0383e69c1089622c16bfa683bd996422d26b7b037e981d568020477db8e8fc1914875689b1246daa43e2325f8ad576f6f7a8e91ee3e31e6e4b237697802d69602d7b616add655ee203f1b06f8e3c80a4097fcf3bd6e84f6907853a8c6d80893f709e88f8f8f37ffa013b50a147562eea25c0d7cc7513623c9449d1b89866", 0x1000}], 0x4, 0x5) 03:59:19 executing program 0 (fault-call:7 fault-nth:26): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:19 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000000140)=""/188, 0xbc}], 0x1, 0xd9f, 0xffffffff) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="edb1209287aa2bd9848b5953b2c227c078613cac2d6086e4dc40508a554a86db6bfd857ce7f844fc8d527e0c2fb10c982bb476d1dd309f8069cb245bdca5eafe831ba709e00b4b0cdee0a1244b6626d6da7993446acab21c967d81f1acdab5c3abb0a09b040000000e9ea5b1ad748aa356fb4b940cf9fc190000000000000000730be5fd454822ceac39c52fac358326039d3be726b092ef928c27cb5b07546e84cbce0e2a932f6b1b4745f47afab568d3f4f96066ee8f502e3aff6f0fa796dee4565f5488143c55c5c00670a8da62add0000000000000000000007071b17fa3d20abe813394a2df56629575baba46fdbfbf545c497bf52dcc1ee1b9ff003012a56b79b04e122148e83fe488f61ba0978ba8cc011a6b1822360b67a08e508ba80f902351f055cbb5c5623598d789fbd1a6d46b41afd4ea035f7ab693835795cad4dae8bd2f9dd687ccb1c5fbf6e983230e044e9e2bf06b6760e2b6cdd14119e66842d80eb022ca21a26aa3c0d732309505ed3c15bb6a9f58f03775cbf10eab00"], 0x78) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$KDSKBENT(r3, 0x4b47, &(0x7f0000000200)={0x80, 0x4, 0x7}) 03:59:19 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x4, 0x3, 0xc00}, {0x2, 0xc, 0x1800}, {0x4, 0x2, 0x1800}], 0x3) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semget$private(0x0, 0x0, 0x0) r1 = semget(0x3, 0x2, 0x2) semctl$IPC_RMID(r1, 0x0, 0x0) 03:59:19 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) syz_open_dev$tty1(0xc, 0x4, 0x3) 03:59:19 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfff9}], 0x2) semtimedop(r0, &(0x7f0000000040)=[{0x4, 0x7, 0x800}], 0x1, &(0x7f0000000080)) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:19 executing program 4: getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r0}) r2 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r2, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r3}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000001c0)={@loopback, 0x0}, &(0x7f0000000240)=0x14) r6 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r6, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r6, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r8 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r7}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b4010000", @ANYRES16=0x0, @ANYBLOB="040027bd7000fcdbdf25060000007800018008000300020000000800030001000000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468305f6d6163767461700000001400020076657468305f746f5f6272696467650008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r0, @ANYBLOB="1400020076657468315f766972745f77696669002c00018008000300030000000800030000000000080003000000000008000100", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="740001801400020067726530000000000000000000000000140002006272696467655f736c6176655f30000008000300020000001400020067656e65766530000000000000000000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="140002007369743000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="280001800800030003000000080003000100000014000200626f6e6430000000000000000000000040000180080003000100000008000100", @ANYRES32=r5, @ANYBLOB="080003000000000008000100", @ANYRES32=r7, @ANYBLOB="180001006a361b6ffe3b6668499146c438e6171c888ea17e089c236d5f66eb280dfed0fb841d53f4b175030000000000000001c0c923d3deec876f2921d34110101aa603cf33ea6190fd2a0cf2f867745edae8c114edf1c9", @ANYRES32=0x0, @ANYBLOB="140002007767320000000000000000000000000020000180140002006261746164763000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1b4}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) r9 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r9, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1379.167446][ T9380] FAULT_INJECTION: forcing a failure. [ 1379.167446][ T9380] name failslab, interval 1, probability 0, space 0, times 0 [ 1379.167468][ T9380] CPU: 1 PID: 9380 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1379.188734][ T9380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1379.188749][ T9380] Call Trace: 03:59:19 executing program 1: semop(0x0, &(0x7f0000000040), 0x0) r0 = semget$private(0x0, 0x7, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x1, 0x3e2) semctl$GETZCNT(r1, 0x3, 0xf, &(0x7f0000000080)=""/116) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1379.188756][ T9380] dump_stack+0x137/0x19d [ 1379.188776][ T9380] should_fail+0x23c/0x250 [ 1379.188790][ T9380] __should_failslab+0x81/0x90 [ 1379.188816][ T9380] ? io_issue_sqe+0x418f/0x6080 [ 1379.188871][ T9380] should_failslab+0x5/0x20 [ 1379.188892][ T9380] __kmalloc+0x66/0x360 03:59:19 executing program 2: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000180)={'tunl0\x00', 0x0, 0x700, 0x1, 0x2b, 0xdc0, {{0x20, 0x4, 0x3, 0x1, 0x80, 0x66, 0x0, 0x1, 0x29, 0x0, @remote, @remote, {[@noop, @lsrr={0x83, 0x23, 0xc, [@dev={0xac, 0x14, 0x14, 0x3f}, @empty, @loopback, @private=0xa010101, @multicast2, @local, @dev={0xac, 0x14, 0x14, 0x1f}, @multicast1]}, @timestamp_addr={0x44, 0x24, 0xee, 0x1, 0x3, [{@dev={0xac, 0x14, 0x14, 0x1d}, 0x3}, {@private=0xa010102}, {@private=0xa010102, 0x3}, {@remote, 0x7}]}, @timestamp={0x44, 0x10, 0x2d, 0x0, 0x4, [0x7, 0xfffff395, 0x61d]}, @rr={0x7, 0xb, 0xcb, [@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100]}, @ssrr={0x89, 0x7, 0xa2, [@private=0xa010101]}, @end]}}}}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f00000003c0)={'sit0\x00', &(0x7f0000000340)={'ip6_vti0\x00', r1, 0x4, 0xdf, 0x4, 0xd9a, 0x5d, @local, @dev={0xfe, 0x80, '\x00', 0x18}, 0x8, 0x8000, 0x100, 0x3}}) r2 = semget$private(0x0, 0x7, 0x0) semctl$IPC_RMID(r2, 0x0, 0x0) semctl$GETZCNT(r2, 0x0, 0xf, &(0x7f0000000040)=""/190) semop(r2, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:19 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget(0x3, 0x3, 0x24) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000080)=""/201) r1 = semget(0x2, 0x2, 0x2) semop(r1, &(0x7f0000000000)=[{0x0, 0x6}, {0x0, 0x101, 0x1800}, {0x0, 0x1f, 0x1000}, {0x2, 0x1}, {0x5, 0x5, 0x1800}, {0x0, 0x692d, 0x1000}], 0x6) [ 1379.188909][ T9380] ? rw_verify_area+0x136/0x250 [ 1379.188947][ T9380] io_issue_sqe+0x418f/0x6080 [ 1379.188966][ T9380] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1379.189011][ T9380] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1379.189031][ T9380] ? __io_queue_proc+0x99/0x260 03:59:19 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000140)=[{0x4, 0x3}, {0x1, 0x1, 0x800}, {0x0, 0x1000, 0x1000}], 0x3, &(0x7f0000000180)) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) semtimedop(r0, &(0x7f0000000040)=[{0x4, 0x80, 0x1800}, {0x3, 0x7}, {0x1, 0x4}, {0x3, 0xfffd, 0x1000}, {0x1, 0x1000, 0x1000}, {0x4}, {0x0, 0x0, 0x1800}], 0x7, &(0x7f00000000c0)={r1, r2+10000000}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000004940)=[0xffff]) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) semop(r0, &(0x7f0000004980)=[{0x1, 0x9, 0x1000}, {0x0, 0x7, 0x1800}], 0x2) [ 1379.189065][ T9380] ? vga_arb_write+0x17d0/0x17d0 [ 1379.189079][ T9380] ? io_async_queue_proc+0x3f/0x50 [ 1379.189098][ T9380] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1379.189120][ T9380] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1379.189141][ T9380] ? try_to_wake_up+0x353/0x470 03:59:19 executing program 4: r0 = syz_io_uring_setup(0x15a2, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ee7000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x1, 0x98, 0x2, 0x5}, {0x7f, 0x1, 0x6, 0x8000}]}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$BTRFS_IOC_RM_DEV_V2(r3, 0x5000943a, &(0x7f00000002c0)={{r4}, 0x0, 0x2, @inherit={0x70, &(0x7f0000000240)={0x0, 0x5, 0x80000000, 0xff, {0x1b, 0xe, 0x2, 0x10001, 0x4}, [0x6, 0xfff, 0xee, 0x3, 0x101]}}, @subvolid=0x9}) [ 1379.189158][ T9380] ? io_wqe_enqueue+0x457/0x4d0 [ 1379.189220][ T9380] ? io_wq_enqueue+0x3a/0x40 [ 1379.189235][ T9380] ? io_queue_async_work+0x18d/0x230 [ 1379.189313][ T9380] __io_queue_sqe+0xe9/0x3a0 [ 1379.189329][ T9380] io_queue_sqe+0x6d/0x160 [ 1379.189356][ T9380] io_submit_sqe+0x15c7/0x30c0 03:59:19 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x3, 0x80}, {0x3}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x0, 0x4283, 0x400}, {0x3, 0x7, 0x800}], 0x2) r0 = semget$private(0x0, 0x7, 0x300) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000140)=[{0x0, 0x593f, 0x1400}, {0x1, 0x7, 0x1000}, {0x3, 0x8, 0x1000}, {0x3, 0x8001}, {0x1, 0x3}], 0x5, &(0x7f0000000180)) r1 = semget(0x2, 0x3, 0x90) semop(r1, &(0x7f0000000200)=[{0x1, 0x7, 0x1000}, {0x0, 0x1, 0x800}, {0x3, 0x400, 0x800}, {0x1, 0x5, 0x1000}, {0x5, 0x6d04, 0x1000}, {0x1, 0x2, 0x800}, {0x0, 0x8}, {0x3, 0x8000, 0x1800}, {0x1, 0xa18, 0x1000}, {0x4, 0x6, 0x1000}], 0xa) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000000280)=""/75) semop(r0, &(0x7f0000000240)=[{0x2, 0x33a0, 0x1000}, {0x4, 0x9e2, 0x1800}, {0x4, 0x800, 0x1800}, {0x2, 0x3}, {0x4, 0xfff9}, {0x2, 0x8a0, 0x800}, {0x4, 0x8000, 0x1800}, {0x1, 0x6, 0x1000}], 0x8) semop(r1, &(0x7f00000001c0)=[{0x5b0bdf128f931120, 0x0, 0x1800}], 0x1) semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000000080)=""/146) semctl$IPC_RMID(0xffffffffffffffff, 0x0, 0x0) [ 1379.189448][ T9380] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1379.189465][ T9380] io_submit_sqes+0x61f/0xaf0 [ 1379.189489][ T9380] __se_sys_io_uring_enter+0x217/0xb20 [ 1379.189506][ T9380] ? fput+0x2d/0x130 [ 1379.189590][ T9380] __x64_sys_io_uring_enter+0x74/0x80 [ 1379.189606][ T9380] do_syscall_64+0x34/0x50 [ 1379.189630][ T9380] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1379.189654][ T9380] RIP: 0033:0x4665f9 [ 1379.189667][ T9380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:59:19 executing program 0 (fault-call:7 fault-nth:27): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1379.189682][ T9380] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1379.189698][ T9380] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1379.189710][ T9380] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1379.189722][ T9380] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1379.189731][ T9380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1379.189759][ T9380] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:19 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b3938000008000a81e2b7da6fbe670000080000006d0a7dc6af61e246aa12a24c0ea6aee130f656611376a4f09b05cacbc802c0bb074fab417070b93fa9"], 0x78) 03:59:19 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0xc4, &(0x7f0000000140)=0xa55, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x1e) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x7, 0x0, r3, &(0x7f0000000100)=0x80, &(0x7f0000000240)=@nfc_llcp, 0x0, 0x80000, 0x1}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:19 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:19 executing program 1: setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000000)={@multicast2, @loopback}, 0xc) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x90000, 0x0) recvfrom(0xffffffffffffffff, &(0x7f0000000080)=""/73, 0x49, 0x23, &(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @broadcast}, 0x2, 0x1, 0x0, 0x3}}, 0x80) [ 1379.654368][ T9436] FAULT_INJECTION: forcing a failure. [ 1379.654368][ T9436] name failslab, interval 1, probability 0, space 0, times 0 [ 1379.667080][ T9436] CPU: 0 PID: 9436 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1379.675749][ T9436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1379.685811][ T9436] Call Trace: [ 1379.689089][ T9436] dump_stack+0x137/0x19d [ 1379.693484][ T9436] should_fail+0x23c/0x250 [ 1379.697893][ T9436] __should_failslab+0x81/0x90 [ 1379.702787][ T9436] ? io_arm_poll_handler+0x15e/0x420 [ 1379.708154][ T9436] should_failslab+0x5/0x20 [ 1379.708177][ T9436] kmem_cache_alloc_trace+0x49/0x320 [ 1379.708204][ T9436] io_arm_poll_handler+0x15e/0x420 [ 1379.708221][ T9436] ? io_wq_enqueue+0x3a/0x40 [ 1379.708233][ T9436] ? io_queue_async_work+0x18d/0x230 03:59:20 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x0, 0x208) r1 = semget$private(0x0, 0x2, 0x83) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000000)=[0x8000, 0x100, 0x4, 0x7, 0x7]) semctl$IPC_RMID(r0, 0x0, 0x0) 03:59:20 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000240)=@IORING_OP_READV=@pass_iovec={0x1, 0x3, 0x0, @fd=r0, 0xffffffffffffff1d, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/6, 0x6}], 0x1, 0x8}, 0x7fff) [ 1379.708254][ T9436] __io_queue_sqe+0x133/0x3a0 [ 1379.708276][ T9436] io_queue_sqe+0x6d/0x160 [ 1379.708303][ T9436] io_submit_sqe+0x15c7/0x30c0 [ 1379.708322][ T9436] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1379.708362][ T9436] io_submit_sqes+0x61f/0xaf0 [ 1379.708386][ T9436] __se_sys_io_uring_enter+0x217/0xb20 [ 1379.708471][ T9436] ? fput+0x2d/0x130 [ 1379.708495][ T9436] __x64_sys_io_uring_enter+0x74/0x80 03:59:20 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget$private(0x0, 0x1, 0x24) semtimedop(r0, &(0x7f0000000080)=[{0x3, 0x20, 0x1800}, {0x0, 0x7fff, 0x1800}, {0x2, 0x800}, {0x4, 0x800, 0x1800}, {0x0, 0x5, 0x800}, {0x1, 0x1}], 0x6, &(0x7f00000000c0)={0x77359400}) r1 = semget(0x0, 0x1, 0x236) semop(r1, &(0x7f0000000000)=[{0x4, 0x9}], 0x1) semctl$IPC_RMID(0x0, 0x0, 0x0) semtimedop(r1, &(0x7f0000000100)=[{0x1, 0x5}, {0x1, 0x3ff, 0x1800}, {0x0, 0x5}, {0x0, 0x40, 0x1000}, {0x4, 0x3, 0x1800}], 0x5, &(0x7f0000000140)={0x77359400}) [ 1379.708514][ T9436] do_syscall_64+0x34/0x50 [ 1379.708584][ T9436] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1379.708605][ T9436] RIP: 0033:0x4665f9 [ 1379.708617][ T9436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:59:20 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000080)={'broute\x00', 0x0, 0x0, 0x0, [0x4, 0x4, 0x37e, 0x5, 0x9, 0x7]}, &(0x7f0000000100)=0x78) semop(0x0, &(0x7f0000000140), 0x37) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1379.708634][ T9436] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1379.708654][ T9436] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1379.708667][ T9436] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1379.708678][ T9436] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1379.708687][ T9436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1379.708710][ T9436] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:20 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x7}, {0x1, 0xfffb}, {0x2, 0x8, 0x800}, {0x4, 0x3}], 0x4) semtimedop(r0, &(0x7f0000000100), 0x2aaaaaaaaaaaaab9, 0x0) 03:59:20 executing program 1: r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:20 executing program 0 (fault-call:7 fault-nth:28): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:20 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x4000010, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:20 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{}]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000240)={0x2, {0x2, 0x1, 0x200, 0x4, 0x4, 0x3}}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x606400, 0x0) bind$unix(r3, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) r4 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0), 0x8000, 0x0) accept$unix(r4, 0x0, &(0x7f0000000200)) 03:59:20 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0x957e}, &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_setup(0x6258, &(0x7f0000000240)={0x0, 0xcc7b, 0x4, 0x401, 0x222, 0x0, r0}, &(0x7f0000ee5000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x8, 0x2, &(0x7f00000002c0)="70390581ea180840bf932dd6344c420a2b09d73ddd30a47f289f0d3303dca5531fff9ecd834e9a415265d32b1bdfde2f196056384089fcaddb14c5e2a005f0791b5ae2ccfc543f222d60da9498961ebe7ccb9b4c1fdbe2910ed61ca9a42501191962d985ec7bee7b28e5e2706391bd735288", 0x3ff, 0x0, 0x1, {0x3}}, 0x7) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_enter(0xffffffffffffffff, 0x7f9d, 0xe45f, 0x2, &(0x7f0000000380)={[0x74]}, 0x8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1380.299468][ T9512] FAULT_INJECTION: forcing a failure. [ 1380.299468][ T9512] name failslab, interval 1, probability 0, space 0, times 0 [ 1380.299491][ T9512] CPU: 0 PID: 9512 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1380.299509][ T9512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1380.299519][ T9512] Call Trace: [ 1380.299525][ T9512] dump_stack+0x137/0x19d [ 1380.299543][ T9512] should_fail+0x23c/0x250 [ 1380.299556][ T9512] __should_failslab+0x81/0x90 [ 1380.299573][ T9512] ? io_issue_sqe+0x418f/0x6080 [ 1380.352426][ T9512] should_failslab+0x5/0x20 [ 1380.352453][ T9512] __kmalloc+0x66/0x360 [ 1380.361117][ T9512] ? rw_verify_area+0x136/0x250 [ 1380.361142][ T9512] io_issue_sqe+0x418f/0x6080 [ 1380.370674][ T9512] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1380.376097][ T9512] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1380.376119][ T9512] ? __io_queue_proc+0x99/0x260 [ 1380.376138][ T9512] ? vga_arb_write+0x17d0/0x17d0 [ 1380.376159][ T9512] ? io_async_queue_proc+0x3f/0x50 [ 1380.376224][ T9512] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1380.376246][ T9512] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1380.407970][ T9512] ? try_to_wake_up+0x353/0x470 [ 1380.407994][ T9512] ? io_wqe_enqueue+0x457/0x4d0 [ 1380.408008][ T9512] ? io_wq_enqueue+0x3a/0x40 [ 1380.408020][ T9512] ? io_queue_async_work+0x18d/0x230 [ 1380.408046][ T9512] __io_queue_sqe+0xe9/0x3a0 [ 1380.408083][ T9512] io_queue_sqe+0x6d/0x160 [ 1380.436527][ T9512] io_submit_sqe+0x15c7/0x30c0 [ 1380.436555][ T9512] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1380.446737][ T9512] io_submit_sqes+0x61f/0xaf0 [ 1380.446763][ T9512] __se_sys_io_uring_enter+0x217/0xb20 [ 1380.446791][ T9512] ? fput+0x2d/0x130 [ 1380.460764][ T9512] __x64_sys_io_uring_enter+0x74/0x80 [ 1380.460789][ T9512] do_syscall_64+0x34/0x50 [ 1380.460855][ T9512] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1380.476481][ T9512] RIP: 0033:0x4665f9 [ 1380.476496][ T9512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1380.476512][ T9512] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1380.476528][ T9512] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1380.476540][ T9512] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1380.524279][ T9512] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:20 executing program 1: semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1380.524355][ T9512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:20 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) openat(r1, &(0x7f0000000080)='./file0\x00', 0x282781, 0x101) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) mmap(&(0x7f00004aa000/0x1000)=nil, 0x1000, 0x2, 0x30, r2, 0xd004f000) [ 1380.524365][ T9512] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:20 executing program 2: sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001540)={&(0x7f0000000180)={0x13c0, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80000001}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "56e89700dc7c317843ce7e1afd69b858105020330338"}}, @TIPC_NLA_NODE_KEY={0x43, 0x4, {'gcm(aes)\x00', 0x1b, "2ea1564d235bd82b0a7c800dfd2925129e0af4066f63cd42598ebd"}}]}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xd0}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffff00000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}]}, @TIPC_NLA_NODE={0x10f0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x1004, 0x3, "4980b6363ef12e3fdb31d1d775717ab9663a31795eb0e9dd6bd75cb02bd1aecf7f9c32ffaeff4a31aa2d92ec958ae8f694f817f26bf632827dc3cc291ed48ed7396a21620d91a439dca3a9a0d6002861709fb663d87b883226279a4d96bad0cd259e079b21aaa4fbf71ce7b0e26a276616543910c8fbdd796928cd78bba434d65862a6ed122f33da6d910c17803ff0621d57ff7eae386538658581a563e95fc3e1e24046f8803ec74d4c88bc1be7742a782d11c52b94e369b0b8790c859c08df2aa607c4eefb338fe0eb27eace92c8eea57e4979efc42b215e094ef0a9dc50eb72938577d4bc98d8bdc13532b7c5e0eccf1649df3d47acfc35d98dd02947d23d979f86cfbb9cf1e4193bd9508ce6a6573c834b7d69675c6929f4e04af4cf751b092304d51a039e7b61deff271470112455d8a47b199beb83d47e5030b839f0e31a62ffa730c467e1e558845fa2ea70025242526508ec4cfe9da1f9e3bb41a4089f8806801a84413669bf3f077052724ebcdec90e56dcbdedcc018a1d55fae9f470a2e8aed2ec0581c7f288bc131261e818e35fa86cf625f8e770c0b461abd2f35492afabe9830b866c9cea7336e02d59e901bb4857e125d13f541bbee0025e3e07b8e0f5e897fd11c338c52ac262a86cc16ffae602c1c6a73a4a0aee05257a5fee81fa7af13393aa3c5b730649ba2d711e75cb64ea0c44651a027d64d30d120447a742535cbe55a9265aec2bdb1e4d42a064e1e05d78f185d30787ad895614c942cf40316531ca89af83e7b10cf66a917f1fa86ebd603b81ed60f21fb92d9642f74daa04711c2f1e7aeb95b6205045c6924360263347908cde37ad65f93070b98208799056362b282f6e796f5435fa0a43d00165310462ad0ec66f6ad91f21f2ebeedd780da00e681a5eee1fa73df07eed889553a4046f8244931ca691a2e99a5239456c391130019b911197b58a0c42930bf6882672b632ae06e9802e06ae53f7f19ddcf3fbdd1ced2705fe290768749240c8a9f1c511663991b181cef73801ce685d0d15359c333847628b2df68898b7ee00a8b3576bf82fbd01d7f0a87d0e535ebcc4e529d491b1a2bf984b47378b31596d6de83f2805629f6771c8e3fe77e8a729d0db9107d171faf1563f5245ba488b4830f690532892fd74918d5de2dd2504967c2b5639f8432393a9e49a196559402de84b1e1864f808bbbefef38ddd6519131bc3242caac7b887394ca088ad3cce86e2f7b3a0551c10b86e3eca51042d47a61c68d07fc38b0ded84dbea4376ca8f69f714f824e2e66b8fa75998200be0ec2fc5170be654dbc9f3be9101a53bdda49e4d59860fcda39574cdd85992accb9a8c100d68a81ff2ed0e5ad2a0556a31c1fff3b8b1e9a91e77445af812fcd9177bef9b95f647d959c24ec4932fdf51e42d10ca043b2e84a4f9fcc436ffeadd2b6799e92cbfddd795193137b71e0266100ea713a50afa14e6cd609f9ba9853f43124f5505e550ec3d28c929d37150bfe7e38d2b92a138421c7be8f77bbab1343b42053a63893b8f840604bd4bbbce0052f06981886fbb53fac08866b7f79e610d9b9489a6a0c83ebfe43396dd4b362e4147f97193b4aaffb14e6511906169ca7c7dffec13c23c4fd803c1c565a95bd023d5b6647da3526d247d2da7b1712d3ac37493db1343179fcd7b22b0f89e5eb34f4112620da898c58c892fecee02bb28445635f58484ae3f3c1c05c902d364d57dccffbe156f15b6e56157e779f39341580f3a0d94c71903080c97ec97e990e961adce949f05798b6c7569df677cca328a2a9a4adb343cca15b691b14e43427de821efc05be2f18bde7e99603e6671f957adea9b0f8326e83bebcb89a7031e18800cbb401a164c8a7deea998200c721e2845f1a3612ed571897e0616ed045269223bebb991cf826a4c85ddf466c9c9225f0fb54eaa5d016df6b959d3aeef83d0ba7a097cc9cfa52ade2655fb7adbc31fd56b18d5029b861bfaa3a5a563d61bb156c4aef57d66ebcf4c4d944f22478681d5ba52e1bbb79b9591b7271241cad6867bf15cdffa2ca80fa7883a20a4867bc4cd625cd58739525f7d13c37b8c77aff8f6ca382ca924d9cb50f58a449354d8911d23e9688e9433a1c4d2e632d2bd695dd1c2064e06b8a9ff6f97b4f084b8f471d59172e6a0865a55545f33fbe10cb8a7d72978f4d0eb02e0608a83690ae0ef0d187532fd290401e379ecd86c0094d0a2bb57a1a34cf82d45608045c39ca4dd369370a8513761f0a54dccb33dc7005d574c390ff5de8fb27a6a85423d15d8e17dd0bc2417786fa717837ebd95136830da3007235a59a571e73a5659f47d342ec7e309cf0e6219bce253a850296cca9bab036396aa763adda297e39b205f150a56f45cfe127fb8f56fd5500ae00af147d9723e3bdb51770a9656191edf09e02ce3220f7a037fc26b67f3da1f176cdab4bd0bc6d4f08a313904aee22554ddf6422b75f6b74cefe573b2cf12baf0eeef24fc67d388670be101571ff17997a400f72dd2659e19911d57777b9148ac8fe36c43b2e8f47f8f384be6df834c22fd9c34fcfe0c1ffc787f2a3efc6554863d6eb66cd91733476c3ebbe745d0d4516094d529b1f564356b66fc3551f76cdcac2c8d3fe362044756b1ed5d1ab6ab1aba9233e881e783ea2a1b5ac831fc3690805755ca9ec07d80fa6afb85951ddefbfb846287871ba232de808dadd306e000f89c4cafd39e4aea25aea439d1fd407036dfe9c3f0f407f7d84cab66209ef98924b17e2d91e01590e2012242f5b24571a9d413a7e9278ce63852e5004fb0edccce8db1e65d2b8c43d324ec498d49d69af22ff98a28239bd68c104d34a85387882af9a898f024eb34b2dab5c0ff6461dd377570fab6bab5431ea776920f4603bb627a87731e2f449846392cfe00b5b1ec330ba739a60ebe7bb9e298c8faa2ffd999ad942bc73739c821524b7b3387a9e8da1600d390c380c2dba0e07fb92c03a60fcaf1a6ecb8436bed14656ccd06e8f195a19d63d05649a5cdb00742bc4db18c2772390a12f9db54d52cfbba53b46641716f646e3fd0bda684fc4e74726e8adf8fcb271edf29bfef2b0bc5ed2d18ca7ca4d6d3e01f7bf0814c1554f106843a0871943636fd00e9e6878ac716ec63db0f61062f4eeab6f78eff8918a6c1b24758dad9ae44ae0c82e58baa3a1f57a8a56b00fc5494f02d3aef5d8f0740f2dd7343648ddbfceebfcd121069b2e4174374e79d354f9df4ee366beca84a8a110a446cce7e4ee238f29506bb283dcdac2d250d9c8e5ea9839933c35ab1a120d91fcd1dc7e7c8b2ff7aff48acf3e646ab1ff7dcd0dcd90a217f8328ae94051a8ded7797d7ff1268a7182a8ca3ddf7ff7033c4a7a707f7c40b8ad2d588458ce1fd16b277d401e4504bc4d6d8dd1996e6c60970af295c6f371731f654d4006af81fa73ba3b028db3e85731729e53fe3944546c0ea7365f4d913445e2a55284116e49af577a93215b64223c3463339726ea7b19ff49aa57db71e81ea1302e252f81223f45b67b7d0cd0e6736f2f9fa0faec39fae42dd3d61365f503f606618570d2637a89d074dab28333b175f9e01c9d93d334eaa234e51ccf1f5b7a65fbcd0d38311cc99991b62e17d0a7f186c0fea3f3d567ced41e225380ac5d9ce59a0298d7d99f9f49a4d75bcd510dd07e847fb2e69b0b9bf4dc072f1d69b508b59fa288f9a33a721d57874c92e0db336036355057eefcbae0c48f9c8225d5c48331970064674ee26222e7a16f45022180fb5448c96af02e5827c3a8b5f0a4090bb75e19189c5e2095dbd87376e50f917a71f7b9e80c98f15bab1fc6c020535f3c9c6be9cc048edcfb4650be09157af4c3ebb940e1ccd8c8a184695e50d8cc891f73a7c2fbc593ec767d4af8fb1fad5c040fd9ca5ad786566cbcc25109ecb0ebbee476e811c4e7f3e0e045b405f1e406b6c2b068526f0b44d73da2dcaa423bd6375f2f2cf5e773bc03e59854eccdbdc3e3026d3bd375f202d9fc8694d9875997ea285b5acf185af56c7ef26d4448cab647893c081352204faf0eee266e90fff3a96f087ed0cddf41e4d29bd61b0a3ae61f50cde3fd20e1a4556251569b86578a0de4dee6610c25c992d5b2b31bbb863187171e61c346c818ab580d8feb027137dc9b0d51eac63cdc9cd4b2e3a055e52ed83a2bc8cb080a2b2e536c7a8b6f279a8acad39098cf8616715cc19a3842c91d8d0c1c52fcf84f094d6ac2a176b632d3792cb9c9224cf45618bfc97e1aae365a6aa8e2042392c086723d60bc6c0a84faac1aaf6bc4de81c158ea70aab83b6f5f4fad1dbb3c8dd38f3a303dd6f85be499693ad41eb1f1b675d7f899170ee6769f09de8619a81fe6cd565bc11a3cfb7eede20831ee6e02cba87e5709678b4cf679279b234794c9fc88d932826862584ec117dcfa0e6b9dec00c479c1715a1016f9e3c60c9c5205b87176d9ff5af5767490d1ec5e062519fa7b360b9079374377ee4afc98c2cbd8cb09d7c539335f79486bcb89bff64b62d601cd82b3dad0e8d2ffcc4c4de3fcf65231b8a403d05d556e9ace7ab3156bf57a2782b5a00f6b56a287c0b01b2b8f857a76eb00e953c00e175c5f241c80ca3beab12c250c31e678e7b3cecd657334127b5c8ddc588f6ebeb73201c8c1faa081b366625ab0e7a17babff6ca3d497785ddfed6c78a130cb1b8a9bfbab96e9cfcb5aced58afe46fc6340a885128bc5eb8aba67fa4156f9efcb7f9602a19171df3c0c5d3a9154bc29ea5782edcbd29cb5f469286530a803443c38a55dae83451c7cbded692ef6986a565ef593c8455c6d66d2c34e67467bb385e65e5912e30283c5c1bc670f2eec28a33a67a33f18317c172cd467cca069f080db6216a64757eb26de3788da227d8c1a2f9ff50781c3486ba27510bba9127bd0ec8c5ed4cb1eb1cc384714448a1eea983b8dfb8c6eb0364da9cf89e41c3b95b2d0a07c9fa68c27b54f1d5c9db4050f564f9e737d85dfc79254960939a4e74467b0b45ecc2f403970ff183140c008d543ed8f7c2d919cf2aabce1b9ded54c46c90626ca30446d56fe74413a3e12e983943917a8180e83d21ec49829a82c64fd2f36c9c53eebae12efd0c317c3bf71981625ea4ee4b5c504afc28e9a9b5dc0b6aed5039d9d37977b47b5b202d5eb504eb39b78527b69cfc2effbe81da705eef44eefb82067e6f74e23ecbacbd78e45623a14f03cdf2c9b126a83180828296be7a7811c7fe52d763447cfab2b71242bb6f6f9f2fd39eddc11e7afa77a0b3294c5caeb376cff15fd51347c66eee22cf33282dac0426b711d246a4daf2103af7f856f291d6a599283da20c8dfdb2a5d438f1da12bad15627254f2bf16d285d1037e47b21b282363c132ada41218bd0485d017577d009cb01c369bb2a7bc35111d5e43eebbfa3f32fd827cc23fa769de30a2f950c6e6e56bc3e2d1755f521381d2f7aaf0883bb498c8cfcccfe0cd35da12edd4e305973aa22fc08e4c6eaf70431e304f5827a310ef5646c80624d95b830f3c52ae41a77234aff54b25223ab406b66bd94f9723e955298b1daed1730bedf25244f764dabc2dd272088bd6fc12c16e10e1c027a1de510bc71ec7cdb96ce453464f3a7ee85271e37a9d6024ebc3747867ff9c5791707efa58dfc518c660a39ceb24c07f0fa24b83643407bade356dd08928e123d3356df4e2e616b4be4fffd812bfd6dc4c828b1e9af6f5309c7b945dc45a7fb7c1f46d4d99233a37e105036d2d9dd7a712b9f6bc3ce522c4cdc1df706"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x85}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x3e, 0x3, "573f383a9cd668d61937931eec1fd0618813937496405c194606b1452d91a622d1e7a9e9931c1c68aeba0bfa68daf6f7928521ddec45544add20"}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "842897881ebdf8bae699c6f504d9d9a5aa4e0e7af227d37385fb5d87"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ID={0x47, 0x3, "6cc1f1c579365ab999d5259172d9af22b42c81c1fe9ed2b305f62fac723c32bf377eed2fb3041da44b7d2bfcc5f97ebdadcf0e6e6a989a740eec3925c8ac00aae191df"}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xbd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7006131f}]}]}, @TIPC_NLA_NODE={0xec, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "c440b979f1733c79bc13b0216ba22c4a9335d735cb68f7df426390f3ae125feed609"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "1bc1b8bf8641a4714cb4e2ae465602b8fb7ebc5e2eaec53ca73c89921aaf3beaee977b0a"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xa816}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "b3b4734a092752b7e25cfac30c4044d659f6eb9d"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1f}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}]}]}, 0x13c0}, 0x1, 0x0, 0x0, 0x4000000}, 0x40010) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f00000015c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x2, 0x1, 0x80, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x10000, 0xfe0}, 0x8a0, 0x4, 0x7, 0x0, 0x2b0b, 0x5, 0x400, 0x0, 0x8, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8) r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000000)=[{0x74989a328e15f065, 0x80}, {0x1, 0xfffb}], 0x2) semop(r0, &(0x7f00000000c0)=[{0x3, 0x9, 0x1000}, {0x4, 0x2, 0x1800}, {0x4, 0xd8}, {0x2, 0x4}], 0x4) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r2, 0x0, 0x0) 03:59:20 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = socket(0xa, 0x800, 0xfff) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r3, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)="792ba46bd483df3c390da82ade695a702e7e849f92232cec16aaacbd345f8819d5729de8dbe8827f67a448d616106e497fe664808d4d827c9866b0d712aed97456a97079fe6a0829ca002c82409476ee964ec0c2db5c4a485e52b863c14a9b5f71add4965fb442d21a17bad33f321c3d1dce202d4f14f4f37746beb0b31281c2fc455f6dca73873887cdb86efb763d3d39c4812b83f2ad06434cb82196bb5d255bb66f185bbcefec22ce30d31693e2b4bb1942eec88817513843be4b7c660b9cb8d206364bee6c3a4df98f9e976f866b9c1b10b7133606d6d7", 0xd9}], 0x1, &(0x7f0000000340)=[{0xa0, 0x0, 0x7, "aa88d0a885cc10f5c0b817ced0f85616ac3af3a8970d176cc7afad050617b36a3d11dd04e06a08bf3824b9e3f7f6ec94903a2205d4792bb9a02d607f619935b82f8d969c251b2c96d53c9f47ad0348d2351ef3ad883ee12607bb9096e98c19685c33a1a27c36343325adf02bda2ad58c58dc99228920396d0b3d4252035c3061c8ccd566a2411eb5b7016dc9c04b416c"}, {0x38, 0x118, 0x6, "c32a133978c553512d0e5550cbaa2ca28eaaa7dfb5c2fe87e7dac053443b0b833b"}, {0x10, 0x1ef, 0x400}], 0xe8}, 0x0, 0x20000004, 0x1, {0x0, r4}}, 0x0) 03:59:21 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:21 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000140)=0xe8) clone3(&(0x7f0000000740)={0x8100c000, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)=0x0, {0x15}, &(0x7f0000000640)=""/105, 0x69, &(0x7f00000006c0)=""/40, &(0x7f0000000700)=[0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0], 0xa, {r1}}, 0x58) statx(r1, &(0x7f00000007c0)='./file0\x00', 0x800, 0x8, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$netlink(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)={0x284, 0x28, 0x400, 0x70bd27, 0x25dfdbfd, "", [@nested={0x273, 0x80, 0x0, 0x1, [@generic="613c40baaf18aec8d8de4a4e36785a131c448593be22ca17d20e89befd57feeb55b3631156fadcf22c7269b81fd2447708de209d408c9c3f06ec83ad8085489e216322a429a071afcc65b8a104d664708a9a42164b50e3802f20b0d9c4ad7dab3b95459331dc2f5fb8ae5876f0fd01f4986523ea7785c88de6d294177fa3862f1abca29ac27286d7024e68b4fd83b4f5a5e92a83cf82d83342ab38e98419205e57afe26559486ca0172ffb5a9c74ac161cfe54f4c55d4a145bad3c71420ff9389eab242b9ae79229b72b8a58c4e903151ca2d9f7d186af9d5790c61a0089a6e0f360635426bc8d64d24f6da70892e8", @generic="4d928afdb1fc403318525ce7938e671ad67b50a7498c40a8245501acdf686095e853252e4bdb4cfffff36ba612952248490ef556116ffdfe63ebbfdc71efb78e4b1f29f604bcce4df83abb3353ad23e58d1e327cb53264bb28f47f96af507fa7348ef27c2d23421a979f55281eb73d9227b55401f97265efe9322b7934c6fcf752bd6b55b02e57c65383b339769649b47b30dfac776985aa7dac6b78f2cb03b2fcedc2000a88e6f29bffbe48809c81d0e9fd0edf", @typed={0x8, 0x53, 0x0, 0x0, @uid=r4}, @typed={0x8, 0x55, 0x0, 0x0, @pid}, @typed={0x8, 0x5, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0xc, 0x6d, 0x0, 0x0, @u64=0x9}, @generic="8182225d1f3f363d664c424c1738e98054098317cd40af9039cc80adee6dd04bacc1235a845ec4008f4749acf019a73913b7ade5ea73344729d7481743093170c68c02b6ca5c59982bca0533de6315eff97ab3e685e46d27ecfbe2928245ead422545c6c84c411d41be88d9eee1a1bbf62e4fb8c568ac8ebd028fb847a2a3a78c09ab4909dba3283fd4ab98b92f8db8780ae0bf13862f606f0e44416baccbd4cf6694198b448967a"]}]}, 0x284}], 0x1, &(0x7f0000000900)=[@cred={{0x1c, 0x1, 0x2, {0x0, r5, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r6, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r7, 0xffffffffffffffff, r8}}}], 0x60}, 0x4001810) 03:59:21 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) r1 = semget(0x0, 0x3, 0x4) semop(r1, &(0x7f0000000040)=[{0x3, 0x6}, {0x1, 0x3, 0x1000}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff, 0x1000}], 0x1, 0x0) 03:59:21 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/123, 0x7b}, {&(0x7f00000000c0)=""/3, 0x3}, {&(0x7f00000001c0)=""/222, 0xde}, {&(0x7f00000002c0)=""/137, 0x89}], 0x4, 0xd9f, 0x8b5) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:21 executing program 0 (fault-call:7 fault-nth:29): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:21 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000100)=0x6e) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x80489439, &(0x7f00000002c0)) [ 1381.143195][ T9593] FAULT_INJECTION: forcing a failure. [ 1381.143195][ T9593] name failslab, interval 1, probability 0, space 0, times 0 [ 1381.155934][ T9593] CPU: 0 PID: 9593 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1381.164611][ T9593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1381.174682][ T9593] Call Trace: [ 1381.177962][ T9593] dump_stack+0x137/0x19d [ 1381.182295][ T9593] should_fail+0x23c/0x250 [ 1381.186714][ T9593] __should_failslab+0x81/0x90 [ 1381.191483][ T9593] ? io_arm_poll_handler+0x15e/0x420 [ 1381.196785][ T9593] should_failslab+0x5/0x20 [ 1381.201313][ T9593] kmem_cache_alloc_trace+0x49/0x320 [ 1381.206605][ T9593] io_arm_poll_handler+0x15e/0x420 [ 1381.211786][ T9593] ? io_wq_enqueue+0x3a/0x40 [ 1381.216377][ T9593] ? io_queue_async_work+0x18d/0x230 [ 1381.221660][ T9593] __io_queue_sqe+0x133/0x3a0 [ 1381.226475][ T9593] io_queue_sqe+0x6d/0x160 [ 1381.230912][ T9593] io_submit_sqe+0x15c7/0x30c0 [ 1381.235683][ T9593] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1381.241144][ T9593] io_submit_sqes+0x61f/0xaf0 [ 1381.245879][ T9593] __se_sys_io_uring_enter+0x217/0xb20 [ 1381.251342][ T9593] ? fput+0x2d/0x130 [ 1381.255241][ T9593] __x64_sys_io_uring_enter+0x74/0x80 [ 1381.260615][ T9593] do_syscall_64+0x34/0x50 [ 1381.265037][ T9593] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1381.270939][ T9593] RIP: 0033:0x4665f9 03:59:21 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) preadv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/58, 0x3a}], 0x1, 0x7ff, 0x3) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) sendfile(r2, r3, 0x0, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073139387c2531ce0dfb1e4863df0000000000000800007a9766ef000000000000"], 0x78) 03:59:21 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f00000000c0)=[{0x4, 0x1, 0x1800}, {0x3, 0x9}, {0x6, 0x400, 0x800}, {0x2, 0x9, 0x1800}, {0x2, 0x4}, {0x0, 0x8001, 0x1000}, {0x1, 0x3, 0x2000}], 0x7) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000040)=""/71) semget$private(0x0, 0x4, 0x220) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7f}], 0x1, 0x0) 03:59:21 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5be73b3938000008000000000000000000001b080000006d"], 0x78) 03:59:21 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x1b3c00, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x3, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0xffff}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x2404c800}, 0x20008000) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r3, 0x0, 0x0) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r4, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r4, 0x0, 0x0) [ 1381.274827][ T9593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1381.294436][ T9593] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1381.302858][ T9593] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1381.310898][ T9593] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1381.318993][ T9593] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1381.326969][ T9593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1381.334994][ T9593] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:21 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r2, 0x8008f513, &(0x7f0000000040)) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:21 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x17, 0xffffffff, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) pipe(&(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000100)={0xa0002001}) write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x78) 03:59:21 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r0, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000180)={0x0, 0x1, 0x9, 0xb, 0x19c, &(0x7f00000046c0)="c0ff82e199354197e29e2399d9917e8d82b10ec4b98128cb4416312b81e6dc9a7317f00d2d3c69d5b6798775da4ffc355c542a277645999300017cf4959cdcf4807325788741ca383e3a66f98efd456ceb7521d167385fcbd2435c60775148d2643d298b738dd2a971f56353763194ae8b4c8d3003f23f3996bc6dd167257ba06eef7c80c8a0b4f5b8131399ec4d4fe04228825c5b143d96df4df0b5c651c50b910616786c05478fe98706e778e459ccba128ac63489e7c69219f782b94b7d7a83e0e985f0e4a96732343b76a49736ed71422fe126a28f5370eb109b71f104a3648125ec386dc7b32c8a7af4479338f49fef7dbb72a2728677b7b7246a12c37637f8d80b0aec731d87c1f084674327af21a6a2283857a5194f043c22b0dd2516da150c183086e73e62aa424819293586272506a3cf8c274da1826a38e247cd368803386f2db54f9770999cd0581d633c3189d1841948e5a827f1f30450800a01655356160b6eb77f28f27b978c4d146b81590350bff8ad1fc98dacc2673ba1abad2bf375e9cd368a72127c89e80ea213c5dcb3b4afa2ec6bc50b63ce7b5e4fb8acd9055036757b5c7c3aede3a2f48e60eb828f26b315c119eb43475796d68c274db61b52be5cb67ffdfd0d851e2e6811ca5c5ccb03bdebe19c6b56f297891a50ced93748342bc752c7039394dd923c56debd174961e1f18806acf4eb81a8aeda5f38f7ba15e01d07ce06ef5b776a29a22645dc9314ce284e7d43e1ad06e5b61012041bd015d57ffdd5e5d40a0a22ec4ae4f2ab54ebf139096cc7969d42d0ace48a06e547a003261ff3c1ff8e77ce2f84a97aac1b0ab7536999a3e372958100243bb36a6bb95adfc7474a8bcd96cf0e8db274180f983339fc95591dfc7e69e888837267318d28cd6399500287116470fe00d85369ba8360368cef061225c4032287eb543af679db2ba62b05f1ccc1ca3a2ecdaa6d8995414e9fd99b6435ebc6f29d140e02b385bf330f4f96bd882b841874dae71e44fe964c3b6ace75ab99cfd70146dc256cb7b3a3f4b004433fe6695c785135925c72c2a69fb7b959e5a39ecd5df436844ea971db0f0d936dcfda7568eceaff2c43fda6af20c589a9a7f4e4ac8210cbcc78be365a83b9ba85443cd3285242e54172a529efe8e58146fc0ec650cb0adee3c1b2a56694e7bcde307bc54bd307c257e913899dd7abe569a13b44677d8185b7077ed5da2a8a284ab5bc3021cadedca3c25e732ecc836d3cabbbe5e8a3bf8d489680719ca6d8a13726b3ef0fad8a1536bdb4766fe50389e5cede9af9013847801e0a1ad1cf28bf5e2f890034ac586f6e82db22021d99305572d7c2308e84e4b5db401469401b7027b14956484ca165cdfb60a588c1bb11fef82ad63244674fd0ec7b89095eb7f3b6834dad95b3b4fa8cc7582378af577f80a18e9e16"}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) clone3(&(0x7f00000044c0)={0x1102000, &(0x7f0000004240)=0xffffffffffffffff, &(0x7f0000004280), &(0x7f00000042c0), {0x1b}, &(0x7f0000004300)=""/221, 0xdd, &(0x7f0000004400)=""/84, &(0x7f0000004480)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0], 0x4, {r1}}, 0x58) preadv(r2, &(0x7f00000045c0)=[{&(0x7f0000004540)=""/57, 0x39}, {&(0x7f0000004580)=""/31, 0x1f}], 0x2, 0x800, 0xa9) recvmmsg(r1, &(0x7f0000004100)=[{{&(0x7f0000000040)=@pppol2tpin6, 0x80, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/205, 0xcd}, {&(0x7f00000000c0)=""/71, 0x47}, {&(0x7f0000000140)=""/31, 0x1f}, {&(0x7f00000002c0)=""/210, 0xd2}, {&(0x7f00000003c0)=""/197, 0xc5}, {&(0x7f00000004c0)=""/15, 0xf}], 0x6, &(0x7f0000000580)=""/158, 0x9e}, 0x2bff}, {{&(0x7f0000000640)=@nl=@unspec, 0x80, &(0x7f0000001d40)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/13, 0xd}, {&(0x7f0000001700)=""/163, 0xa3}, {&(0x7f00000017c0)=""/219, 0xdb}, {&(0x7f00000018c0)=""/218, 0xda}, {&(0x7f00000019c0)=""/253, 0xfd}, {&(0x7f0000001ac0)=""/254, 0xfe}, {&(0x7f0000001bc0)=""/162, 0xa2}, {&(0x7f0000001c80)=""/146, 0x92}], 0x9, &(0x7f0000001e00)=""/35, 0x23}, 0xffffffff}, {{&(0x7f0000001e40)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000003f40)=[{&(0x7f0000001ec0)=""/61, 0x3d}, {&(0x7f0000001f00)=""/64, 0x40}, {&(0x7f0000001f40)=""/4096, 0x1000}, {&(0x7f0000002f40)=""/4096, 0x1000}], 0x4, &(0x7f0000003f80)=""/4, 0x4}, 0x2}, {{&(0x7f0000003fc0)=@vsock, 0x80, 0x0, 0x0, &(0x7f0000004040)=""/168, 0xa8}, 0x16c0}], 0x4, 0x2000, &(0x7f0000004200)={0x0, 0x989680}) write$binfmt_elf64(r0, &(0x7f0000004600)=ANY=[@ANYBLOB="1b5b073b39380000080000006d00000000000000000000000016ff9fa6e7b8ca434a397cbf1b17a67c98256dc3382fd94cb7d0534fbbe2710269cc97dcced91a671ee55aa0f2ec2d3c9adff0890f3ba8bcd15b59bf50af5da8ce80fc09c7f7282c97366bf48d9c751c934fd97be27dcd0637353922b620e48219e168f418530425c27393a78341204a523a58959d2758bb95d0cee7710e25ce18952375a984c1527f69708c611ba16b99083c596d7a94478f38a353ff16deb00de3"], 0x78) 03:59:21 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000240)=""/209, 0xd1}, {&(0x7f0000000340)=""/4096, 0x1000}], 0x2, 0xfff, 0xffffff14) 03:59:21 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:21 executing program 1: semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r0, 0x4, 0xf, &(0x7f0000000000)=""/103) 03:59:22 executing program 0 (fault-call:7 fault-nth:30): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:22 executing program 1: r0 = semget(0x2, 0x2, 0x620) semop(r0, &(0x7f0000000040)=[{0x4, 0x80, 0x1000}, {0x3, 0xfd, 0x800}], 0x2) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000000)=[{0x4, 0x7, 0x1800}], 0x1) semctl$GETPID(r0, 0x2, 0xb, &(0x7f00000001c0)=""/229) r2 = semget$private(0x0, 0x0, 0x100) semtimedop(r2, &(0x7f0000000140)=[{0x3, 0x7ff}, {0x3, 0x1000, 0x1000}], 0x2, &(0x7f0000000180)) r3 = semget(0x3, 0x3, 0x0) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r4, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semget(0x3, 0x4, 0x10) semop(r4, &(0x7f00000000c0)=[{0x1, 0x81, 0x3000}, {0x3, 0x842, 0x1800}, {0x3, 0x7, 0x1000}, {0x1, 0x7d6, 0x1800}], 0x4) semop(r3, &(0x7f0000000080)=[{0x0, 0x3, 0x800}, {0x4, 0x5, 0x800}, {0x1, 0x9bb1, 0x1000}], 0x3) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1381.849513][ T9658] FAULT_INJECTION: forcing a failure. [ 1381.849513][ T9658] name failslab, interval 1, probability 0, space 0, times 0 [ 1381.862389][ T9658] CPU: 1 PID: 9658 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1381.871067][ T9658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1381.881117][ T9658] Call Trace: [ 1381.884395][ T9658] dump_stack+0x137/0x19d [ 1381.888751][ T9658] should_fail+0x23c/0x250 [ 1381.893179][ T9658] __should_failslab+0x81/0x90 [ 1381.897935][ T9658] ? io_issue_sqe+0x418f/0x6080 [ 1381.902789][ T9658] should_failslab+0x5/0x20 [ 1381.907293][ T9658] __kmalloc+0x66/0x360 [ 1381.911441][ T9658] ? rw_verify_area+0x136/0x250 [ 1381.916296][ T9658] io_issue_sqe+0x418f/0x6080 [ 1381.920987][ T9658] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1381.926359][ T9658] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1381.932171][ T9658] ? __io_queue_proc+0x99/0x260 [ 1381.937020][ T9658] ? vga_arb_write+0x17d0/0x17d0 [ 1381.941963][ T9658] ? io_async_queue_proc+0x3f/0x50 [ 1381.947151][ T9658] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1381.952522][ T9658] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1381.958376][ T9658] ? try_to_wake_up+0x353/0x470 [ 1381.963224][ T9658] ? io_wqe_enqueue+0x485/0x4d0 [ 1381.968074][ T9658] ? io_wq_enqueue+0x3a/0x40 [ 1381.972659][ T9658] ? io_queue_async_work+0x18d/0x230 [ 1381.977943][ T9658] __io_queue_sqe+0xe9/0x3a0 [ 1381.982624][ T9658] io_queue_sqe+0x6d/0x160 [ 1381.987069][ T9658] io_submit_sqe+0x15c7/0x30c0 [ 1381.991831][ T9658] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1381.997355][ T9658] io_submit_sqes+0x61f/0xaf0 [ 1382.002023][ T9658] __se_sys_io_uring_enter+0x217/0xb20 [ 1382.007479][ T9658] ? fput+0x2d/0x130 [ 1382.011447][ T9658] __x64_sys_io_uring_enter+0x74/0x80 [ 1382.016863][ T9658] do_syscall_64+0x34/0x50 [ 1382.021283][ T9658] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1382.027218][ T9658] RIP: 0033:0x4665f9 [ 1382.031106][ T9658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:59:22 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x20080, 0x1d4) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(r1, &(0x7f0000000240)='.pending_reads\x00', 0x2040, 0x3) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x60451020}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ac000000", @ANYRES16=0x0, @ANYBLOB="010028bd7000fcdbdf25180000000800010070634f0011000200303030303a30303a31302e3000000000080003000000000008000b000600000006001600040000000500120000000000060011000500000008000b00ff030000080001007063690011000200303030303a30303a31302e3000000000080003000000000008000b00fbffffff06001600050000000500120001000000060011002a7e000008000b0002000000"], 0xac}, 0x1, 0x0, 0x0, 0x3e864c28ed42f9c6}, 0x127aa2821795615d) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$SETALL(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000200)=[0xcf]) [ 1382.050716][ T9658] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1382.059134][ T9658] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1382.067107][ T9658] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1382.075101][ T9658] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1382.083082][ T9658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1382.091060][ T9658] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:22 executing program 2: rmdir(&(0x7f0000000040)='./file0\x00') r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000080)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:22 executing program 4: r0 = syz_io_uring_setup(0x15a2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x100010, r0, 0x8000000) r4 = syz_io_uring_setup(0x7463, &(0x7f0000000180)={0x0, 0x22fb, 0x2}, &(0x7f0000946000/0x2000)=nil, &(0x7f0000a86000/0x4000)=nil, &(0x7f0000000240)=0x0, &(0x7f0000000000)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ASYNC_CANCEL={0xe, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r7}}, 0x7fffffff) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:22 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xff7b}], 0x2) r1 = semget$private(0x0, 0x1, 0x8) semtimedop(r1, &(0x7f0000000040)=[{0x3, 0x9}, {0x4, 0xb77, 0x800}, {0x0, 0x4, 0x800}, {0x4, 0x8, 0x800}, {0x3, 0x93, 0x1000}], 0x5, &(0x7f0000000080)) r2 = semget$private(0x0, 0x4, 0x200) semtimedop(r2, &(0x7f00000000c0)=[{0x0, 0x8001, 0x800}, {0x1, 0x1, 0x800}, {0x4, 0x7, 0x800}, {0x2, 0x29, 0x800}, {0x1, 0x0, 0x1000}, {0x3, 0x2, 0x3000}, {0x0, 0x8, 0x1000}, {0x1, 0x7}, {0x1, 0x7, 0x1000}, {0x1, 0xe220, 0x1000}], 0xa, &(0x7f0000000140)) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r2, &(0x7f00000001c0)=[{0x0, 0x81, 0x800}, {0x4, 0xffff, 0x1000}], 0x2) 03:59:22 executing program 0 (fault-call:7 fault-nth:31): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1382.454363][ T9702] FAULT_INJECTION: forcing a failure. [ 1382.454363][ T9702] name failslab, interval 1, probability 0, space 0, times 0 [ 1382.467012][ T9702] CPU: 1 PID: 9702 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1382.475808][ T9702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1382.485868][ T9702] Call Trace: [ 1382.489230][ T9702] dump_stack+0x137/0x19d [ 1382.493616][ T9702] should_fail+0x23c/0x250 [ 1382.498029][ T9702] __should_failslab+0x81/0x90 [ 1382.502798][ T9702] ? io_arm_poll_handler+0x15e/0x420 [ 1382.508140][ T9702] should_failslab+0x5/0x20 [ 1382.512697][ T9702] kmem_cache_alloc_trace+0x49/0x320 [ 1382.518006][ T9702] io_arm_poll_handler+0x15e/0x420 [ 1382.523140][ T9702] ? io_wq_enqueue+0x3a/0x40 [ 1382.527773][ T9702] ? io_queue_async_work+0x18d/0x230 [ 1382.533064][ T9702] __io_queue_sqe+0x133/0x3a0 [ 1382.537785][ T9702] io_queue_sqe+0x6d/0x160 [ 1382.542199][ T9702] io_submit_sqe+0x15c7/0x30c0 [ 1382.546967][ T9702] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:22 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r2, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/125, 0x7d}, {&(0x7f00000001c0)=""/230, 0xe6}, {&(0x7f00000002c0)=""/249, 0xf9}, {&(0x7f00000003c0)=""/253, 0xfd}, {&(0x7f0000000140)=""/26, 0x1a}, {&(0x7f00000004c0)=""/42, 0x2a}, {&(0x7f0000000500)=""/244, 0xf4}], 0x7, 0x3, 0x200) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1ba22691b338000008000000000000000300001b080000006d"], 0x78) ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000080)={0x9, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]}) 03:59:22 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) setsockopt$inet6_int(r0, 0x29, 0xa, &(0x7f0000000000)=0xfffffeff, 0x4) r2 = semget$private(0x0, 0x7, 0x0) getpeername(r0, &(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f0000000080)=0x80) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000280)={{{@in=@rand_addr=0x64010100, @in=@rand_addr=0x64010102, 0x4e23, 0x0, 0x4e24, 0x7fff, 0xa, 0x20, 0x80, 0x8, r1, r4}, {0x1, 0xe, 0x8, 0xfffffffffffffff8, 0x3, 0xc23e, 0x7, 0x5}, {0x8000, 0x6bf, 0x4, 0x3}, 0x81, 0x0, 0x2}, {{@in=@multicast1, 0x4d2, 0x6c}, 0xa, @in=@remote, 0x3503, 0x2, 0x1, 0x3f, 0xf13, 0xd5, 0x7fff}}, 0xe8) semop(r2, &(0x7f0000000000), 0x0) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r5 = semget(0x1, 0x4, 0x4) semop(r5, &(0x7f0000000040)=[{0x0, 0x400, 0x1000}, {0x1, 0x0, 0x1000}, {0x2, 0x1, 0xc00}, {0x2, 0x7f, 0x1800}, {0x6, 0x6}, {0x3, 0x6800, 0x800}], 0x6) [ 1382.552573][ T9702] io_submit_sqes+0x61f/0xaf0 [ 1382.557249][ T9702] __se_sys_io_uring_enter+0x217/0xb20 [ 1382.562701][ T9702] ? fput+0x2d/0x130 [ 1382.566672][ T9702] __x64_sys_io_uring_enter+0x74/0x80 [ 1382.572072][ T9702] do_syscall_64+0x34/0x50 [ 1382.576549][ T9702] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1382.582513][ T9702] RIP: 0033:0x4665f9 03:59:22 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000002, 0x10, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) [ 1382.586401][ T9702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1382.606008][ T9702] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1382.614424][ T9702] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1382.622401][ T9702] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1382.630369][ T9702] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1382.638340][ T9702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1382.646325][ T9702] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:22 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x1, 0x4b}, {0x3, 0x0, 0x800}, {0x1, 0x4, 0x1000}, {0x0, 0xe, 0x800}, {0x49f5eaaf36f979bf, 0x5, 0x1800}, {0x2, 0x71e8, 0x800}], 0x6) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:23 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x2, 0x7a0, 0x1000}, {0x0, 0x3f, 0x800}, {0x0, 0x7, 0x1000}], 0x3) r1 = semget(0x2, 0x0, 0x5) semtimedop(r1, &(0x7f00000000c0)=[{0x4, 0xfffe}, {0x3, 0x8000, 0x1800}], 0x2, &(0x7f0000000140)={0x77359400}) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semop(r0, &(0x7f0000000080)=[{0x4, 0x8, 0x1000}, {0x3, 0x80, 0x1800}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:23 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) mmap(&(0x7f0000ee7000/0x1000)=nil, 0x1000, 0x9, 0x100010, 0xffffffffffffffff, 0xb582b000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:23 executing program 0 (fault-call:7 fault-nth:32): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:23 executing program 1: r0 = syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYRESHEX, @ANYRES16=r0, @ANYBLOB="bd7017ffdbdfa06b000011080002149ae1b57c95a5466b0000dd0500010000008000000000000000000000f7ffffff00", @ANYBLOB="e4b3fcdfaf28d2f54df0074dae8564120ea7471c8734c4922298574f4a6257e44b155e19c37e446191e681261f8b78af0cef84dce214261ca313fcce6833276cb1e4ba13668bbfeb3b5024ed222970f99e7b69a5a4df5dfe03e1ddabb042e3695f67e387c26fa634b4d9bfda45b262ff431c6d56785cf7fed495c7f6bc172da0e3349c47edadc95de0995d0500000049c46e0d364800bdfa1bac1bbd842f1dbd4cf73f2a5311fa106c0c61b59bfa82276f2a1aadff1ad04e31a1ad41059976b940f5452f93e868863e967bd1ffb3e1515b9853f730d800a841d1cb0c79e8435815ff0f00"/243], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000001600)=ANY=[@ANYRESOCT, @ANYRES16=r0, @ANYRESDEC], 0x1d4}, 0x1, 0x0, 0x0, 0x4008000}, 0x2400c014) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000580)={{}, 0x0, 0x12, @unused=[0x9, 0x0, 0x7f, 0x20], @devid}) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000100)) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000100)={0x6, 0x8, 0x8, 0x5}) r2 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x8002, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f00000029c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="ba01000015e902e73ab82083271a850455e66e48f8ab6340ab7eb5be671d74010000000000000021964771a5da426d05674a7bc1bdf18c4ba98ff8199775863f84c471d71975672ce83830e109d40abfec1103cb9a1fdb1d41f552ecacdf08750866b8c8db05c01d17468f1c5702d54280d0cb1cbe631c4f47acc100a4918d11e189dd08d527ffcb2f6588d51a8e89ad3e61a114bd7bd354865812ad283fc8eee46cb7fd999c5bed57fa62b96c8ce7e87e01d6d8fe54b2269bffb6fd8ffa67c6cdb3674521bb7b878c88a057ed2ce84e44be0b8084291ce1508037d953339f93a1b4d455511b70647dd7e81471bdfc69552f0883880ff0dccd51b95504d22279135b3df122fefee05f71250da37d4f3f14f504e1c46cb6a2cbf6fc70aca58b97e76ed440000008000000bfee8023f99be68e767812479b9f7d26ddef0ea828e305b9aac8055180ccf555d429e58a7aba6df0291b88237fe41e711942095e8c02e26a22675bcc54300094a1af5ce11ffd1104db9f71eddad711c00c24e90f8f90866300f81ca06d66f4b17915fef24a7a6b8e7c1e80d3b8dffff2c96c77a578875c793445ffb3ec7ca8696d288552e6df1039c48e4ceb77f51b14127fcc001cc3248744d462b43d48cba20ccc3d40be923594a7b65b737fb9983a45164b8f701996c7d1d0886f604d179149c2deb908000000e3006173372860f0c500"/518, @ANYRES16=r5, @ANYRESDEC=r4], 0x1d4}, 0x1, 0x0, 0x0, 0x24048000}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(r3, 0x5000943a, &(0x7f0000000a40)={{}, 0x0, 0x1a, @unused=[0x7fff, 0x7f, 0x7ff, 0x9], @devid=r4}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000440)={{}, 0x0, 0x32, @inherit={0x78, &(0x7f00000000c0)={0x1, 0x6, 0xc3, 0x8, {0x0, 0x3, 0x10000, 0xfffffffffffffff9, 0x8}, [0xffff, 0x4, 0x80000001, 0x6, 0x5d8000, 0x1ff]}}, @devid=r4}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000540)={{}, 0x0, 0x4, @inherit={0x70, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000005000000000000000900000000000000000000000000000000000000000000000700000000000000ff0300000000000027000000eaffffffbd070000000000000200000000000000010000000000000001000080000000003c050000000000000000008000000000"]}, @devid=r4}) ioctl$BTRFS_IOC_DEV_INFO(r2, 0xd000941e, &(0x7f0000000480)={r4, "13144fac723c8b45b925ebd52917041b"}) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f00000015c0)={r4, "3ebc891fb67b5ae0822c358324df4a6e"}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000080)={{}, 0x0, 0x4, @unused=[0x800, 0x81, 0x4, 0x5], @devid=r4}) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1383.056874][ T9757] FAULT_INJECTION: forcing a failure. [ 1383.056874][ T9757] name failslab, interval 1, probability 0, space 0, times 0 [ 1383.070048][ T9757] CPU: 0 PID: 9757 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1383.070067][ T9757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1383.070076][ T9757] Call Trace: [ 1383.070083][ T9757] dump_stack+0x137/0x19d [ 1383.070104][ T9757] should_fail+0x23c/0x250 [ 1383.070133][ T9757] __should_failslab+0x81/0x90 03:59:23 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r6, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r8, 0x0, 0x0}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r7, &(0x7f00000001c0)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000100)='./file0\x00', 0x18ba5ce86fb53da1, 0x2000, 0x1, {0x0, r9}}, 0x55b) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r10 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r10, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r11 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x402000, 0x0) ioctl$BTRFS_IOC_ADD_DEV(r10, 0x5000940a, &(0x7f00000003c0)={{r11}, "7c53e3682a7390838ac41a61164bf839a2ba002c408079c928012f0395fb8d3222d3963c4e4f10dbb1826299464f4829b9d04d5e0158adad3f2ad09c69fb74342594e8015679700fb7a92ff8537eaf52b5b3a295b7238388258070f5c17be41d8357d1fdbe3c8cd090b70c4742007357ef763d0cc5ab768a57c1168cd5417c6d1821bde7d5e1a171891d6bbc00f0907ae5a9a23d36bc2c9609c266f359ce311cdb8b605776a447f1ba9712ddc7e5b07febff9f5ca0131fa59d24b4cef6f903c2af7c91de0c1ec15863c2b3e39e6fb2cfc92873d14f3f7fc24a69b8861d78e33eb495e7361cc5accb4e4aa88b577eb3437308bd24becbb597c38ce4ea5902e117fde5ba325b203a97c0f623e62e700a7fa9e3313d09bb8a9a49add4b4c72085c74e131a29763fe58dc235f1d4b3c2b91c3a43ea5ccfb0b14170b618546e203303fdfe7fd3c59325967e2e5785b19d2dfe620f7b298c5c623539426ce3b1665fdc3735459f5f05b7f2d35fb6dedfd2a3699b6e1eef4df7e70e458a54ead621a04f22b9f501f0a7f867ea228fb149b4fc2947c290e1ff57d92533b4b6ba0a0f450949a6411c3faec6dd012dd499117ac2bd91511565e5af5389a811cb5effd7e5bdcae86314001f32792481ca209d6f27844d1d93ad9d08eaad63938f73f1bb457a02eef678e69cceb89c404ea5ce53ff8f8b2915159b9e18a41f2c12a715cb2516e9e92d6db80323de893dec1b63a3971357d2ade88d88245e69ca085bb97e7599c40535e607861ea959f5ae69e68594529fc943b7d5e3832af53da7491980ef1247dcbf8ce8cd460993b3cdb1e67d3374ee30329593c6096b8b92656ff3257eaa524578a69c1ce0ecf953a4822eaaa001963862851fd9cfe0f402624bd96d04c53d32aa6d3e5ed39991a7239b3a1f4b5a206f18f65a9d553792babff9adbee821be2fc4e75a706791cf62ac0938ba62fabdec3cf93fc337ec5d72239515f6974515634fd4a17280e341b4580e5f732ed43407f529bf76aa893b3b0ea0621adc3fa60b05698f3e7974cace508f6381362a23a42b2c351333d87a0334a873ff6fdb1bec808cbae38fd23c310ad98cc54b11168946cd80d8a9c1033d0ce3146766468fe9b0ba064fe187201cada6cb6b4d3ec137d6842687486913117ccce2c9c349e786005f7d81aed1759dc8fec7cdc4631a04007d579e650a95779e26b4c8953159a9628db5ce5eca62af7894e0fea4288d8382816127b7299acd076ca3b471ee14b161d8c505679116e5d7150e93893e09278e791def9f4350a9fc91bc6e2349599f43dd8a7f34d366ea407196dabd4a313a585043bda6a1d33b455d7098969930028c9cfff7b50a4b13500268b86032b333529dcc8980c56d969f2f30ffc3518e2909e5d0b7de94accaec57545f44230237ec05c16863ad2880895b9ea98a80d165c06adbfbf034054f9c462235bd002d3152663b0d6d37e3078f0ab1718315fa799d46edb252cd43ce5ea9523cebb46423974ec3f1fc441baf8f9e6110e54f2db7b0bd21f440e5aa61b64a1fe2594f72fd9c9bfd9526cdfd8744ddcaede3ae4d4772b9817b7dee48829302ca4bdbec030791ef16da2cc7946a0b31125597682dc26a8a0880d0101f4937eef1380610b8576936bc48305ccfbd2ef196fea5d11bc9b3774764f932f71d5be30ff0e212798b34d6a494ebc066cc59339614840f90a9e0f46d23a99ff478be740710992dd29288ac75ced8aa0dae5f2a6f6c7e9d655da190fb9f23116d9132d94f7b59e4c1a620638325ef714f6cc399163c800252c61e477528f9330fd58ac21500a4486c0d5f002e12e74ea628e5b13cb97ad2637c05f3d8bbf1afec3c16ee7ddf46b81defa25dbd973b8d08526ec1c42f7b92bf698c268c3d65c7136c3ff320983a09f359e4e5d054ccbbe8de092a4a8fbd743bf389567f8d6762ff0760d0a315fff9389314f2922a3d802c5465a76931926ad6b3c2983ff7624ce34110d69c6094599f0447911151eae4229c1519b7b581ee97b8b7e6b86a1aa5fa97bcf6be5b61bfd61c460b16ac6f8eaa95440faba5213cbbdc19eaa4025e4d6fdf6139313b3c1293122a421b254c436dfce5612878ffaddf336b4db1dc60ee90e5c46dbdf9ab88c4f3d7be809ae373bb6a22ee4772c5b3840484aae3b7f9555b8fdd5974d387b23dab1761041bcacd6e5532fa5aac9ad44af8a95ef8e31c3362f72a4d6a9dec2d06b519d27d59815e458b6b46ee4131d5e126d573149c2ce857f5aac22008527ec9ac6e4d8ff0ea8e489cc7de9caa180c6eb4c3c0e0c188d20a85242c5f078feaa58d59c564ecc54b6a8e121242262bfa73d5da02a5e4f8814e8afeb8e455e5f78e6d0286893c3b7efc73e072e782b0c1114fc2698552369446d9e735fb1004f4ec3354b47bde38172c3e7487e4a109af0748d6c886939bb8113d980e5b869224444dcb2fc5d0c9f2b77b10738fc9a36ad5fd9d32c3ec356c8da5ead69a2f89b705486a2796e1392facbed65b6b63cac751786b1f2379cdda91164e32de2a843e3eb8db283fce776022b5c3736ef9e2175b1d9f8584aebbbf462cca3a0bf3d96c67d2a51f2dd08d2ae1c1229abae93a518ba7461571a06beef07764bbc14826f37c02895899030d7c541b8fc0ffa00ba545e7f3e4768923fa63d25fdcdf40f38419ceb5f2d2c8102ffaef3761e5dadaf366ab813280559bb187807d90f189de48e915339799e17101d3bc4bc3e85fe7a4611b948ec3ee034fea3b67000a228ba41af53593bd520d1f73500331c4b98540e7768ad342e341381f8d0f189de49b41421c3a68f3c314c70c77e5013fedf168d807e60b26271dad34c851add42322436f1d8eae84add05708a2bea28c1b1d206fbc2e2292b08633c769b594b6cd23a0e3988382cb92087870d526f9d7ff67401a57a37f2b9d1be73f83eff5aeab0b752a8660bbaad1f228bc2b8ef2b30aa1b8a0d32056fb8ebf1d0fa52fe0936571ff456366c6af541427591266ac2d87fbaaf700ad6c0f9359690b31750393865348515d48f7004157914f95cdb98879153d7dc32cadd5effb7226253da1fed208e0a9807dfe8c01b4e13df3c76bd1235ec06fbe894734c6c9c9f67d7f6bcc3bdeb050d069237fae7d4bebb21904ab232efa58deb61655452418a4977c633854a32bce413beec0072eabc6319f523fc8de0e171d1edf4ceb4462520b30c95725e580d5da8e6f4762a61a20143a392f84e4339331861400ba421630efd7bab3900f0a53c371aa01cbc8b2723cf09a36c07c2ae8b9600a15674a1ab608e381806924ab8ee6866850f490d26250f77ebe5216e073c7b923a7e03d7fcda70228223cc2a7010bfbb73735be6cdce6009a435d2dc377b18289407d2fa53da74544d6b2c63a63d329ec3a87f37c1ecfa5e4fc769dae66f0e2cda5bb009ebe19d0d8ad62e67d1022e25a7e631add3449c0f78b39239488ef95ef9ff7f0a459a1ae89b3f816dbc3f817224b41421de5863d7e0cd7e0239844b4e0ada2a8e01d4b8ef8459ea847c80dd088de65741f07dbf9613d12470ad75073bb445cb9b52c44c191db1e11c8244ab4b7c1beed181f9ece18293ec9469b6969515e4ab190558814455bbb28ff29c8c543660ed9b56634219c7439d1f780dd97b38d4203e83f81548d7fd101bf46232254ce292e57919c0a236f71d1fcb374f2ad906ea1c49bb4fdcba2e19585fd02763dd0773746218c498e443f5d3264302d8d68bd6885d5927ab76866fe105bfb334e1b48f69f7a64a01c443df2e1910652548a566e33000dc5538f08ecc735c6ab8d9e97e4bcc94d0c83e34f1b87503179dee93d8129826329535dfd3869f7eeb64543b31f49b7bf4edb10aea20edb706526b6a5aa4e4f5a89d1055f203180e03bb5210434f876eb0417725adc250bf5bba678dad79b45447df83445f3f18b544fffbdf93df6a8f3af93b43ade8087ad92e87e8a88e4959f0a9a5307ef1a16058de8ffdb969d436f8cc06889b580dddfde1a898b267e4ce2975af01764a038bccc57babceeca1aded393565de019dc65036e3f138c8162c166624854f1a7d741e439103788c2d9d6ed2d4f871428b7831777f8128d6835f947fd1f544ab1f6d5da2f593070dac2c62db177e491e7cabc0549b56663aca85ee5218668e980c7186fa3491a29d183f78c84a6a5e85f8feeea526edc16b163cc762ec0a6f61c924be9b013a7aa5e0f83fd6db18ac0b01a7a78f6c373585cf1fd04248ed6e805e1055ca0aea922c91df43e8647a30e872263aee17021a2f21146c4b27a59d7ec48ed4f390992b70be4053c083158d97ce02043eef7ae9e9697577c638bcb15a1789ecfde2ac0a86d6ad21d1672342b875fcae53a8aa8bcb4e8d168d15e10d17d8eae68bd7ffdaa2e594644d46d38223bf0ab7811b473711a0edc6fafb167260464911dc42d2d2bab1f31da90a0129a8d1040934384c2c8de4aee1b48e977863ef17cc67d85d2c8f49c5795bb36f14bcb8e8d8868715d19af5c1653ac8279a4d80aec10d372e4bdf449b382549257659df5bac60012ebdfc48681c22f653c2be662052cbbcaa522383ead5aba6e1dd85a4cc0d9516e7c2d7ff18a3b66d4b09b1cab4ec9943fb912d3c19219496280b77a0c345ae7f61ddc22d7e347ce8e336a444ecef14d7854de6c401ecaa80195e1271ec1cc39778bbc3a6e0e5999066ac1d16a976687a216f85656e6328c122ed9f112dec58584d50ef7c8f4a323769366ab689a7f063fbfa0329fede9db2b3a36dc724a54e0975799ef72d73e78196029ad9040ab350bf16a1a0ebe6f24e990e7adb1f67a9b4fb511c04b29cc2d978f2db1929e28931f1b600b4dd7ae84d29ef8631ecf974f09ab5015d633b186d39a9183875be543255f27338e2faaaa0a6392813d0e5b50e6ff6520b6af15caa984ff3cded9f3d6379aaeb89a73af12b67a65e369797c24ce570e583185ab7a0eb8cece3027ef3382de57ef461e3bb24b659765d9b1977efaa266bb32a6b3a0b24c017f937cd8a40120ee60196367ee747693fa3338215f298f064238b64d8a4ef7b273730772e0e121e9ccbd6c7b0a23c61adc4be38d29fafb73e9535b0bc163fb33bbf76f7e732fa69e2ceb077aebc6851a880e167cf028e2b1b178649f643403277fcac2845e734e627ef5aee070d0f3dc0aced42ea3e4a98802718a21fbeffe32604b81d5a55bf7227c9269403f61c2178c7b77d8b33bdbcf48ddb5a80d95a31c8712868d174db3d9aa5b1b071ebef6d6822fff6d99b7967a360ffede5c113067f7125ad2887e12ab8451913fb6dd4312107d721d78980079f9a6b6bc988a3cb9566030f701f6964caaafc741e16b5a845d5cb89061909b8eb30699cabe2cef3ea251ea850a63b897af6fb4fb46f817e9f739597cea8fe0e474e1dc92cd2aa05cf6ff5ff3eb054cc845f09371bba82652ff344c59e05c0ea1da56f9d34fbabfe3c62b1477cde30dce347b6da46d421a7540ef515675900cc8750f33d5091e31ca6856ff63f545064ef2d0430ca0fa152b464196fbfbe92f88d18c4e48e6da92c547a1355bd1b9dc00dfe8a417342ac9ef443e1107597a6aeeea70368cb7d2c76e7f27fb7e1772db0d6f36c791d448cb7f8ed16667246ee7a34c819a94217fe7a366c2da35788b21b188f57f22c7ecf9de19ee8df5213d8fd2f6ad1ebed7460bf4a5aea5053c93f80bc6d0553a8e3782a0d726f78000ad47ab23de604d147cfcdd0bb942fcb5c0b7ce1c"}) [ 1383.070178][ T9757] ? io_issue_sqe+0x418f/0x6080 [ 1383.070196][ T9757] should_failslab+0x5/0x20 [ 1383.070213][ T9757] __kmalloc+0x66/0x360 [ 1383.070227][ T9757] ? rw_verify_area+0x136/0x250 [ 1383.070248][ T9757] io_issue_sqe+0x418f/0x6080 [ 1383.070295][ T9757] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1383.070316][ T9757] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1383.070347][ T9757] ? __io_queue_proc+0x99/0x260 [ 1383.070371][ T9757] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1383.070389][ T9757] ? vga_arb_write+0x17d0/0x17d0 [ 1383.070408][ T9757] ? io_async_queue_proc+0x3f/0x50 [ 1383.070465][ T9757] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1383.070483][ T9757] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1383.070518][ T9757] ? try_to_wake_up+0x353/0x470 [ 1383.070539][ T9757] ? io_wqe_enqueue+0x457/0x4d0 [ 1383.070624][ T9757] ? io_wq_enqueue+0x3a/0x40 [ 1383.070636][ T9757] ? io_queue_async_work+0x18d/0x230 [ 1383.070689][ T9757] __io_queue_sqe+0xe9/0x3a0 [ 1383.070711][ T9757] io_queue_sqe+0x6d/0x160 [ 1383.070734][ T9757] io_submit_sqe+0x15c7/0x30c0 [ 1383.070756][ T9757] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1383.070822][ T9757] io_submit_sqes+0x61f/0xaf0 [ 1383.070842][ T9757] __se_sys_io_uring_enter+0x217/0xb20 [ 1383.070864][ T9757] ? fput+0x2d/0x130 [ 1383.070885][ T9757] __x64_sys_io_uring_enter+0x74/0x80 [ 1383.230038][ T9757] do_syscall_64+0x34/0x50 [ 1383.230067][ T9757] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1383.230156][ T9757] RIP: 0033:0x4665f9 03:59:23 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mkdir(&(0x7f0000001780)='./control\x00', 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='sessionid\x00') r4 = syz_open_procfs(0x0, &(0x7f0000000080)='sessionid\x00') mount$9p_fd(0x0, &(0x7f00000000c0)='./control\x00', &(0x7f0000000140), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='transtfd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',\x00']) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$BTRFS_IOC_SNAP_DESTROY(r5, 0x5000940f, &(0x7f0000000340)={{r4}, "045c50a9f78615cca84051488b915a08af6cc96d2d53ea4fda591beb755a302c94617779af40c56b430b4e99f359e8bf58bc498e4ac75a74ef95a1b969d6d5b0f663f8dec5d9a5f413744c6161312bae198d94425d0a0c9e63b3dc89682d8841b0c5d4eb639dc3f7d1e09f641153423851c2d74862c66a2cf3aa88de9f722feb9707cdd66f763438985860cb903f826c3529dfd676308d82f9fc16b47fc400579d86217c9fa2583872097e92429af285b1ecbb85972bf762e456221bc6adff6f07a8ebe0d6d42c46501fdefa99526d8e5b0f54f92fd874f3e2e4540b975d314a524814c20e054acdec2536ef8e9d39f1d4ea864a53c847a2886fcf732a57120048a4211ebb70090620fb67a4f838aea057c8a4b3d33be64eedc8a6796e10d5c3bbe63d42e6bb78225d6b44a5ead27508da60973c9d54d86240fc4356b912f48f7647ba2d54d2ae2350dda657ebab5ea6d572338b16fe79e0c88daf6fc15cd6e5b0f7c957579163dbee63120a37964b48b682bbb10bc886b0e94eed9341dbcdfef374f652f34ff1afeacc8a4629df1d83986918c22ebebd6e0b221bad6a2754bbc9dac7a1c2e0b1ab1813debdc29d189d4f8025400bd153273125825c56e7164e9a0926c69e6dd2da6b1eded6d92953af01748cfa23376afb532baf8d1c9044b1eeb76f8013760905c4fe10c4a5f46b65f7c624b38f502e5f6839473a56bd3b002bfa00a1954f9b46c2ce587bb5905ff6985799e9a3d4fe989093253a937db222d73246fbf713789e9556e86000eafd6a687ae0cfe44600bb8de994eea9da2b7199f21ce48197af663675064dfdd1ac3a4c8f600c54946b3c01edbe333ceff56202251b2b122bcb22201ad53b001c6486527a65f6aa42e03d340a4f876467c2e0a92efb6af2d134c9bb38e8e0ec2a9b26ba3d02411a4dc4e1458b85f31cff8f14e69048de9bd3b3d0e358837ddf95d66d495e1d25acce7e145ff49d47eb4adfc963236c89decec82507d18a94b0981f68107251888d0899c684f4fc7d490815eab7cf4bfc7057700253b3f640cd9ffc7adacd8de6b0a0f80301dab29089a64c08eb1843c355e889a169e7cc8ad54943ecede78097cc8cb17f9de4ea1e28b4ff669e83386fbdcf1a4fb76f8dbe8d010c0d312c2b75d36c075a83e9627fbe323450b37c3cefd52f14ede1c3d9238ce3cbff5b203d6facc93938d505e930a410d1f4df6ead1b7c5d9b8c386992b76ceb904d2ba7d9ef66f979b8ebc793434cd5e01f6c8fbc4bb223643ea879b0395ada6f9d40416a99bfcb3374c5fe8ea2f2e1b9116d746b5613c87014beebe2719e7aa564871a1c5edc15b47b5d92c745d9b67a866512b575b610aa6d7872ffd4dd3793964b1fd57851647eb274f564cb6f7e9713dd07c444d87eb883930f3a265c678bad54d0917abb2ec67b256f616067215bc654a26f50c6624c1116df98752da2449b8910584f94a90fbac6eb442371ec97ddf513ad1e049f671d9d7cbbc3477c6400db2b7d5ba728cb6d7a67fdaa4ed2b2fbc4a0ad3eebdd71cb5993ae077429972b17d730cc3f048f7c2629fe2fe1c7e4f6fa5bc1d2bf4810fb062e809ec10406694b795751ef7bf52c1f5da326351e0d677f71a2d002de980f0fd327942d4940489a4d5fa192b3def2273d675a14854b098f5d26ec306e3169eacc4c8c739f1c06a0ce81bfeb7f0472027d1f1f6194dda88aa2452f8aa837d59533cec7613e3ccc01cb095fb7974dde78c7fa643c9f173cc4468ac849852d3aea5cd651f50aa45150df48df929c5ffe0e18025625ec7c723d9cae2d4d6efea9d3a9ec40f63d8fa42472c81c1f4477ac05b42683bf0c6ba7bef699361d5dcf168b507ff4bc9055a74f479b3a279d66ec119af905cb5c661ccf2628eeb3172b1f2171a7ca4a4b4c8dc852875edfe4e072a60c2338adc03283435a9b86b4c8a5f864f3b3d37824b4d1de7af38e5e70c8aee0f04ca953c06ba5ed83e9152109caad9bad1c3127422c3f94abe7763d0a391bf97152e5c6629af3c5d73c34d1a6a0bfb60161f33ddf85a729cccdd2b669a7066fd3fcf19c4493fc744ee9fe1c860b3ddb95348b0af1e1094f6391ab280360239c29771a9d415ea85cbe17bb831bd6f6582800543eab3c587e2fdf4a937cfaf33879ffc832af1c12c6bb365ba803b11de9f18aa1d1ca50038c59fb8b4202ea5c3c9beec6f671c4f4b6dae77f2cc9b2ef1f058804bb53a2b7c7946eeb9a9c10440cf01cef7253a332af148c74b9df21f9fb4bc0566c570abbec61a0e31c7a93508f82d20feba512a13038a24dc02cf6f7523e8151dbf15bbc949ca93030c3836be4a81624c01002aae48b99f72dc68e662a9bb49425b8c146d16adf903dec77451499586b03d93df1e041e9d353aed593afa879c60f5e8db1cbf6a47b386023c7e8b43042bb22d67f03eb9e8c1bc764ad34ef72bef5a3aedf75cba0d87912b22b9a7fbb6aaa1859617af234948ac11370f6c4bda564de8af8f5bb60a96f610efe33bf8215da8ab5ccb6a41b10b8c4e6e4bf850572684eb5bde0477a21daad75b49b0911eb36af73dba6d18885337ad7808f0b625005333ec6c0bf399e167aa82ab71969c4a3d29067fd525cb870c8d6fba0e24112fa16a4f412f7f41e1118dd3011fea2e542e9ca47589b8eee521b2467f97bc3c84d7a4a3713f855c29237d9fcab79c2415e46991ab22ed2c78dffda0ebc649cd2b515b751f180c6c09593b29f0024a080f18cd4916df95992a8680b99b7bc63a3b74f67064367a0c9b834207c9fd3e0278741e1d10c667c5943de5987bb9c88a9676ff3b4f9f679fdfde375459e8199c57e61499b625ee0c1e244bf4dd9b6b0e2acd657ee0c6268719fc4dc0ce249aa8307fed250d031f0314f1021c4ff95b3c0f45f31df988377d27960cb55b7bc76a2b6fb4a290cc94697a7e6ea5049d0941cdd17b8c33e387db189939d74a90725009263dc9a85d77bbdbaec700052b86ea870e02b0e96dd9cf0346abb0f749fab73c116286bb048539c22c336c7219ca074b092ed56a15326d1f13c776002e842ba39126f0111fb77828b4426f801347d7d9401fd61af21196d639e43e6ffd9540f26594767657df57f9fb68caeeac17a0dd7fb48c1f20edc750c3cb99a1c89cb4f49c9f1973ee6b460f5ae2c73ba2024bb19e2fd766db596ad1cc7493d30d1c049b9691ad84093eea7c38b49a0e05216bf7e40a71b0641ef1dad5a8ad4e63221b3bceac73730f635bc2075578cb45b10b9e195af9d4774ad299273d70a7930d76fe2cbdf34ca37109299de0d0045297a6c4565dbc0f4aca2c0a95a1284cf053a3f34367933b573cd08729c04943966ac8ade1d5cd156e581eb1ec9eba4c0d4cd483226ace1b3b2ed55b51a4f7b947a1213c277d409b32b6a2e499778d1d03387d623246e93282ad9594cc9bd076c653847ed78d82fc14b9a8efc336ede116bf921502468fbb30cd98a363a99e4c840ec4e25cb4d595e599c06977de79eac8da6bcf7a143a05c81fd2e9030a3b216df5219c99301058f94a84797ceaad7ec7c618302b2fdb0a43f7d24adf7d506a2cda4765e71ba0b590653833b762b4ac581d2084c53d115145fd49886b9f341904ad5d80323f00b9ed0bfedf140f1f65f948297fbc366bc04c4cdf107ebfb92a602d93edfd680d92b44340d760f23ac81deeff9cd8f003d1ed56d840468a7ec3b7fe8e7158b2586951ee46ccc4fa8e6dde3eab488b06d2c034716d1fb408dea397395c2a8630545652b8467b5806f06370b1cc90f0ca0e0d2f9c2121533e8c1a2654f65eedce7accba6db62edea3d660e9266cbabc9125e073c08557b6d33c1967f1369017b33fed94ffc0df4f14a0e8473b3ae654e36fea2b2f6becace44083b4d01574fe4f8e4f38253ee6b0891a69b599a8c2b389412000716348bbec7ac0c69faf5840014acd1bdade0c2f0ded5e0f6dccacfa5d820894e86f33ac724150b3f8faa039414c424f1d4e0d53f540fcb5c991ea2f4ba2ff15330b59b1db4ab1684509c79f839d3719a71eab851292b64674b93a7f9afc16c19ecf899c0b004ff989d6e3975aa077f0ef31bde8e3c8e1e5d33a4d1ddc3557ccadb04e123db5d42ed9dcc49384eb5a1b171a844d24b061a11e3778e8798d07c76bd1d46c380b430b177622eeacd958c74b96b6c27b8b8c7dca5839b670f9d1f99ae4dfff17e77cdbb1c45e8079b69438828271e6612f39663c84590ae5de6b0c7a5b128436cdf88968776253957e9290de03f56429f153cc223257bbd77210eccdca0b72810fd0bd4a088040468555e9b961367fa9cd817058b4a1aecfbc7b8aa47e31b5bd5a715cc4502961dff377a26551d702166d1a3b2fb864c473471462220651179f26aef1d7563b2a3fa4ac39a9ac88346f5a0287807524e77a8de13efbe1ee28e58cbf809dda904620508c8bf9c276ec40a7586d2a0e9c10b8abf6653a779d4d2d0cdd9f33537c8c1e862253cb8cc45d2193bf2c5849990b0f552796fa279943f65f108f350c24e0e60c315b184342d6a6f029320aa44f22f28eb6bfaf9bed41414f438afc4bb0fc0eda4bb04057a9da8d75b5bb76fa5f656349fb05a592368ab504c672b2570a995f4c311352e5a32984aa4eaa5609683c6192ae3eb1ff5733e04417a8b281201626a43c8ea2fc98af58f1e8f719f4c5217626f9266f012809abc33582a6f8cc64debd517b4b83cd5656a5a1bc97aaa50cc1ba2e970e51fecb42aa11ea4094b6a452b28f49a108c6ea21f8dc489aaa19c46b6fa52d9ce26874af2010a226e8c5363237a9bc1d0810fc06339c2d4d4ad4fdd838e574eb2d7ee92da16b4157da47ed6cfafb13b347cb928e29b297312d82c83f0dab556f153eaf97e30c04261fe91c98466edea595bcabd6ac9595487f7bbfdd0ccdc01a91df4dd6e6f9a318ee4b99d36a7fa5e15d84d11a332516b549598d2166a6f9609e79d78051948f883b9de440bd55121039df5b3b26b5d4aa3b3f842667039cf52751db24d7b5661088e80505ca69e9d578c1d2cf6cb1e1f0ec37a10ff8adc76372eba086c5cdaabb68853ed80a5f8ba8e0e78928e52962070ff3b24349c9cbd66e1804244f3f1a23fa0e4a8b645afc9b03b628bca666442ca8508e1663af5d03ac8b47ea02b616511afa5049c1495e8ed362124230907956c88784f2bdc25e3a4ebdde568790508d66aca4f14fdb5ad6c22f855647dc8b09cc9ebb24716d1d1a146f5ab93d1b99fd6c47c26ceb475501e759ae09aa6a9c895b0753aa89755ac083ce9238963d336fd8b5ac106988c792817e2ff53f5413b1b50ef445c9cfba2d8eaaa1dde7c2687a21d5781343ba627634fb9b7b4f7dfcd921369d3978444f49a97dd5ba4bb5fad0df2c259057b22bd0480df8db5e09c01a5fbbda83cc7a0985c2ba031202e7ae3da1e8468b5bb8ee2f1d4d79264c8144a51adde878d300051ddf6bac9dff57ebc9119952fe746d1cb179879cbe62f985139c266fdd29a30cebe247966cd44f18c55cbe873252e242499c5be449d2f9d01b163c608742f7b86fa6dd0dd577b34762232d664244291dd207951473f834280b22736e6f1fd6e9acd58d722f78322d2fc060e16da3cb1e25d0fe81539585a6440720b3221208e4377a6c08ce2a4c81754e81399b54458262d18fc4d5c4c37a7e34d69dd4f5ee63e5016aabc15080abedf9926bff30dd8301e91138cb908f0385fcea0485bea92977b4e4837e8753940cb24dded3a846e9e4f65554725fe"}) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1383.230183][ T9757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1383.230202][ T9757] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1383.230222][ T9757] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1383.230236][ T9757] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1383.230246][ T9757] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1383.230256][ T9757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1383.230265][ T9757] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:23 executing program 1: semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:23 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = open(&(0x7f0000000480)='./file0\x00', 0x102040, 0x4) ioctl$TCSETAF(r1, 0x5408, &(0x7f00000004c0)={0xe1f, 0x8, 0x6, 0x7, 0xa, "1bdcb10e492e5e01"}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0) lseek(r2, 0x100000000, 0x4) syz_open_dev$tty20(0xc, 0x4, 0x1) preadv(r0, &(0x7f0000000280), 0x0, 0xd9f, 0xa818) ioctl$EVIOCGREP(r2, 0x80084503, &(0x7f0000000380)=""/224) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x228000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_FT_IES(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x130, r6, 0x329, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_IE={0x106, 0x2a, [@measure_req={0x26, 0x100, {0x0, 0x0, 0x0, "369eddbb15a30143481faccb067077d8054ade3b2750e35b561af9b1e3e91d0daf4174768fa8fda714806888755657e13ed4c1d7ca48783b59e4dc150c780e836497c88fe55eeb3c2c617e1d319f3206f0adaa6073ae4e05118a358f64deae3a833764e5c2f7fdefa446a5da1303b22c8374ce5ed250de7dd1e30d2a30d78b9da2681b2207be5074c82d2a10a67a8dd84187459eb54b8ed5a29e9cc9af1f80dd6eff21629cbfa23aaf9ce9e4c23a1bf20e1706ad6b898fa63f118833d71a59389976c91efeeebc1b9d2da95001d22c17dce05bea07a1d426d13b16de6aa540367a0fbfa97f49b85008a6fee37516d9759207ddd76d60d86d6a141b263b"}}]}]}, 0x130}}, 0x0) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000100)=0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYRES16=r4, @ANYRES16=r6, @ANYRESOCT=r3, @ANYRES32=r7, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x404c854}, 0x40e4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x16, 0xd9f, 0x0) ioctl$PIO_UNISCRNMAP(r3, 0x4b6a, &(0x7f0000000040)='a') 03:59:23 executing program 1: r0 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x80000) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f00000000c0)=0x1) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x2, 0x2, 0x1c00}, {0x2, 0x9, 0x1800}], 0x2) 03:59:23 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x41) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x410000, 0x0) preadv(r1, &(0x7f0000000280), 0x0, 0xd9f, 0x80) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYRES64=r1], 0x78) ftruncate(r0, 0x1) 03:59:23 executing program 0 (fault-call:7 fault-nth:33): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1383.739977][ T9816] FAULT_INJECTION: forcing a failure. [ 1383.739977][ T9816] name failslab, interval 1, probability 0, space 0, times 0 [ 1383.752776][ T9816] CPU: 1 PID: 9816 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1383.761452][ T9816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1383.771510][ T9816] Call Trace: [ 1383.774787][ T9816] dump_stack+0x137/0x19d [ 1383.779123][ T9816] should_fail+0x23c/0x250 [ 1383.783535][ T9816] __should_failslab+0x81/0x90 [ 1383.788334][ T9816] ? io_arm_poll_handler+0x15e/0x420 [ 1383.793623][ T9816] should_failslab+0x5/0x20 [ 1383.798228][ T9816] kmem_cache_alloc_trace+0x49/0x320 [ 1383.803512][ T9816] io_arm_poll_handler+0x15e/0x420 [ 1383.808659][ T9816] ? io_wq_enqueue+0x3a/0x40 [ 1383.813242][ T9816] ? io_queue_async_work+0x18d/0x230 [ 1383.818533][ T9816] __io_queue_sqe+0x133/0x3a0 [ 1383.823244][ T9816] io_queue_sqe+0x6d/0x160 [ 1383.827663][ T9816] io_submit_sqe+0x15c7/0x30c0 [ 1383.832427][ T9816] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:24 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$vga_arbiter(r3, &(0x7f0000000100), 0xf) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1383.837886][ T9816] io_submit_sqes+0x61f/0xaf0 [ 1383.842569][ T9816] __se_sys_io_uring_enter+0x217/0xb20 [ 1383.848031][ T9816] ? fput+0x2d/0x130 [ 1383.852122][ T9816] __x64_sys_io_uring_enter+0x74/0x80 [ 1383.857554][ T9816] do_syscall_64+0x34/0x50 [ 1383.861973][ T9816] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1383.867870][ T9816] RIP: 0033:0x4665f9 [ 1383.871756][ T9816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1383.891367][ T9816] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1383.899779][ T9816] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1383.907906][ T9816] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1383.915886][ T9816] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1383.923983][ T9816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1383.931954][ T9816] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:24 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) r1 = semget(0x2, 0x1, 0xc9a5f3c76cc14875) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000040)=[{0x1, 0x1f, 0x800}, {0x2, 0x3ff, 0x1000}], 0x2, &(0x7f00000000c0)={r2, r3+60000000}) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r4, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r4, 0x0, 0x0) 03:59:24 executing program 1: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x4, 0x558) semop(r1, &(0x7f0000000080)=[{0x4, 0x8}, {0x1, 0x200, 0x1800}, {0x4, 0x808, 0x3000}], 0x3) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r2, &(0x7f0000000180)=[{0x4, 0xffff, 0x800}, {0x2, 0x7, 0x800}, {0x0, 0x1f, 0x1000}, {0x2, 0x1}, {0x0, 0x36b6, 0x1000}, {0x2, 0x0, 0x800}, {0x3, 0x80, 0x800}, {0x0, 0x1, 0x1800}], 0x8, &(0x7f00000001c0)) semget$private(0x0, 0x0, 0xb1) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {0x0, 0x1ff}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r3, &(0x7f00000000c0)=[{0x2, 0x3, 0xd802e3a048c6f439}], 0x1, &(0x7f0000000140)={0x77359400}) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r4 = semget(0x3, 0x2, 0x194) semctl$IPC_RMID(r4, 0x0, 0x0) semop(r0, &(0x7f0000000000)=[{0x2, 0x5c, 0x1000}, {0x4, 0x5, 0x800}, {0x0, 0x2}, {0x0, 0x100, 0x800}, {0x2, 0x8}, {0x0, 0x1ff, 0x1000}], 0x6) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$SEM_STAT(r1, 0x4, 0x12, &(0x7f0000000200)=""/110) 03:59:24 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r1, &(0x7f0000000040)=[{0x0, 0x9, 0x1000}, {0x1, 0x101, 0x1000}, {0x3, 0x0, 0x800}, {0x0, 0x1000, 0x400}, {0x1, 0x5}, {0x1, 0x101, 0x1000}], 0x6, &(0x7f0000000080)) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) r2 = semget(0x3, 0x2, 0x8) semtimedop(r2, &(0x7f00000000c0)=[{0x1, 0x4, 0x800}], 0x1, 0x0) 03:59:24 executing program 1: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f0000000040)=[{0x1, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r1, 0x0, 0xf, &(0x7f0000000080)=""/210) 03:59:24 executing program 0 (fault-call:7 fault-nth:34): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:24 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x100000a, 0x11, r0, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r4, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r6, 0x0, 0x0}, 0x0) r7 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r10}}, 0x0) syz_io_uring_submit(r3, r5, &(0x7f0000000100)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0xea3, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r10}}, 0x8000000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1384.282211][ T9856] FAULT_INJECTION: forcing a failure. [ 1384.282211][ T9856] name failslab, interval 1, probability 0, space 0, times 0 [ 1384.294908][ T9856] CPU: 0 PID: 9856 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1384.303597][ T9856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1384.313654][ T9856] Call Trace: [ 1384.316930][ T9856] dump_stack+0x137/0x19d [ 1384.321273][ T9856] should_fail+0x23c/0x250 [ 1384.325695][ T9856] __should_failslab+0x81/0x90 [ 1384.330465][ T9856] should_failslab+0x5/0x20 [ 1384.334964][ T9856] kmem_cache_alloc_bulk+0x40/0x380 [ 1384.340160][ T9856] io_submit_sqes+0x515/0xaf0 [ 1384.344891][ T9856] __se_sys_io_uring_enter+0x217/0xb20 [ 1384.350356][ T9856] ? fput+0x2d/0x130 [ 1384.354256][ T9856] __x64_sys_io_uring_enter+0x74/0x80 [ 1384.359626][ T9856] do_syscall_64+0x34/0x50 [ 1384.364054][ T9856] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1384.370007][ T9856] RIP: 0033:0x4665f9 [ 1384.373892][ T9856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1384.393501][ T9856] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1384.401917][ T9856] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1384.409890][ T9856] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1384.417868][ T9856] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:24 executing program 4: syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x6a1882, 0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r2 = epoll_create1(0x80000) r3 = syz_io_uring_complete(r0) r4 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) get_mempolicy(&(0x7f0000000240), &(0x7f0000000280), 0xfffffffffffff801, &(0x7f00007cb000/0x3000)=nil, 0x1) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x0) syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x5, 0x0, r2, &(0x7f0000000100)={0x40000000}, r3, 0x1, 0x0, 0x1, {0x0, r7}}, 0x0) [ 1384.425843][ T9856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1384.433816][ T9856] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:24 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = eventfd2(0x151, 0x800) fcntl$setown(r2, 0x8, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f0000000040)=""/107, 0x6b}], 0x2, 0x10000, 0x7f) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:24 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000240)=@rxrpc=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e20, 0x6, @private1, 0x6}}, 0x0, 0x0, 0x1, {0x0, r6}}, 0x26dc) r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0), 0x400000, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x1, 0x2004, @fd=r8, 0x2, 0x0, 0x0, 0x0, 0x1, {0x2}}, 0x0) dup3(r7, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:24 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getdents(r1, &(0x7f0000000040)=""/137, 0x89) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r2 = syz_mount_image$nfs4(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x200, 0x1, &(0x7f0000000240)=[{&(0x7f00000001c0)="745ec1e901d5508173d390f6b417eae0787f535a5506acbe82804f1b5c8974cafcba9472586ae81d8dea982f606acee6b28a66265daa8ddb314c2cdb60cd0be60a9aa6df32b25528ac6c6fdf6c096ee99908517a4a2729da06d17aa7709179b493e7428857e2c26e920692c5c7f53116e4e9", 0x72, 0xff}], 0x0, &(0x7f0000000280)={[{'!*(.}.#$:('}], [{@fowner_lt={'fowner<', 0xffffffffffffffff}}]}) name_to_handle_at(r2, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@GFS2_SMALL_FH_SIZE={0x10, 0x4, {0x120, 0x6, 0x345, 0x80000001}}, &(0x7f0000000340), 0x1000) 03:59:24 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x1e}, 0x1) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:24 executing program 0 (fault-call:7 fault-nth:35): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1384.661955][ T9898] loop3: detected capacity change from 0 to 1 [ 1384.671436][ T9898] nfs4: Unknown parameter '!*(.}.#$:(' [ 1384.758180][ T9910] FAULT_INJECTION: forcing a failure. [ 1384.758180][ T9910] name failslab, interval 1, probability 0, space 0, times 0 [ 1384.770841][ T9910] CPU: 0 PID: 9910 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1384.779519][ T9910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1384.789569][ T9910] Call Trace: [ 1384.792931][ T9910] dump_stack+0x137/0x19d [ 1384.797257][ T9910] should_fail+0x23c/0x250 [ 1384.801704][ T9910] __should_failslab+0x81/0x90 [ 1384.806472][ T9910] ? io_issue_sqe+0x418f/0x6080 [ 1384.811316][ T9910] should_failslab+0x5/0x20 [ 1384.815819][ T9910] __kmalloc+0x66/0x360 [ 1384.819971][ T9910] ? rw_verify_area+0x136/0x250 [ 1384.824818][ T9910] io_issue_sqe+0x418f/0x6080 [ 1384.829511][ T9910] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1384.834886][ T9910] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1384.840756][ T9910] ? __io_queue_proc+0x99/0x260 [ 1384.845610][ T9910] ? vga_arb_write+0x17d0/0x17d0 [ 1384.850552][ T9910] ? io_async_queue_proc+0x3f/0x50 [ 1384.855691][ T9910] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1384.861062][ T9910] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1384.866878][ T9910] ? try_to_wake_up+0x353/0x470 [ 1384.871736][ T9910] ? io_wqe_enqueue+0x457/0x4d0 [ 1384.876648][ T9910] ? io_wq_enqueue+0x3a/0x40 [ 1384.881236][ T9910] ? io_queue_async_work+0x18d/0x230 [ 1384.886588][ T9910] __io_queue_sqe+0xe9/0x3a0 [ 1384.891172][ T9910] io_queue_sqe+0x6d/0x160 [ 1384.895585][ T9910] io_submit_sqe+0x15c7/0x30c0 [ 1384.900465][ T9910] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1384.905923][ T9910] io_submit_sqes+0x61f/0xaf0 [ 1384.910631][ T9910] __se_sys_io_uring_enter+0x217/0xb20 [ 1384.916169][ T9910] ? fput+0x2d/0x130 [ 1384.920072][ T9910] __x64_sys_io_uring_enter+0x74/0x80 [ 1384.925496][ T9910] do_syscall_64+0x34/0x50 [ 1384.929912][ T9910] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1384.935810][ T9910] RIP: 0033:0x4665f9 03:59:25 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x100000, 0x0) r1 = syz_io_uring_setup(0x6026, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x400000, 0x36a, 0x0, r0}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r1, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:25 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x1, 0xa0) semtimedop(r1, &(0x7f0000000140)=[{0x4, 0x2, 0x1000}, {0x4, 0xff1a, 0x800}], 0x2, &(0x7f0000000180)={0x0, 0x3938700}) semctl$GETPID(0xffffffffffffffff, 0x1, 0xb, &(0x7f0000000040)=""/123) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r2 = semget(0x2, 0x0, 0x100) semop(r2, &(0x7f00000000c0)=[{0x2, 0x7ff, 0x1000}, {0x0, 0xc20, 0x1800}, {0x2, 0x3ff, 0x1000}], 0x3) [ 1384.939698][ T9910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1384.959305][ T9910] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1384.967745][ T9910] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1384.975708][ T9910] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1384.983687][ T9910] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1384.991669][ T9910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1384.999631][ T9910] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:25 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = accept$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000001c0)=0x1c) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_FALLOCATE={0x11, 0x2, 0x0, @fd=r3, 0x400, 0x0, 0xbfda, 0x0, 0x1, {0x0, r4}}, 0x3f) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:25 executing program 1: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x0, 0x0) semop(r1, &(0x7f00000000c0)=[{0x2, 0x8080}, {0x0, 0x4008}], 0x2) semctl$SEM_STAT_ANY(0xffffffffffffffff, 0x3, 0x14, &(0x7f0000000000)=""/8) r2 = semget$private(0x0, 0x2, 0x44a) semop(r2, &(0x7f0000000080)=[{0x2, 0x3f}, {0x3, 0xfff9, 0x1800}, {0x0, 0x7}, {0x4, 0x683c, 0x800}, {0x4, 0x6, 0x1800}, {0x0, 0x2, 0x1000}, {0x2, 0x8, 0x1000}], 0x7) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:25 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x3, 0x2, 0x1800}, {0x4, 0x5de}], 0x2) semctl$GETNCNT(r0, 0x3, 0xe, &(0x7f0000000140)=""/4096) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:25 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {0x0, 0x4000}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:25 executing program 1: r0 = semget$private(0x0, 0x2, 0x0) semop(r0, &(0x7f0000000040), 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r1, 0x4, 0xf, &(0x7f0000000000)=""/51) r2 = semget(0x3, 0x2, 0x20c) semtimedop(r2, &(0x7f0000000080)=[{0x3, 0x81, 0x800}, {0x4, 0x4, 0x800}, {0x3, 0x4, 0x1800}, {0x4, 0xfffc, 0x1800}, {0x1, 0x5}, {0x2, 0x8, 0x1000}, {0x3, 0xf19, 0x1800}, {0x0, 0x8000}], 0x8, &(0x7f00000000c0)) 03:59:25 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/5, 0x5}, {&(0x7f0000000080)=""/76, 0x4c}, {&(0x7f00000001c0)=""/182, 0xb6}], 0x3, 0x100, 0xfffffffa) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000007001b080000006d"], 0x78) 03:59:25 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$SEM_INFO(r0, 0x0, 0x13, &(0x7f0000000140)=""/234) [ 1385.440338][ T9971] loop3: detected capacity change from 0 to 1 [ 1385.446645][ T9971] nfs4: Unknown parameter '!*(.}.#$:(' 03:59:25 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1fc}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x3, 0x0, 0x0, 0x3, &(0x7f0000000380)=[r3], 0x1}, 0x6) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r5 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r5, 0x5436, 0xfda7, 0x3, &(0x7f0000000300)={[0x161]}, 0x8) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0xa, 0x0, r4) write$vga_arbiter(r3, &(0x7f0000000280)=@unlock_all, 0xb) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x24601, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x800, 0x1) io_uring_enter(r8, 0xc42, 0xb600, 0x2, &(0x7f0000000240)={[0x4]}, 0x8) dup2(r7, r3) 03:59:25 executing program 0 (fault-call:7 fault-nth:36): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:25 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x6) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/44, 0x2c}], 0x1, 0xd9f, 0x81) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008f009000009000000000000080000006d"], 0x78) 03:59:25 executing program 1: semop(0xffffffffffffffff, &(0x7f0000000040)=[{0x3, 0x1f}, {0x1, 0x7, 0x1800}, {0x2, 0x4, 0x1800}, {0x4}, {0x4, 0x81, 0x3000}, {0x2, 0x2a, 0x1800}, {0x2, 0x7420, 0x800}], 0x7) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget(0x1, 0x4, 0x501) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000080)=""/112) r1 = semget(0x3, 0x2, 0x84) semop(r1, &(0x7f0000000000)=[{0x3, 0x800, 0x800}, {0x0, 0x200, 0x800}, {0x4, 0x5, 0x1000}, {0x0, 0x200, 0x800}], 0x4) semctl$IPC_RMID(r0, 0x0, 0x0) [ 1385.550462][ T9988] FAULT_INJECTION: forcing a failure. [ 1385.550462][ T9988] name failslab, interval 1, probability 0, space 0, times 0 [ 1385.563123][ T9988] CPU: 1 PID: 9988 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1385.571810][ T9988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1385.581889][ T9988] Call Trace: [ 1385.585163][ T9988] dump_stack+0x137/0x19d [ 1385.589488][ T9988] should_fail+0x23c/0x250 [ 1385.593905][ T9988] __should_failslab+0x81/0x90 [ 1385.598716][ T9988] ? io_arm_poll_handler+0x15e/0x420 [ 1385.604005][ T9988] should_failslab+0x5/0x20 [ 1385.608523][ T9988] kmem_cache_alloc_trace+0x49/0x320 [ 1385.613826][ T9988] io_arm_poll_handler+0x15e/0x420 [ 1385.619006][ T9988] ? io_wq_enqueue+0x3a/0x40 [ 1385.623584][ T9988] ? io_queue_async_work+0x18d/0x230 [ 1385.628924][ T9988] __io_queue_sqe+0x133/0x3a0 [ 1385.633663][ T9988] io_queue_sqe+0x6d/0x160 [ 1385.638138][ T9988] io_submit_sqe+0x15c7/0x30c0 [ 1385.642887][ T9988] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1385.648335][ T9988] io_submit_sqes+0x61f/0xaf0 [ 1385.653045][ T9988] __se_sys_io_uring_enter+0x217/0xb20 [ 1385.658496][ T9988] ? fput+0x2d/0x130 [ 1385.662471][ T9988] __x64_sys_io_uring_enter+0x74/0x80 [ 1385.667838][ T9988] do_syscall_64+0x34/0x50 [ 1385.672259][ T9988] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1385.678210][ T9988] RIP: 0033:0x4665f9 03:59:25 executing program 2: r0 = semget$private(0x0, 0x1, 0x49e) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) r1 = semget$private(0x0, 0x7, 0x0) r2 = semget(0x2, 0x2, 0x38) semop(r2, &(0x7f0000000080)=[{0x4, 0x80, 0x3800}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r1, &(0x7f00000000c0)=[{0x2, 0x920, 0x800}, {0x0, 0x7fff}, {0x5, 0x5, 0x1800}], 0x3, 0x0) r3 = semget(0x0, 0x1, 0x162) semctl$GETVAL(r3, 0x1, 0xc, &(0x7f0000000180)=""/116) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000140)=[{0x0, 0x80}, {}, {0x2, 0x9}, {0x1, 0x9, 0x1400}], 0x4) r5 = semget$private(0x0, 0x4, 0x333) semop(r5, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r5, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r3, 0x0, 0x0) semtimedop(r5, &(0x7f0000000100)=[{0x4, 0x7ffd}], 0x1, 0x0) semop(r4, &(0x7f0000000040)=[{0x4, 0x9}, {0x2, 0x8, 0x800}, {0x3, 0x8, 0x1000}], 0x3) [ 1385.682163][ T9988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1385.701791][ T9988] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1385.710213][ T9988] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1385.718229][ T9988] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1385.726197][ T9988] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1385.726209][ T9988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1385.726219][ T9988] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:26 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000080), 0x100000000, 0x20000) sendmsg$NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xcc, 0x0, 0x0, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}, @NL80211_ATTR_WIPHY_TXQ_PARAMS={0x3c, 0x25, 0x0, 0x1, [@NL80211_TXQ_ATTR_CWMIN={0x6, 0x3, 0x2}, @NL80211_TXQ_ATTR_TXOP={0x6, 0x2, 0x200}, @NL80211_TXQ_ATTR_CWMAX={0x6, 0x4, 0x85}, @NL80211_TXQ_ATTR_CWMAX={0x6, 0x4, 0x8}, @NL80211_TXQ_ATTR_TXOP={0x6, 0x2, 0x3ff}, @NL80211_TXQ_ATTR_CWMIN={0x6, 0x3, 0x5}, @NL80211_TXQ_ATTR_QUEUE={0x5, 0x1, 0x4}]}, @NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x8}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0xffff}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0xffffffe1}, @NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0x40}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x8}, @NL80211_ATTR_WIPHY_TXQ_PARAMS={0x44, 0x25, 0x0, 0x1, [@NL80211_TXQ_ATTR_CWMIN={0x6, 0x3, 0x6}, @NL80211_TXQ_ATTR_AIFS={0x5, 0x5, 0x20}, @NL80211_TXQ_ATTR_CWMIN={0x6, 0x3, 0xe6cd}, @NL80211_TXQ_ATTR_CWMAX={0x6, 0x4, 0x8001}, @NL80211_TXQ_ATTR_QUEUE={0x5, 0x1, 0x7f}, @NL80211_TXQ_ATTR_TXOP={0x6}, @NL80211_TXQ_ATTR_AIFS={0x5, 0x5, 0xe8}, @NL80211_TXQ_ATTR_TXOP={0x6}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x800}, 0x80) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r2, &(0x7f00000002c0)=[{0x3, 0x8000, 0x1000}, {0x2, 0x5, 0x1000}, {0x2, 0x8, 0x1800}, {0x3, 0x2, 0x1000}, {0x1, 0xfff, 0x1000}, {0x7dd7f1ef39e527b9, 0x3ff, 0x1000}, {0x4, 0x4, 0x800}, {0x4, 0x47, 0x3000}, {0x0, 0x7, 0x1000}], 0x9, &(0x7f0000000300)={0x0, 0x989680}) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000000)=[{0x0, 0x88, 0x800}, {0x2, 0x100}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:26 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) 03:59:26 executing program 0 (fault-call:7 fault-nth:37): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:26 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x2, 0xffff, 0x800}, {0x4, 0x8001, 0x1000}, {0x5, 0x8, 0x1800}, {0x4, 0x7f, 0x800}, {0x4, 0x1, 0x800}, {0x3, 0x3, 0x1000}, {0x1}, {0x1, 0x2, 0x1800}, {0x3, 0x100, 0x800}], 0x9) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1386.058221][T10034] FAULT_INJECTION: forcing a failure. [ 1386.058221][T10034] name failslab, interval 1, probability 0, space 0, times 0 [ 1386.070873][T10034] CPU: 1 PID: 10034 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1386.079771][T10034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1386.089830][T10034] Call Trace: [ 1386.093115][T10034] dump_stack+0x137/0x19d [ 1386.097457][T10034] should_fail+0x23c/0x250 [ 1386.101876][T10034] __should_failslab+0x81/0x90 [ 1386.106652][T10034] ? io_issue_sqe+0x418f/0x6080 [ 1386.111567][T10034] should_failslab+0x5/0x20 [ 1386.116104][T10034] __kmalloc+0x66/0x360 [ 1386.120474][T10034] ? rw_verify_area+0x136/0x250 [ 1386.125394][T10034] io_issue_sqe+0x418f/0x6080 [ 1386.130084][T10034] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1386.135468][T10034] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1386.141285][T10034] ? __io_queue_proc+0x99/0x260 [ 1386.146143][T10034] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1386.151728][T10034] ? __raw_callee_save___pv_queued_spin_unlock_slowpath+0x20/0x20 [ 1386.159604][T10034] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1386.164987][T10034] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1386.170828][T10034] ? try_to_wake_up+0x353/0x470 [ 1386.175770][T10034] ? io_wqe_enqueue+0x457/0x4d0 [ 1386.180745][T10034] ? io_wq_enqueue+0x3a/0x40 [ 1386.185380][T10034] ? io_queue_async_work+0x18d/0x230 [ 1386.190656][T10034] __io_queue_sqe+0xe9/0x3a0 [ 1386.195250][T10034] io_queue_sqe+0x6d/0x160 [ 1386.199680][T10034] io_submit_sqe+0x15c7/0x30c0 [ 1386.204503][T10034] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1386.209968][T10034] io_submit_sqes+0x61f/0xaf0 [ 1386.214656][T10034] __se_sys_io_uring_enter+0x217/0xb20 [ 1386.220135][T10034] ? fput+0x2d/0x130 [ 1386.224029][T10034] __x64_sys_io_uring_enter+0x74/0x80 [ 1386.229421][T10034] do_syscall_64+0x34/0x50 [ 1386.233853][T10034] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1386.240025][T10034] RIP: 0033:0x4665f9 [ 1386.243911][T10034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.263651][T10034] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1386.272146][T10034] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1386.280178][T10034] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1386.288188][T10034] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.296274][T10034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:26 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x1, 0x80, 0x2000}, {}], 0x2) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000140)=[{0x0, 0x80}, {}, {0x1, 0x8001, 0x800}, {0x4, 0x200, 0xc00}], 0x4) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x1, 0x7fff}], 0x1, 0x0) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0xb7e, 0x1000}, {0x4, 0x2}], 0x2, 0x0) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r4, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semget(0x2, 0x3, 0x80) semctl$IPC_RMID(0xffffffffffffffff, 0x0, 0x0) semctl$GETZCNT(0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000080)=""/94) semctl$IPC_RMID(0xffffffffffffffff, 0x0, 0x0) 03:59:26 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) [ 1386.304267][T10034] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:26 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8, 0x10010, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000004009000000000000080000006d"], 0x78) 03:59:26 executing program 0 (fault-call:7 fault-nth:38): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1386.577437][T10067] FAULT_INJECTION: forcing a failure. [ 1386.577437][T10067] name failslab, interval 1, probability 0, space 0, times 0 [ 1386.590114][T10067] CPU: 0 PID: 10067 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1386.598877][T10067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1386.609052][T10067] Call Trace: [ 1386.612357][T10067] dump_stack+0x137/0x19d [ 1386.616688][T10067] should_fail+0x23c/0x250 [ 1386.621102][T10067] __should_failslab+0x81/0x90 03:59:26 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_setup(0x54a3, &(0x7f0000000240)={0x0, 0x3da0, 0x20, 0x3, 0x332, 0x0, r0}, &(0x7f0000ee7000/0xe000)=nil, &(0x7f0000ee9000/0x4000)=nil, &(0x7f00000002c0), &(0x7f0000000300)=0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) syz_io_uring_submit(r1, r3, &(0x7f00000003c0)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x4, &(0x7f0000000380)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0xfffffffa) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100), 0x10100, 0x0) write$vga_arbiter(r6, &(0x7f00000001c0)=@other={'decodes', ' ', 'io'}, 0xb) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r7 = open(&(0x7f0000000400)='./file0\x00', 0x20000, 0x46) io_uring_register$IORING_REGISTER_EVENTFD(r7, 0x4, &(0x7f0000000440), 0x1) [ 1386.625863][T10067] ? io_arm_poll_handler+0x15e/0x420 [ 1386.631153][T10067] should_failslab+0x5/0x20 [ 1386.635665][T10067] kmem_cache_alloc_trace+0x49/0x320 [ 1386.641022][T10067] io_arm_poll_handler+0x15e/0x420 [ 1386.646159][T10067] ? io_wq_enqueue+0x3a/0x40 [ 1386.650747][T10067] ? io_queue_async_work+0x18d/0x230 [ 1386.656101][T10067] __io_queue_sqe+0x133/0x3a0 [ 1386.660865][T10067] io_queue_sqe+0x6d/0x160 [ 1386.665300][T10067] io_submit_sqe+0x15c7/0x30c0 [ 1386.670083][T10067] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1386.675568][T10067] io_submit_sqes+0x61f/0xaf0 [ 1386.680292][T10067] __se_sys_io_uring_enter+0x217/0xb20 [ 1386.685751][T10067] ? fput+0x2d/0x130 [ 1386.689719][T10067] __x64_sys_io_uring_enter+0x74/0x80 [ 1386.695088][T10067] do_syscall_64+0x34/0x50 [ 1386.699557][T10067] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1386.705462][T10067] RIP: 0033:0x4665f9 03:59:27 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000080)=[{0x1, 0x9}, {0x3, 0x80, 0x1800}, {0x1, 0x4, 0x1000}, {0x0, 0x5, 0x1000}, {0x1, 0x81, 0x1000}, {0x6, 0x7, 0x1800}, {0x4, 0x7fff, 0x1000}], 0x7) semop(r0, &(0x7f0000000000)=[{0x4, 0x80, 0x800}, {0x1, 0xfffb}], 0x2) semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x4, 0x1800}, {0x0, 0xfff9, 0x1800}, {0x2, 0x8, 0x1000}, {0x4, 0xf70c, 0x1800}, {0x2, 0xe90}], 0x5, 0x0) 03:59:27 executing program 4: setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, &(0x7f0000000100)=0x6, 0x4) r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1386.709437][T10067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.729046][T10067] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1386.737552][T10067] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1386.745522][T10067] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1386.753500][T10067] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.761494][T10067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1386.769518][T10067] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:27 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$int_in(r3, 0x5421, &(0x7f0000000000)=0x7) listen(r3, 0x0) accept4(r3, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:27 executing program 0 (fault-call:7 fault-nth:39): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:27 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r0, 0x1, 0xf, &(0x7f0000000080)=""/247) [ 1387.150909][T10114] FAULT_INJECTION: forcing a failure. [ 1387.150909][T10114] name failslab, interval 1, probability 0, space 0, times 0 [ 1387.163672][T10114] CPU: 1 PID: 10114 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1387.172498][T10114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1387.182611][T10114] Call Trace: [ 1387.185888][T10114] dump_stack+0x137/0x19d [ 1387.190305][T10114] should_fail+0x23c/0x250 [ 1387.194721][T10114] __should_failslab+0x81/0x90 [ 1387.199470][T10114] ? io_issue_sqe+0x418f/0x6080 [ 1387.204464][T10114] should_failslab+0x5/0x20 [ 1387.208973][T10114] __kmalloc+0x66/0x360 [ 1387.213126][T10114] ? rw_verify_area+0x136/0x250 [ 1387.218049][T10114] io_issue_sqe+0x418f/0x6080 [ 1387.222752][T10114] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1387.228126][T10114] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1387.233936][T10114] ? __io_queue_proc+0x99/0x260 [ 1387.238921][T10114] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1387.244731][T10114] ? vga_arb_write+0x17d0/0x17d0 03:59:27 executing program 4: fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000100)) r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1387.249673][T10114] ? io_async_queue_proc+0x3f/0x50 [ 1387.254848][T10114] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1387.260219][T10114] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1387.266191][T10114] ? try_to_wake_up+0x353/0x470 [ 1387.271040][T10114] ? io_wqe_enqueue+0x457/0x4d0 [ 1387.275882][T10114] ? io_wq_enqueue+0x3a/0x40 [ 1387.280465][T10114] ? io_queue_async_work+0x18d/0x230 [ 1387.285751][T10114] __io_queue_sqe+0xe9/0x3a0 [ 1387.290370][T10114] io_queue_sqe+0x6d/0x160 [ 1387.294794][T10114] io_submit_sqe+0x15c7/0x30c0 03:59:27 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x87643000) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) r2 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r2, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r3}) sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x4c, r1, 0x800, 0x70bd2d, 0x25dfdbfb, {}, [@HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc080) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$int_out(r7, 0x5460, &(0x7f0000000280)) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r6, 0x0) r8 = accept$inet(r6, &(0x7f0000000040)={0x2, 0x0, @private}, &(0x7f0000000080)=0x5d) ioctl$FITHAW(r8, 0xc0045878) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r5, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:27 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) mq_timedsend(r0, &(0x7f0000000000)="b43b71caa216af45e13193aefe3f40d846f5423472cb28177e626f4a7a5ad15a74561cea42ba1a5f8e59a657813b3d853591", 0x32, 0x1, &(0x7f00000000c0)={r1, r2+10000000}) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1387.299551][T10114] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1387.305010][T10114] io_submit_sqes+0x61f/0xaf0 [ 1387.309697][T10114] __se_sys_io_uring_enter+0x217/0xb20 [ 1387.309722][T10114] ? fput+0x2d/0x130 [ 1387.309740][T10114] __x64_sys_io_uring_enter+0x74/0x80 [ 1387.309759][T10114] do_syscall_64+0x34/0x50 [ 1387.309781][T10114] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1387.309882][T10114] RIP: 0033:0x4665f9 [ 1387.309894][T10114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1387.309908][T10114] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1387.309924][T10114] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1387.309934][T10114] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1387.309945][T10114] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1387.309956][T10114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:27 executing program 1: semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0x0, &(0x7f0000000180)=[{0x0, 0x9}, {0x1, 0x81, 0x1000}, {0x4, 0x7, 0x1000}], 0x3) r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x1, 0x1) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {0x4}], 0x2) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f00000001c0)=""/73) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x800, 0x1000}, {0x2, 0x2, 0x1800}, {0x2, 0xa67}], 0x3, &(0x7f0000000040)={0x77359400}) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000080)=""/247) [ 1387.309968][T10114] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:27 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x410000, 0x102) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b3938000008000000f708000000000000080000006dc78aabfec38a6868245cffc6b86945bcd56fc9e4ea1ae1da2876526ca88d631df51861c9bd08d2f4bc1ac87e7cb00fcea6dcc9d7402275b15ca578ca3c663e5b6e74d8b6d4e2be6f5886f42b723bf67706f52ca4af9ba460619ecc159140515cf5dab3374a5457bc244a27910c38f79afb95d59e1455408bb43f977ec280ab959d460df06d2c0de6d855e8ff33eb0674bfc0d5590ade072b045adc9127a9889190584b1318949ed6dcbd13"], 0x78) 03:59:27 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b00001b080000004d0000000000a91d0000000000000000"], 0x78) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$sndseq(r2, &(0x7f0000000040)=[{0x0, 0x7f, 0x1c, 0x5, @tick=0x3fc0, {0x2, 0x2}, {0xbb, 0xfa}, @raw8={"6bafab7d85489817ccd65429"}}, {0x9, 0x81, 0x3, 0x2, @tick=0x7a5, {0x80, 0x6}, {0x7, 0x81}, @raw8={"855d40820374baa559c6e722"}}], 0x38) 03:59:27 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x6]) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r0, 0x0, 0xf, &(0x7f0000000080)=""/49) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:27 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x24000, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x5, 0x0, 0x0, 0x5, 0xe, 0x1, {0x0, 0x0, r5}}, 0xb) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) open(&(0x7f0000000380)='./file0\x00', 0x280480, 0x49) r7 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', &(0x7f00000003c0)=""/108, 0x6c) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r7, 0x0) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:28 executing program 1: semop(0x0, &(0x7f0000000040), 0x0) semop(0xffffffffffffffff, &(0x7f0000000080)=[{0x0, 0x7ff, 0x2800}, {0x0, 0x9}], 0x2) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x2, 0x5, 0x1800}, {0x1, 0x3, 0x800}], 0x2) r0 = semget$private(0x0, 0x0, 0x400) semop(r0, &(0x7f0000000040)=[{0x1, 0x1}], 0x1) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:28 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:28 executing program 0 (fault-call:7 fault-nth:40): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x2, 0x0, &(0x7f0000000300), 0x1a8090, &(0x7f0000000380)) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget(0x1, 0x153b18c56f018cc5, 0x201) semop(r0, &(0x7f00000000c0)=[{0x1, 0xfff9, 0x1000}, {0x3, 0x4}], 0x2) 03:59:28 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0xffffffffffffffff, 0x0, 0x0) semop(0x0, &(0x7f0000000000)=[{0x4, 0x8}, {0x3, 0x7, 0x400}, {0x1, 0x40, 0x1000}], 0x3) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1387.924699][T10184] FAULT_INJECTION: forcing a failure. [ 1387.924699][T10184] name failslab, interval 1, probability 0, space 0, times 0 [ 1387.937445][T10184] CPU: 0 PID: 10184 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1387.946239][T10184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1387.956283][T10184] Call Trace: [ 1387.959553][T10184] dump_stack+0x137/0x19d [ 1387.963874][T10184] should_fail+0x23c/0x250 [ 1387.968296][T10184] __should_failslab+0x81/0x90 [ 1387.973057][T10184] ? io_arm_poll_handler+0x15e/0x420 [ 1387.978339][T10184] should_failslab+0x5/0x20 [ 1387.982850][T10184] kmem_cache_alloc_trace+0x49/0x320 [ 1387.988133][T10184] io_arm_poll_handler+0x15e/0x420 [ 1387.993251][T10184] ? io_wq_enqueue+0x3a/0x40 [ 1387.997866][T10184] ? io_queue_async_work+0x18d/0x230 [ 1388.003153][T10184] __io_queue_sqe+0x133/0x3a0 [ 1388.007833][T10184] io_queue_sqe+0x6d/0x160 [ 1388.012317][T10184] io_submit_sqe+0x15c7/0x30c0 [ 1388.017159][T10184] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1388.022633][T10184] io_submit_sqes+0x61f/0xaf0 [ 1388.027321][T10184] __se_sys_io_uring_enter+0x217/0xb20 [ 1388.032847][T10184] ? fput+0x2d/0x130 [ 1388.036757][T10184] __x64_sys_io_uring_enter+0x74/0x80 [ 1388.042182][T10184] do_syscall_64+0x34/0x50 [ 1388.046627][T10184] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1388.052640][T10184] RIP: 0033:0x4665f9 03:59:28 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) semtimedop(r0, &(0x7f0000000040)=[{0x1, 0x7, 0x1000}, {0x2, 0xffff, 0x800}, {0x4, 0x1}, {0x4, 0xff}, {0x3, 0x20, 0x1800}, {0x0, 0x2, 0x800}, {0x0, 0x77}, {0x4, 0x3f, 0x800}], 0x8, &(0x7f00000000c0)={r1, r2+60000000}) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x64, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) semop(r3, &(0x7f0000000140)=[{0x3, 0x1, 0x1000}, {0x4, 0xff80, 0x1000}, {0x2, 0x4, 0x1800}], 0x3) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r4, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r4, &(0x7f0000000180)=[{0x1, 0x60, 0x1000}], 0x1) [ 1388.056532][T10184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1388.076280][T10184] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1388.084708][T10184] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1388.092690][T10184] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1388.100698][T10184] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1388.108681][T10184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1388.116660][T10184] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:28 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x3, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:28 executing program 1: r0 = request_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='\x00', 0xfffffffffffffffd) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r1 = request_key(&(0x7f0000000200)='rxrpc_s\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)='syz', 0xfffffffffffffff8) request_key(&(0x7f00000002c0)='blacklist\x00', &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000340)='\x00', r0) request_key(&(0x7f0000000140)='.request_key_auth\x00', &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)=':()-)\x00', r1) semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0x0, &(0x7f0000000100)=[{0x2, 0x81, 0x1000}, {0x4, 0x1, 0x1000}], 0x2) 03:59:28 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x0, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:28 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:28 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$cgroup_devices(r0, &(0x7f0000000000)={'a', ' *:* ', 'rm\x00'}, 0x9) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080), 0x10) 03:59:28 executing program 4: syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r0 = syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r5 = syz_io_uring_setup(0x5692, &(0x7f0000000000)={0x0, 0x7082, 0x0, 0x2, 0x12e}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r6, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000240)=@nfc_llcp={0x27, 0x1, 0x0, 0x2, 0x4, 0x3, "2f410fed86d6880df50bc79aa927b1995da6744bb9048e9f93049e4a765637f5840fafcf175864dd6e45df975d460d0686954391a6cb107341965c662bb691", 0x21}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x18000) r8 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r9 = perf_event_open(&(0x7f00000077c0)={0x2, 0x80, 0x2, 0x20, 0x5, 0x5, 0x0, 0x105, 0x20, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x40, 0x0, @perf_bp={&(0x7f0000007780)}, 0x400, 0xfffffffffffffff8, 0x8, 0x1, 0x81, 0x1, 0x3, 0x0, 0x5e, 0x0, 0x2}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0x2) r10 = fork() r11 = getpid() kcmp$KCMP_EPOLL_TFD(r10, r11, 0x7, 0xffffffffffffffff, 0x0) r12 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r13) sendmmsg$unix(r4, &(0x7f0000007900)=[{&(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f00000018c0)=[{&(0x7f0000000380)="aad85e019f544dd1a8871c82d87c3eb680fd343d474a77207450cd7393b3e4a64eb9689bb94ba1f12aa3be55063d20edea8e033ddd221b9b420377eb57105290d4b81f71558e61455b93abf7ccb5ec3793428b4f1382bef82b70d610871cbbb2503fabdb09de55c744cf749b85e5d6e21f4c638fe5d35319f233d1dcb753dda5b4252c4c174b64496457b5c87fa198ca637e483c7d940f10835dade5a5b557fafe1bf6ab39f705191e3e9e55f9ec8f5937b57db7d01da6bf35012ee2b21a7254b628180a165799e19776369a48cfa3980bee1ec8c511d887e873837b2bf8798eacf195b64a709945f290bdb02c2a598867b935ee3f9059cc0fd72c3c6cca01717eeb989619481d349a0dbd2d6a29f67737896229055eb4098db80cc553d26cfe70bfd408c647f07ce9db614666dddf3d4a5e8312dde442eed75481445536d8bd9643fcb13ac1cf6294ebec47a07eb99f205a4ea442b70081ee074b562730cfba72a9707de75b10a097bee842633c7edda808e08f0a9140873acbbe9ac8c8a8d2b15447fbbc0a9746d4f885a7fd1e3318209d04fe5b81fd3ff6f6b064c97be58feda623d6724acde4b8acbbd7ecca861a3f064c2771880866121982fdfe383450963234b708eb97e1e0b2542e5cdfbd4a130afbc59f6386dbf085fd0d2356c5af5fa59746795f6e7ffb332c8809cb8b7d2cf667ebee3ff5a9f4c1a815140a989e68fe177cfb4616ee10a17df84ddf0b97cee4164f2717a07d85a4b405f2f9378013ec6c0cae267ddd0139785f0d398073b1ef3712c059ae108da3fff070f4316219cb7968f5630f232706232666fa101c40179f35f65adb3891a1b365770fe963777e5cedf89088a9080b8923d265e750b7a7e6b8c75e7b84f164327bf548e2cc9711a499daac836a2af921c5d7e9b69261b492251ed8a6d9494ce4ddb84fae08d0400e598cbdc758d3a2ed7d19b6b379d279f636593042f9558fbc43f3a87dd659eae25506c74f4d3586b508e2d51a549dfac1198a5b048a15b28e0b813a84716f3f57131104adea33a64d7daebb21282da8e114db8870f2dda919d23d60c58a9923a2a1e2f35913e79316a102a463d054e5b5e799a2054cef3e832f13c034c1c0e6ef2da6c0f938f4bc3ffcd59691426f32b5311e87ae655184b4a35787c82d6446a681835a9fa0a14b532b1ac97d991c4fbab8f94e301ffb54428ff1676c8f07d9adb87d148e76464fcf1e8f6e8721eddaa8624cad99156115d0ddf63f63580f8bafadffb8da656052ab9958d5852c2b1a23817d1d9a5abeac3d76fcb0a64cd55e66cde7ed3a3ac43593855b71eecf631fe451118c3eb5601ef814ade870262243f6dd9169d1dab83dd1207f728625df3a7aece7464e8a19f4217ed08ba8cca9e4f57e2321a2d9829b598c29b552a40e743db3940e44a3e0e30b17f8944b0fcf507f545fa96d289e9981059cc47a0590e54b1429eb596b2d6a9115da37f5fa02889cbed33083e5ff436ce00ed00a48ccbcac8f902d9ceabdf2c962529a45f1e806792e918c06aa997e0dbe6ee305f424cc3294c1780394614a616836b368e59733cbb5fe103c40c0784d906ffcff3b731e28d5d01d92141afa55c217c6ef9a0d59e75688c98b9a4fd974dd1777b21547469e7007adc868085f431b8d8a389ff8a48319e58d41c260e1d3a4710ccce66475935d27c226ccdc789b0b9444d5664ebf0cdde1993547c0ea42cb7a943827cd09fbbd3b0deec23eeab9c768623f1d3784d355986ab179833abaf867871d0a803b0a1356cafbeb25667812dbd8be23e51dcec9705c671745cd6024cdac0e1d88c587d885a2a2c3b75bdc75ae1a9ad4f0733b51db79398ff2e37274ebf58b92f4c4a1271ad7ba99988d4fee1a9242798724cfbd933d17cf910a6f781d74c37399ca1b54b7017fe353b2514a1e346d9e18c66d15871b8bea2878ec630d9983bcca4d1a6457035c2c7f44a86050a3bec022624bcf95ca5586d05af72a58a9085eccc28b05dd362fdd1f047dcc64dfa4175bedc821caa64e6ab45c8b5ee50b2354eeb25c7c6715ac3c16a371c40bde9bd4c0122d1071b6386c1bab972a791b66c240f621588b7baf975d91c7380addec48b37db7fa7516724f15ea84119cee8e6b385b06507233c46f26c1b1b6a90ed4f368e708f1019004bf21b9ebd483caa72142c96fdf56af11c7363ee20d0d3dd231607ea21942567c5b01897b5ce735407a0e6a5f22972a045283146143ff94c13477ea43c549bcb13d35f11a79a36d3751edc5d764cbd7e1f8b39c22680d698393c4191e7afd252a1e7cd4b8ee0e9939fe8363db9700e187b954b98ec69b02948645670bed94dbe95b70ec24b7315aec8b7dcef1dbfc32b412799abc4ac59e9af16545f11c91e4e1c95c2cc2ecaf69d4c8e48d818a99cd3bafb415c5c1114ef0ba87b9685b8da4566db56333e0c00b190ff3e9e7fe2e03ca5367716eaef168b5731c274caa221716ff71d16edeb0bdf2338f51edbea83e7f7baf5905129cd58d860fbc74ebdeb3f52551f96522c376f53868fb4430b3275ce038bdc480195831f6e04fa651798cf7d2b178095ca24665a03a5b3cde273119bb45ba50e4be265277fee1c0f88c48a4878c3d0dc9ca1d9e427081fe998f44a7d6a3ad03f55161911c6fbc8f48c132ef26c614c0ef141b860b584bf1a31ca0e9e27959496608a96d2971beb4b61139707a9cc62d7abc2695894be78e25c54f7581e9bfda3f4a74d473b04d8c85191402461de813dabe881134bb819aa91d11c8347bad77e1211c07ec8f52a209a625b86328a179d25b950abb08a21dc05ee9d0d6b15dc484847fcc3b723eb87dc8848a9bad5e9bc657f9c78236a72c2ae152f43504ef9ed3be54d54e215772b865f6a833d83ab7eb1dc0297c396c39db018bf00cc8c3bd71005f4bb54b960cb5e6eb94788ccfe83d9c7f1b71ec02a831cc2823546378b1143a8f8e181df256b1f599802fa5caccedd24c928bd30532332b51b8ca493ef4b6d89e11062a7972ff2a9404c98f8f8287c0f982d4e6de9be6f8d3fa2565a822ce2de64de78afb6534fa99fbea6bf5b5319b48247c94d0e04ce1158cf48efe092d0e7e5b0c738eadd7e1768caa7304387ead82c5c13988b1585cfa0cb6e240512043411cd54ddafc98ce482f4409339b867a5b1a8b506ae9a3ea2dde0c1db76814d5ef1b50221390b29c474541c3d615f6de700a490a641ab5b07d97033669a86165f2ea2cc828c4be0ec21b5062c7dc4d3c921db9dca2e20c86a0a65d499dfcc8390e7ab135a1c7c68058f9a570fca37d7d1a6e3e9e32943bb9b03efbeafa7ed9a651f3379938acca48e2289426d25761d12dc21d6a0bb1fff075152f88abdc69c260d3a24747f011e621760ac3ae61b72dcdd77a026ea9252787743c86530f9bdff1ef63248c2f1472efa6ab9e6e04c41593868743c6da8c65135441a5bcd97358eec0235e54c96d94859c19319bc7d44badc0cb8d72283d1b894d305876fa8ae03f9f347dc8d0738b4b21d2caa330653cca4d75213f7d1938b72aa99e5399a330e8858b490421fadd5aa77ad34a32243b6a786737b039560211c92f009d165f6bb2e4ba9696e933cab2c3b5ec494367ea7626a6ad62d1e2cfd6f796fedaa8fd6a447fad0b7fab88313e03cffec270585e44c98354536126b0502faa03358127fd4955e17c57b05dbf434cec5a85c1d5d26dd429dec5638d1d3d182c84c4a515b6a67be475ddc316f599a9ee6a3f96f929ecdc0d0e8123f29cd62d3fcd80206216788322100f248f11bc00010c6e91ab1afa63db65ccbefc3d96430a244f833f53a3aba47a9a78d026e643f90b72a9abc0ea7993289188f4be4d4fe6572551a0735cb4ea45007152d11f52dcbfdafeba846313851319aec8468571867bec715d4c89b1d871867378b234a2959e538535ec5465195c2a50020f694f3578dd7841a29776ecf5e5881acc8fbc3c33391cc3e230741d4348ee462ed768a5f53d6a87a8064c7480a9faa02aff1b00ca9a60235985cfcf17f42296b60f4a208766d746477a94eb96e406fd6ef691f281182b5f9807926045970d60db5646825503e627c8bd999c51a384714f398e7bf36011e2a8d460588658ea4ab79cf6f28c6708cf07a49e12aed647a34b957c9d3c71fe9d7c85b62255a54add4050b8eafc8a4837fd0d32fc14129706df662b69dc7cb1546c16c116af2b9969453c16cba4e7db6c0c948cc1db19a26f1535581294b8dc7e6d4ad6b759ee2699d9465cd930cf75ddac73c63811422e21b8ec300ff580b086f0d211f59f4b13d88c0675475177c7dd24ac77c36e2598e588ac8280d140b1c3ee6363045e1d22a3a41abf14b32ec3fc038165f2e613bb79914faa324825a2a651f67b6eb3fec2335854a8b954643e900cde1119d439ef00f15d8a1e6bb98b12b0c0e1cc9ccf3a090f3725928f977897127cc228f62fcbd7139e0b32cb996ad19eee6447ff2385544846d08c559c5e7c2727816bd732e11b88bb6bf5b5fcbf6613d127f26610fdf8f47a407fd2bd99fbe6d2663279050309218c3c1270bd601ba5d23711c2779fb444f892af2e829167fbe8fa37f473418f02ee2a800a3ae10459e8a19b42fe0b3f4642742693b41af3f7f16de7c67d7d3755d9476848c27b90d80f4f2c04d03f6bb7fcf6555e78bf042a9c768b8f171b3abecfff81bafb2388c89d3f9f54f61a5632d792d9a623e0251fa24ea804d070f3c2f7f67feeb1e8475f1706780b95dc01ff03d6251eba83ee3002ceecf526767568faea470dd99a2ae571f86d44243cff69409302fbe4fa2ea927acd6b124ea0798cb7359cbac5b5ac886990570e575f9ae7b44016f352013d7ea62e4f1fac3af5363479a26b6c0b701f7f79960fac9972bd3dcf35c8c4207e0a8bdbed76c0d6bee866cc297fe1d31037832acca8766de60670e921556e428d83e6f89b446e9efeed273860f4065393b5b40818fdebdf92bf9e1b6e81309e9a8f7fa50728aa257d4c2e0b09791529678ad13c28d105bbd880dc343f390f9799e0a0c643e9bd71ed2e266d3d110cd2c1bebb326b628806176d59aa36895672f1d545f1ab8f765308c8bea279283a24e6ff65aa8962a6949391fd0274f648f95bb264f18bb3ab695ee3012cca6cf4174c141f76d3808ff027bdd423bbfd5b6bed65c356693dd0ac4abecc16542ada7e8920c2c0bf4d3c88e2158df27878fa85edc2d7980192c5f074958ae8d2612dc7209525815e3b42d1c04fc1d9bfe6447cd951211cbd250fabaf5b5f147ace79ef3c8c174598d12751ca31319fc5a10952faec6a129dc955e797c6c9ada2b802782173d866ead399b3136be5fc9236dbc8c61bdc718b370f945b497ef96b3a7791dbad0ea60606f8297d11541b26e318d3869dee08dc8901a7c49c420330153ab9e4cd61ccfdcde501b16659294556377c9141523a799f8b8834fa055a5de4a9ac018bff0a119c436ab7200b17edcac76993fdcde20261362bf23818719e9cbf567a50b5353e8faa66e91e585714565d46b1138cd87855442bed17a5ffc37e35e7f5b16fc8a5dad333d9c3ec6688822d2c78be0b430db64c78a8618d7ced870d70876e2a68515f62d5e0a1f7ecd47aa010c74d83f4d3c59299517ee442b74988f2c3f8d8055ef0f4f64fb88b7ed2ca615481b7598267e78190ee8176de5a8b66a5db648cc120f518f0df5c16d0a104c93ff6d7a21776871e9ef957e598680e425be83585627127c072519908a4b22f6af5ac5778ec1", 0x1000}, {&(0x7f0000001380)="701d3dd7d9b18b6290b19c8baa142f6f7be45856368ae57c84ddbb5fd015c5ce3fed8aeba1d4ba9db3255596b28557f1e37d30573eb8e83342b8130f632cbc1b0b6e53b1490f2e43ef46529f6b3081d1eacce7c47aa9e3459372b16f91efbf197850f7b857811292ef57c55e83af06b5b9936c1ec7929e127bd3ba31b481c3ddbfc8876558eb2a7042bee5894b5b44ae00a9574027336705922fc5fb62bfcc8b1c8e1deb249d881ec24e6c4677563b5ca4735a2a03002b56668974f41432f9d3fb50bcedfa9bd48ea75547808dfa46073b66c73ef5745115478b2f", 0xdb}, {&(0x7f00000001c0)="6e59d866a34e941cedbe9d51c690042c968dedecb31958ebc7b1bad1952329780d37fcda0ad83633c1e9781c3ad11bd3438b7e84363932e946ba105653c5", 0x3e}, {&(0x7f0000001480)="a8ece77e3382b6b26894c1642a0d0ab1f705fd4d540f0f9147fe70ec6e4a237f9da57b6cc70ae53205ed12a27470d2af53ec21af061f7a9d66acce26df67fc4bfe1baeed1bc5ce558291698e804b7040db2fdde28c0dbaf9dca7047a6cf87b678a055ae911fd122c5f2b3bc45c4a79b86e50c0", 0x73}, {&(0x7f0000001500)="0562c3b01e9c05af5ebd03d18231702af228cfab9e8219e45d653a1c01148e308a71f430fa1bf3cccb99f92e1fd25761e65eaab27c85ff51c2663670391624761d", 0x41}, {&(0x7f0000001580)="880a785bf1c1d18d543e9616654b5a8b2932b5dddb6ccd63f7e4", 0x1a}, {&(0x7f00000015c0)="1ef933769013cc5e552ca5dc30df8ef07af4f04851ea1338c771328592f804dd480a05edb4604f94ed527395f21be2e854a471582265d4b9cf809ead558944", 0x3f}, {&(0x7f0000001600)="d50ee3dc927ef3a08d8356d3d4f3344fcb57c61481c72ba5b63506b7e901958ccb65a16342deae1f712af989b7aadd2d184859d0f4966bc6e2740524a6ab4bd9604cc95f96113f7fc9bac98460c857ac01fc9b2df2506d4b0736b127c9e5456f173f4a27890694c4dca471c2156f48510902bd08363130a7d0b946ac1a0d37bb425d0d1408a376de8b14b96b0f431c604bf5599ea3d280528c9a3e9ae900f9da7e6dad398014a026fff79f6f10a08daf5a00", 0xb2}, {&(0x7f00000016c0)="a0a0c27be49465c97e6bde8950259475a967885b80e3090e1f5ee0479fbc086a08bafa9fff0634dfba47e07d653c661d0d0cc2c2ef738d93d86bf05f4c6d425b959b29b83ad4e79033fd9b2fa02108a34312a7e641fceaa6318de8049b9ee808290ce18c419daebe9ca5ee20607bf08c8eff287fc10d3deaabeb0da80636bd3785692da4a8642b72fd65ed846b0ec110673f57ae61a787db5914df9bc476d66a4809447d160ed993f210561dee6be65072ed12c773fdbc0cfceb3282b9b3bbfa385a81e58caa913cb2d6f52030e22504822f4b", 0xd3}, {&(0x7f00000017c0)="0c7b6f90c825d0de5984497ea6bb6ea0c726091fc365c662521a0b5c86ac75ac3bac1660251542caf8b23983f1e778fce17473643dcef705c1b490a47144ac55be57f14d177c0b6909f2dae483896f0f14937f138edb639389d30301e8197256681b3e65fa5d02648e2884447cfcd913e9aa0174867969c4c9331c66297df6d1ea4ddc8d88c56156ffe41010769fcbb39229c42ac05e95af6b465d55b1bdbd202b9f38909537724b8e28540031ad12ba121a33b5f0fa5d66865125d8ddc297c44613c7a2d646a6d0e37adfe7dd0504eaeb56250b", 0xd4}], 0xa, &(0x7f0000001ac0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r4]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [r3, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x14, 0x1, 0x1, [r8]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r4, 0xffffffffffffffff]}}], 0xd8, 0x4000001}, {&(0x7f0000001bc0)=@file={0x3, './file0\x00'}, 0x6e, &(0x7f0000001e00)=[{&(0x7f0000001c40)="1a95d5d2b3f312ef5d74a0c96e418856f4ae3d79e15912b4068e0a886373bb3c02cf8493ad183f373ae928ad46d723f7f714453860a18e659925f284337f5525180ffdfaf064d2d64f2b4b451433da3317fd765a9da46a64499952e4ca2cf388592554204444bdb7f38a726d4ced5d29a1ead5a758b272b7b17efe82a2a3d2b342c6e308a87c29894a477c533decf83c71564c8311d6d6", 0x97}, {&(0x7f0000001d00)="2517c0fffb57451515dbe15729a27f49fb8815f04e88a5e34eea54f9b2eb6dfa63a43be95f4fe52510194c4c5e8f41fdd69cf42475855ee38e58825ce55bb6854f60ff51349adcf786c659a8d01f03a0305672cfcfbbf3d6f27a0aa174b0325a8a5c40217b424f357c54150451f0465923b5609e49e59365beee513f0bc039c7c240dc7029de4fe72a39e5b27c05a5c368aced87627332b6ec5a45a781f8e5e2c0b34fcbcf3d94104c17f8e3bb112ca8c95941709f387871d461eabdc7fe32b75e163dacbf6b4a3b0a2ce21202b6a9946d0b18fdc2fcbefaf6495833cc628cddc4098e950448b65a6cb1e6f487440c", 0xef}], 0x2, 0x0, 0x0, 0x4000}, {&(0x7f0000001e40)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000003f40)=[{&(0x7f0000001ec0)}, {&(0x7f0000001f00)="e1c3aafc38dc8e3d51c2166aa0f126f0f26dacbdc1116793e90c230487fd3c5f63821d7588cd2f1a989da65aa91be1a9b8e720cfe47ef86fec94397b0826e2e52ed1d306adee8ea0f3e8c695bd430a108a002b7816863f5241e87813fb4d1d49048fd390ca10144f5a568b560bf5a7a4c467cbb669e52667552297888146a85544d10a74949d438a36f57c1e7b242775d1d42b16de8659a33c035a0ad14ec4976174aedc2dbadd23b07734b04861e61081731dc2b649ff8cd22d82cf10f507bacd4e438755fdac2572d381cc57c602b31988b5eb85f5c60944b31cd17ed439c5cb438ea361976b064bb58b0ae0b28dfc5cfb93cd527459206afea27096993c88fbf63bbaaad21b7de1c2b27a95f47ad341581e47a1a340d7d7a3a6e19693797f16468ef1027ec95b1e5c7a6ff1e426dd4a38297528fb84e199961f48fe7cce23709cefc84b0d0843b769e877680162543b7a55e5dc8457528f18008695b99b50269fdb0ccf4028be9c3d718e034ad5c22d527928897dfb8149bdfbc63f6a448cc9d4811803c87467642cbe8cadf6cc0638d2298dd179f8f91086567c70afbe046d579b84bfafa65d446c59ccdaa00ab86e53efb97ea16b107e3ad475d2c4a43546fdc733c6073945e5f5e3e26e59db9b1f8c3c94c760bde5ec35145d3d80a4519b44c19a9e02fa6bccad600959e0486b7bb89dd34be39050e90c68dad5b0ef210da9138cb10e8685c93458e4e035d1b4facf58267772d04e3540d8ef26545fc50e4b840059a359e96c44aebfde5990387a0c8fe624cfe05638e3650805f62ddc38b6e90f69af3f91ffd6ad63606e69c7643ae2ef0d79c47fb01dcc01be24454418e6778dc16ac1a915a683a078bba98dbdd35d9c1e37d312cbbf42f98b40a938454bc701f5b998931fef17a5e22014fd73e9a46696fb3861fc9ea8c7b290dbfad80cd8d77b5f19ebe2d61b13c07abf480498cfb10afe02e845bc80551af7ea0e4741e4bac992f1c5660991df6a7968699d11b43118ed6f8e677d7d642916ae1f6d2a01d0310bebf4db69548f8165f67625c65b9f21f7a6366f27b831581d77aae02a95ca8d280740c81ebdb13cbcc071942a6cc9d5b09a58b34b0468d9e8f09e033d57ad2323974321b60d30b62908794dc3370af620ad9e9d88162d94181f5b7b08aff17e8fd52c0bc4ed46ba93f289d8cc833c84c2cfaa8fa14643fc9df664bea0f48dc129f6a542639862f638f7869c362d19310242984cbc871a34f23bbfd34cc45f1be792f26e452e33deb11df3706ec0f0fc7a9a312a3e381522b044849963b2ef749f3fefcbe41610c915e417752df2b55bd3b2a904e35db1cc5bcae6e8e0a59ff132bd9e26b74b849fefba1861c1696e37c4143a8262d0d14aae06323e1e29b7f98d54d4ba25092b5af61de7f297b8d3492a04fc7b31e5c43f406963cec14b1a4fc854eaa3c9f392d262d6e5fecfe3136cf838857b9d938f75e1f2076e5c5e33d10ff57f4d962d72c2b4840f2b3fd21e0ee109847935144ab15a7ba4bd0e5ed50cf18c7a4cfd926f0ddc839b1419dbfad40ee0bf39749ec3f6aab50033eb58354a0a4898dfe8852779cd52f03317c66b0092772ce61a53bfb755fd06d2213787bd8bebaeddfb7c6674c42bb5cb6333e82efc3ecbd5d44e342a0b8e56a95a7e2a9f3c0b9908d7a299838b77a9be7c52c068381ef00c97e6d4340e5afdfdedbbb31f1c7cc74f8884d66d76e888b9457dc3d7c544895d68b0d6c44828ff6329c25e27d057332a9a07b2f25eab7a1ce285c0b331ef507362edbcbb35f1f5f4cb6e33336316e6d29744a63eff886efc9e72551951b09aa7231e0e8abc701d27e289aca65dbe9f8f0c7cfd09dd4b8f18238d7720419d5dfccbfa568971d4f13a2d0f042afad6e4edcdc596b0a7d1a16b18ae80cdb228fba1042eea8d858764c5a9e36922db4fa9ddf625db80b71b4a2b9fb52ee5e562fbe3e3505f0f696c552e8bc5ea8e97d698e3f34a09e8bfce4aca092b2ea76a2a8836f328107e9320a6be7b54b1780429498fc31b09c71c9567222d9702ed6fe79a3a4e1a9f367aef364ab20914e95ede6053a5f9dc0c2c95f7332a07ecb561b5c983d7a2b8c8a836bcd47da599ab6ab7b3ce8c9c8e88e13b996e2419bfd8c101827262af296336e245ddced1fa5ff221ba348973b6d2a04c6722e680c907e50c1bca2f48110109e5714ea13d6388d6efd751f2a7bdfd44d5d2de9051c171ba97400160ddc6ac101089ae41da87057415588305f6544da758c688f200582f2ef65115d39105d6190b9f62b633fd48219dcbc49597004c636b8533a9bc50625b61ca4771869abd72be8aa689d2873ddb64b091115612149379989400aad3cc971b4fcef73efc6463648c5929df381f33e47786c86236ed022f34c0997529c059c362bd2e8712b37d1dc8537b62e20c3508c683bf75936d886b234e101e09a7618ac47ba764b0310a3267186bb1c478a11092c4ff3d167df35d021f0766d495e9358c871dc1c6991638e5f4ec4eb9fce45a0a5914fc33b5dbe0a0c1308f39327ee22e521b5da8c52c9d4954de9aa0e684ac5ca34e06b588e9919fb7cc651528cd5f4d3f02c96b05264438fba1ef7991c9edc2da0913cf24588a2c6c34028db8f4c589bb70c1b1893e9d4d92f72633bb4515c9e85a79d0045f88073ed40c4c4ef9bb44eee2a321bdbd819268bd5563ad20faf0d6c36e90780801d7ad3401f3c8db38617b8b68e083e885b3c5a305d4cea27c091c948defa33504cfa507a9aceb472f857bb5b2f0bc7466f5dda30398050f03a158e30a07cacec7486808a948c76f30ecaad31e85fdd9de9aae13fbaca17df96db8c6b04c700055fd714399592fa22a4685ed10bbaa9e9a1c7d74b9dfd9be33c550a32689e32f7d5a138cee3b28e37e955874b432aea4112a53cb44799811df36d34bf76ad45b23d1745cca50019b4d30334506ce5dbea6651c5c65107fdf802ed9db91514d41bfb25c1561c83a934b5f258a337606079d68fb3d2e6180d9affa122f279351d6a5c03312c02d18c861dff9306c7bd9ead0d6a97b3894233ed00d3796a0a165928f6023b97fc61d4561fc50b48a1ba08891b01987bb0667de34bb6671e0b587dcaf0ea6c5fc3402c5f392dcad996408afd56685d804f2ce8812f41a12b6ff5327fa9a9e9af365f366d94a12df7ec77989596dd13b90e7232c20c2fd01e633197672729b58e7c744bdccc865f7c215b0d48dae26507bb88d131ab00fe824fdbed9d25ab6f39e79399d21f1f4d7b5da0600f7d0d6756efb7031aa0254ce0821bb1ac85f3b71d5ebda23d65add37fc297507c23b3c262043f1122d1230715c84c2bbc1c56d8331fbfab56c084b9aa22b688526b39eabce5dac959da57421bee851e7a75f988a7760e06207011570d7ecc0ee20fa9eceb3a7b1c524042dffe6f5646a8988a30f916062838b10100001a5c7a9cb8a011332108f0a073c056484ae732bb4fde41b1574fb2d67f02b282369f3252a4105ccf9b87a188edbed567d9ec390b7133b912453ec8acd01d6be3374bcd5ba6257f3fda186ee57b00e816ff6cf7b6006a1d32e59c35b8d9b4e66e16a1b9f2a3716a02db569c1c6e85df2e6664ab4a432b5cffd6600bc999566c2d8e07224ceb0feb98ca3893d3e7ad4ffde7fa9cd4860d980be366ba11d54d5735405fb99b47673371e7769d4918f208e846c29ca04347fd67f4fe61b59b3ff402d06225cd73e3a26620aba2d7abdac7223855ae6e0393f8ce6f7412b2af61928546d8c6311fb2add030f72bf99db4d0cdbab47e3bf9456691eb542fff6584a34cd43b30bd0a6e409201040e3b165eca1524fe6865c289f63dc6da4db6a2cc738da8ab51193af3b127d954dab277a1f53bc744099e55e54c5fa1281dbf7870b5ad156899467618f73264891bd980497775f99074b35dd1cd6ba1be6e7eaa865989c107f612c798e5dd99637f716f40d2e1b6947cbadd0fd13d52f7a5c53a396f757ef15201b290abac2cbef13b0b4a81cc12c086cbe6c4bf21f800a6388515952c65809023b1a9b6a67e1638b631a56bca66e7b6d0c4fcf5afe6334359df686e3a33441b6782a85fa8f0d6300cc689c243eebdff5b78e32d8a09ca8db1e6f94614c2a8552b7b7afae885728ec2d7fc5214a0f8755c34d6d00c9de33481977124a3550b30a1ffcbb76ac10c7701127c9a6b88fff75d13d2916041ac5adecfdff8ecdbad50d3afad36ec188034280df4d85202c715d702c3ab2735df855ad3ceaf63f7c636093832c086dacd8a5df2486f24f36c1131c0b7020d388cb1ccda805991c2643d2d637f14fe74a25ee23ef0ce947103b345f1195a3d1d5c39fe7421d30980f8e710db29df6cc4f47083841f914961a80cd3356bb2f0dae56bc148772dc907e02c2ce15604993a56e611496d2c94996d46908ddedc9c32b3cf126b1813726c20da5a523f0fc0f6824fa1efae96d49eee9e5e82efa82618fc9fd96332b7504b00faea6b547be7c29d9e755f36e73e1f5f7ceb290376de5f3f9454003f3192746a93ccc36848c7732b2c4d73a0597b65f1ab73f9ed33ac6922c20241167f6acdaecd7b30b648c21be48406a9870231427a0b6477a87ba6502b42e389908a2f3ad9083599b0a3ec2e51c9131fb48c6a2876023f4e9ec4abdafabcefe29595435034191b901149030146b7d81ba4a57e803ad9ffb769acdbd8b25901aeb28e773fd21cfe49a2312381f80ea190795d9a5d8a873cf627898084d2a3f90449bcb6b1fafe82ec2c9e1779e6beec1acfed17698c937a0ebec1b647a8d5909792e6fd9c9f701e3963ac760fb2353e534e09da16d8dba76a236c52c8ac5789eb5f1405c5f0e040ff3e8bc4e50a27ab23e4feda20d1ccd1bf1a7663e868d6138af4635cceaf833e84dfb9f4f487e5c6097bf9a87a2b3b68c9c9183f0ab674fbb5e1da9cbf81693e2c49962472a93f889c035a6e28cd0a365e6e40429c99967affffabc4d9979576df6280f128deee2adfdbb52b17a0253d1c79bd31cf62e360843457e1655927f1fb060995b8420bdf6c7cf11e4357812cfe31819abf6c2577b81491711be11e799cee45c56c0cda66f68704813e55a91fb1e4d977031742d2704fdd55508383bf7fb6ae544e1f30a641736ea012c33ccf39ee39d6942bb3996c6451bf8b96aa06f923ad4658a68b1481662767f14fd5712783a0b9c239a0a96026578ac30de9b6c149902157493fdb997c9875bdc2c415bca22f56aa50db702241be06ba4d0ebe37c3a3a0cade7a1f70b7890cba0540010d617beca8c39a50ee1cfe65c944858d97c98a1eb15a68649a4cb6797b5deffc1dc47faf21127292cb5353a56f13a7659ada5602e02b0ef5a1e72dcb245682ce8a4640e020bd32fe5a117e2985bb7cf8a55531305ceba06710edafcde310dd11df2ea262b87a444ce5ebe7cecd10c2c1e337039d7f3362cefeba55d3fb17458612189495e0aee063f770a64f6a469b42c055d107d8dc2a62870caa05cb62b2d24e4462795f0b0f133bd6b6bed42beedce072f14b2d5c03df3e11d2e1ea55865160a5ff7608b1a839c71fdd673a1e4e1f1368b722a1d0eb4112cdc0a5155a4adfde5aca1503fb42441546234a70bc45b0425ac9993d693ce6300f6917835dc71d6d0979fb59906f11a267b5159c3a237974b9d77baeddf1fdaef7e7054ea4fbffb1042c52bb08d453b3be527c7a5baedf2a998964b948bda687ca2d74873bf55680013e3e6bb64e99ea1533ec7aa795179e3", 0x1000}, {&(0x7f0000002f00)="816833c7a53b9e854c11436b1bd943bf6d1e76648fb7a6f4f4c5ef95b6553251bf802e040404a008bc74711202379902715ae62beaa8f3f7b908e14e8a309bd74dec9c04facabcdff9f73a7bc8d97906abc3cbea6eeee1f5ef354bdd847da1abb5aea6b803ce50a165558dd0e620da0a742c3bbe3cf82eec2f8df234fa66b5b82e3189ec0db911bbce32df003fcdfba39f4b35b80f01321289919ba967caf1834349183b773f6461dad8b8f9e7c216dc4f0f2a94a91cee4ae3d54b0311a4fd291d4b4f087c9cfa66561ab4b0d2573a9b54f876223f672ba13285bcd39413583abfae47dc04c24104f3e615b8149e033b594c8dfe835c0d7b185ea3d1a33b2091ce5c5cf516311edf1bab8a2791a20f3f90277715968b9833cda5ebc004bcc45865f3671b30f64e5bd2f386cbddb1474479e8ace33a3f5a914333cd1eb762669cb361b5049ec65b395fe5f186b39833a6aa7dd23d1bdd621796c88290cfdbde48c1b234dac46acc1303c0533ec8aba92950fa7d047680bb21ad9173c0411ff8cd41a11c26649a38e06188ef13be44c4c0a7347101f771b0b524825fe55d4f4a88664574a583af5ee83eb7b580f08e60e133347dd5a6e32ca720c7a6bf29fb75eb9c8c030bb2d83a94a349eb556208048943a0e7c00652109b4a380cea3b448258a9090aa2fe49b88045e083a17f366397eee3ef9c3f396a4cc94eeb3b64ae32dace27af8ef514d543588935746942f0ba97c0768370688be1815343d5c5085cfc1fb001669307e082838da1fb03c9e875e6aa2fa20058bdf316c0e6306473fddcd0535028851187cd51999bce329b4921009dff5758dd8d06b2b05fd4cb66efb50ede457879ba62af29da339d69139a4c663717c3916b5ec1d8f2550a93fbfc68a97efe8108178878951fa476f8da226a2827cd06cf5891f1e942d67944591c12ad43386ccbb350a9ad5ffe27bed756f64c322fe29464a54d1e8a953afd913a1690d9ec81a4f68492fdad988ce00306e918d74b4004e0c46a21967ee6bb17c132bacd8cf47a170edece2a384bb737e821a3dec119a4315c4211e18aea6c70b9a6e1061e67dba49b44248148d2fd7a8a82e9f9bc59aae45fb918a38c4618666b0d05e6c8f31f6bcfe1fc3603152d00a4b1f595d240cdbea812083f60350e5b03a7232e873365425cb1da2b78facf68ae56285e52d385938d9f2cf46b3e09532c177d5c92168876bca9b23cd8f077daa680dc85f3db0311ee3054149a375a2e6b0040ce5247bae0c731b45fbe32bbdb3f7650556138c063a9cbab633e5bd85e77d5cbde2c6bcd2a91f1d7dac98a1278ffc7907f8154492ecbe6712fefcd029d2017a9810cf44c6178a80d71c85ee6a6ba8b100ddd630160173223706ed9acd9d1478a34feafda3cc125f210aa3c2a80d868672cce83662acd33602d10969b02c04f67188445c902199afac7617a79cc52ecda5fdcc54b084bbb0ccb4172ce7365260eed046e31e578030203f9ee4f1defafaeeca6cf453007191a08203f5aaf584dba0038d189863fedf38be0e06c71f3f28b13cac76dd08e2500c566dca902427d7dd8ec47e85bd6e5286268d481fa0dc3d8f4df027e13583efcf5129ef9d4d7c530ddeb87e2e39371bdf5109e0143a452ab6f71539f78d4ddf19a8f23a6b9b810c9a17de74a4731fa64473171f7227f7773ca3584485a3044a236af94f0012e0ea5d5f7fa0eacddf5c1a5cd59e09de9864ec0459e60ab22519b637b5c5ae30f64090f8ee67b8ad8ad52c7e766b4ce43f96f573bcd086c2eaa68c98aef95479385aba0989a37b6d47a925f55ce6df1f90d8297fa18aa6e50372490025e0cb4e3e2c6c7e181bcd09b4868a4572275d55c7dfe592d084ff6509a9981e9b5061050aa7c3ae121e6530ed5445254d87743d1fc2c7c19dc02e5c951cf7e754d512518d5f9a97ba66c0915b3a64998645634842c763a31972b4814ef89b5a8813bec0713aaa1e7ff6d4df55574000b409f9d85cc5b031eb9468bf69bb01e2b1ef905eac88033a3d695fb2aaf096a955f8c550fe16e1b74037bd8e75defcf863bc52439fdd405e0bdfb0503e2817a27266e97820a9499b1fb0bfcdc32095bdc28874c9d2a54a007007f28dcd7b05a9637389a5960b96b484f49245684119023c0c42ba40ed79cc308f8995d058431539d67950e24052df4e2c8029d46aa822c576b8e09a28e8e8c477a22175ea9edeee805c73ff3f0a32be3e1d402beb9d67e03fb461de7b2fd090845101c43aa43bd1435de78b7d64bbe474bb3866f0354e9f0da37933914b0c1e3df1c80c31830f9ef1aa412f334d56ec6afb7c4217ee8bb67d8bc5b92197ba8637ca34b17f383a4f89f2a9cb60051702c2f74670f5d944066eff7eb40cc94d4a7408579ea2791fe9790edf775db4bfa10a723212a7570463f61cfd28db95a625d5e52be10c058a40735d2e811f1b4075fd1544300d8941921fa455db2e87f2094df9f6e992819fadd6b2c9f4899c5f4a6785405ce72407d3cf1f0aa2201375392977a1ebbcb43021be244a317d90c210b6329deff3b33c6449f96a4b4fafc28038ea6f85eeb77db0df555145763d32dedf29c73b2c1244a48cc152b48027e8aa66dba815486a03d33d23f408d3fedcb117473ba840c3533535bc96424586fe5f5fe202e19ce582357e2d44415d10ec96b522f53a5541a8f05a3fd87d8ba15572a964a002dc6d60a313d343a59ec4784f759cc3de598dc38ab08efd519f1e17256803e4aac62b26db7aac0f317bce670d78d09d648699ddf50bda8c2f01f57f26619bcd7c8740ed59d73e5fb49c7ebf18ea5724147c569dadff43de692b2d8b475acc7a9b800e4d4b8bf8012b9b50739671fd63b1eb85438f4e256f4207b3c9c89a2a2030f38079f0a9100d1183e763ace6a7ed80e8b517fc73f1c42781dbaca1c11660c5f7a635a34dc21a1384dabf833ff6bd901bac7a0635a927f69f86ad4ac15cf73240d585c82e22575e5b44aced3cac43e93e5aa61025f774e182903f6c3abd1783fb660d29ae96aed69514c52aef89b66d89bfbb08fe5eb77d3a45d55438e698dfc92430395cde2f1777ce5f939fe9909ba0445da06785a1cec56f54fc9087510e82956f16e8a81a7ac64af29be0a07ad4d004ba248ef3dfa08c77dc94ff30ecdef78628cf9f4cf9cf6c68e1da11ededd55b02f76ad59ce7815c4704f6e31f18a34cb6a61790a90f4e6e32305e3ea14d7074d404ac3b0aac0df4d8aaf79ec98c162b0b7ecc9e1d9cbd06b764d43adc4cd787f7f4701d9648e8b72a0d39821288f98662f59b59a272e332c24199c705566e5f39484557a39d38ab86e3fd8d36e04021bb4a50b8ff9db192fec114c011a9de5648b954d728d48761c08dd654de97f0ad6e8c64347038f27254a0e59ed89d0b3727ca572318d1ee7667a4fe155f0fa51507609a5e5fa43daa7d14b48df011c4f21dd8bd0aaf92bf3f6068b66f380ee905b4179ac45b8e85cda2106c43cc2fa1d1e5ca94d38eea5ff1c4aa527de39207ba623a3851c3453cb1790e91b7f47b3210a086830f77ca8560c1db8b4ec1f0ba42bbb61b3e29427645d4968a83b6fd6231103156a69e0a9e5c85679852134c039b9baf7f584a4c17cc5be623d83c3e02bff8f07a972a3caeb275ddd67ff848d4287541cbae7d5ae5677642e790b63705501410f4df380bae10ce09ac6631a0d67c9c74c43d58cf28991f1d55eaf0e8cbd5654a98761831a5756cb76b4ef042ad6ed0495274e44a587ec57d748e425f80a5c55b0055f897bace2ef6720c0f9e84b17cdb18193d2c56c935ead4f4c2ef2b519f1da633865633c457b7e6017532529a77e5f6ef51fdee03ec4d9562a3214d43bbc44d82393d1115fd1e5b195b501b07df1f792b82657f74c6ef99ec34512bb7756b388709407f7296cd477850c4346640e9d3613e8f3253c0556b74df5d910ea05c1d90efe807e5aad12701e4b58007903729feb118c0e95f114848ccf82c0855c02e7327eac89fa8f0e554b51b3598d8c89fc790e9a917945fffc46ddda3d72fd0176885fea72c6c6d2606b96983cbf62ba19dde7679d0412c484da3a215ba7148bfded956b3f14406bc2f770703d74421d8a612d5385cea40f2378bd7da95534056e8cdccf1827c0f0f87173bd5e39b50b4a2c8dbda7d1fb8cd87527dfdcdf9b222bba675c7edbd33781bd51300e69bffc695d137e922856c87f7bb5398ab43dcbd2fb3e96fbe81c29273faa3ceabc01ff8bdbb2bbf65c6e2ad23b6669742d23632820d60ebd719b504e8ebe96623280fb9882b36eaec974b5b479a15b6524f0de472f3fdcea2bc86c4a383b85345163b20691f65a5ba060714f331868775c2350aa8d9111a9593a19f3bead4b28e428e11f1b8549c319e4ab8d9dff73bd61f6bc80782164a7ae32f9eb1b518206f9d3b1e30ab0c448bb2f6e0dd042b9a940d5cd23f986cc2ff47e97e6b99a74db169f090fa1af1231fe767def86d79b70cc7beb8f2e2c187be3ab0c0fa8050004fe72efed433a32467c563afc5be2c9bf9f4802fecbe66ec9886bc1f0f2838ea8a42cdef7b8adf0ed70b131e68f4a0e866213475eed776ad55e9f0bb784a58c278e49651a16a1c58353bf650e4c37b499406c065e14565f9de6c48eebcc23b28042dfa5f7fae643a11c1feb9c7c8173b0530ce333fde6efb32948d4cd079ecb03e3835fd3670e1f1bae051e977c4c0fc0f0963bd69a6208b92c8512070435c9e66953b608d0e5895d1852d8dd38d068c27f98b152b3227d7330ed5b3099e046d8cbfe2ccf686c46a0ad05e947e1f5626c0cbaacbfe28b2e1ef5cea08c59294233adb274b83486956121090224b53c5bfa3819863c8e4e380dc00cccc8403a3129fc5578659dc9bd92c0e3a852ed8243720200e8774d2eadf90d4fb7a592f31e89215a62e0e5328472db4cf09c2b13df36bd2f29cc8d23ed042ddb742957008882c97f9ea98c40fd38796ec28375014fe15c94b8f1f6e6b9ed4343b8d6820a96ee4e4bb733ecd2fe3098729c0412ab00911b640b5f5e56641f7454a0a9edad8fdd6f507541477b78180af1c8508341287f41af555b12fd0a0837d82c5e41b937ccc1ef2117895559652857584d6e6da9f709cc7cd6dfdea3fbf968a1679bcf339a427a30340622d146e7e6a1d5d2f5466ac9a9465c0e455672681a5022826729b3d0bec03eb63de7ce7f671dd3a5c1a19f56fe5d0249452fee9c3bfcc1d1006440231939a2c2d81252f16c9969c8b3f79220b8d6f18601716cc4b9cfc4a46f883c45b3e4f328117769287c5d88e74c9d5e5eee7e5c67b26279f07333aa369feef5d5c73fcb7b9f55eb7babcbfa00f37054feb50eccd5a5bbe1e4867d6a8975064d534b81fc2b292d35447e4013b84bc93637514a821a5a9b879b5a628e87a054a4bdf95bc30d4e43d4d0a63a30f3fb34f1f0b6af62b8b251d7b715a94cf60f69b7c9a6c96cfcd8815dc79ce77996f6527738c84e366ee8f33f29b642247120edebd6aec376bc2380c01ae4041ee80f7f87a626ae2d1af5d6fa8fbcb3a9739df92aed287dad6b2e60057887b2cc6e922819490b955ba1bef71454916e21086ea70af20c072ee8d3a34741741935913ac2e3d8d46cedc4404b423f4d9d334a0e8cc3914d883f5ecda21f72ae00b1b906dc94f7f273c67f56306d37c909b6b22a804b10d3a7b3e2fc138382f398e8e6929a260e5c04cd19b3ad16f747740b34311c6daa761aab9693377bc48dd86aedcde7094d3cc3cf2bd8223a", 0x1000}, {&(0x7f0000003f00)="d307d6d4eb9199312fb49ecd77d38cf68ea166d612d3e6c6e9e7fa5371b044cf91307b", 0x23}], 0x4, &(0x7f0000004040)=[@rights={{0x24, 0x1, 0x1, [r5, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee00}}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68, 0x800}, {&(0x7f00000040c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000062c0)=[{&(0x7f0000004140)="785e89819ddee4f248b725589e4734f83981570ba75b8d3eb2d45e037e877a3d7b6a186384fbfefaac66fe2cf4c5dbd21892c9cc6efe2b07065f92e3f737c8b3d520c31ef1ff1b6e75d338655b25b55e06f05ff97483cf5133d4c17ec3cad8243bb1c76319037c789deff6a7aa4db764d0f5f3cb78ac6e36cd0719193d530b55d0e7dcc08095ee78b46a197806d7dca8dd79c6d0d69fa486226ff933833bb051e3be206da15019b8bce0d70f82ab77f1f749f23f9664fd285f4ab618311bf7d73f7db5c37cb7e032df5e694e7c218a7580586e215c91b4d1d921d9c10292a08786996551e08c9bd71fbe15ea30321855b78bc9c958e000e0fc60b279536d8f869fb11526d0c124daf787f3e2be087f4ec70a034a1b40c0105e0bb230accdc4aaa5cb9adf86ee31b860e02d44b5acf6a251f48009ed352077df903325adc06994e633b6a901d831e3c1db915c60e5378e913076f3cb559835fec1ef06f5ce5ff8ac70027c816922e464f5c0930b4996c3bcd780f542ded88e04d65fef5afbbdb13776e57741e47bdf73ca441e86ba093d405c5b32d223712f4d5eb6619fec0fc2eb3a9b9badde06989b73845c33c1f4de3c446193ba6d818c3d42d4b982a7da0c7cb12be0f85e2a0b7828318e6d5554e80537ee9058cfc424c3ee10dc771458bc9da51eec336609c232c9fac9db929e403a906b1fe053760d892dd3f1c40a13105314b85c06fca152a278a8be6e80eb7cb4065147a28489317b2ba17c4baef24df55585d9b299e7669c5b4275e077ccf5d653b4b4e5f801351e344665ff2c717551a9716ea41ecee55f78847eb3d070847f7db7d38acc5da525c8b286996755b0ed1ab114d1af47e1ed23198d4d2ac69879037ca9d70fa7d4b9c2f83f1b8687112ed43b04f141d884f4020354b435ced544014354766dec823e06ae3c564f6edf5d037b4c31ee92e60385c31187544a15b24b33101e7c2f396c5df247260ce5308f04a87b9737e61e7b34e97f063a0caa02707ca48c6695f81291426fe279aa24d0e2f86e264648788fdd6617b353bd36356375f48cd7ed2c312cfd7d048be482fe5bfd0d6ff90c33ee603d569c3cfb0b5946544ec00424019d5990d9d965582bfa6ac9cdff83b66990e47a1d9ed52473a56377e26b676ac087751c440880fe538e3ca5944180d020f3341e7797178128001b73ca4fa5feca4611f2d7eb43560f3594a38794aea6552c19ab718e18b61cbbf064cd5491bfa5ec9f54c55b12d46b6413e3039809c707b5e607adec1228d906aedd293a12b9b7152828b0141ecab409fbaa452ca850ad5dd0630e228ddeff0fd4f746a1ca2490a8f28cb9e0e64cf786b5c8b5794160942f2df0fe91bdd0a2070ffaeb596fc6eaf5db24447bc3eb4421e7e8be88084608c357b0c929ecb6eb802b14cb92977695d7453e0604c216a970d1fe23d39270899fb688303ff96921c75feeb87af1854a75c219bffe764978bd84264caceb0f9d29cfe8fd2f2d4d5e62e8fb229dc3a87a57a1c0f232f691c219c34faa4975299d89823ef7d7a7c139e3fa5b86e8b88e594ec725e381ab28d43db8777ac7f0f8a143efcf6058d7bf0b1686dc460c1de02280cd96f7208165ac7240ca17673bf85c002e15343c2707abbf18c7c9fc993ee63cfc4c06d95d877983771d824709f8183099a7db8185a24932c0ce34118a4d76761056fc76773ecb19c1e8c8f6e8ab11b3c180d9e3a77fc6fa035ea0c420151a56276c0c8418cffe764314eb2d32f4bbedf92fd97949992f45653c5e2b748a850f7194061897cb14effc7746b9247e7a1b9a57c65b4fd8c8f4a3e11c9f03cbdce691fdaf3d2529f8256fdb86f06010017e5f4220f90b214be83929b3b341e4222f6c3eca76d9521e405a572169e63c3757beb97445ef2dc7258eb8db8236a15bc986ff4382bc2abf94e107cb7ff5eb7cba8b1ec2207cb7811a9107387eecf195fad3c8a9c5b002ba75df54dbc9c3867007fbeb34cc44f40b0fe923357ed2fb80d11d731eb53b7a96e765ad0949ccba311a5b73e41e5a868894f6416c2745d43e2a2270931ed794d8ded54862e3b7df7a902181e5152d94f9bb7e8f3c5ab68e98b00787dbebb713e4d9de06f7a98c27cb015dd5581eacf2d5ad546c4ffee6ea09e415a944f744fea22befaa69077c22e8557380b694f696dbe8e6431911ddb4266ca75438ada7465f7dbd595a5e0097fb09d7908e6c0dc731081f5b35f5b64b06dda2a3bde4e54f4333d0f7b1bbf94aa779e03667b72dc5d3495525e9b9df7b137d96c4bd375b989d9824b18b6df2c0411152b73e3cecddf11e839a81bd053f613ed44b1c386af4740641deb4248d891b64e3d1f7d7130f64a27001f29e713ddd12c8ed1d2b5e070dcf5f936caaa770850210144ac676745e9043eb96c1d72608f9403ff48f462fc4410c70085d1fe7172df983c96adee2aa5eba1b547fc3da60472618a1667bd9063a8595f77853128fc7c63cc403f262d3fca1a70390e77263c74d64afb6a525754ccad6b358f6ff1aa28bf12aca9a8e3063f924bbf354f298f8ac6ff72dd3c2b09cd0ae3901bdee68e8ed8037df2d6e4062dc5d1d7a731aee2376e314a73c0c3e741d0b8867e97138ff0d7c1d077d1594a86f2f2326457e5a190de64efe8241b4cfc09cdf0e375a96aed55d1f0c10248d417941518f39cfa6d20f01f56465e50261fa098ae2cd07bec181f444285ab5ddad2ff491f608afb888a3ae48d129314fbff9916bd8dba8959bcb3c330d58262c9c873b16a34b02390c02549707f0350940970e6b8bac53e19417025f7146c749564844eff44fb5e1ebf6a349796d98588ab395e4170634e15b335ae5e65b86e9ef5dbb14c974d3e4ac3ae4f2ff7e884a38aaaaf1d04b198dbe3a3182093d2dba6b8e37fef92c35293d131f0f025e726c06ab5c0872d2ce83b979928424c1cc7e2f2c0d09f090559f706fc86ceef311471f69d306aaa23f1c4cf8cf02c09911b992e16d0a6f51f3554ea95273620520408452d8369f482dd4cd9ac47b45955d2a9a13daaebdc35ec63e020d0ac7526fa24b9ad49f512635d97e639d6e032b97ed22bc2fff412dd4e461653fd92a779de8ada5e1af8b41b02998be0a657697fc7ba5e5e34b4a53ef252c5f88748fa6f6be504e13a909638c148cc3419083e4e1548cda18cb71cb0e92b5df343bca65bbce8b34fc687c7e6b1ac5bcee7b5c89d13bc88ca5345654e346a948518644ed69554883ca65bb39f9d6f4c185ab6974dc198d24416bc9f75412cdfe2fc1c839016ec6dc97941de0446223c0dc89ede509d12622ffdccb4d3216a9d21af8fffec80704c423855c02201c66ac33cb5f51c60ee9c76d64ee1c060669b0a786a8e60f5e836995c5016f6c96e13fd31c0df0368439a90dcc8b92e026813d91f24e0846fafa494ddc6bac2b46b4bf3aed373593d27ea8b84e126c145850627745aa0f690b0b2d4497e9b366d3f2dd8346573f0b4558ddc808f50a9bc9377f0d09e7b74bcc3c42c4f282a4ea9efa897f9584b3343738919fa3e2d8095f238db9a5f669e7424f9665fb99788ad014aa245c957f4269fe7fc6f2712c37f3bd7305c0a48ed991355af77e0ffeea7f11e67b5ede6a1905dd84996db1be7306d948598c9b9e7d1db09c8fcc181cd8e829cf5da008908357b70bcb8ce3d3c22f58c70a56f7863d9484bb0716e2ff2e8e4a04b7005486e7b765bfd8edfa30e7cd574b9f3349e89bfeb894b93daf07aac5419b33b1c3d6a07aecba678ff23698a9aa004ed67a805c3c2f96b1809f5a159a9f13c1b6b41b86752608533d6cc04b9cb67d2b28e0487db33c52af62f1528861501f6437dfbcc8fced7837b4e9dc09b47c4451e54c787f90983113685023df6963fbfb539f44e1e6df16f082b5e16b29a1089346e7f4557fd10c30f1c917b287c2c1fcbcd18d5709ff7e95a6286d5deb3553844ed33368f00edf2e52332156d0b2c8d97b57a1097e7618a542d2ff2416df9a5b0a05d4296a54f12da2d03dd3ffca1ad9dd707df30af8c968009827af8ec85d0b2706c35f0e8cb474480a4fed88ec474267e0c8c105212aef5d6bc645d8d69b8bfbedbddc303a2f249427f406db8edcf608a726012822f9ff8234041977c3715cfceac5456757844f846f3698bc6a878a3cbb8451825e2e727dcdd171bf6cb90cc1b57c238a3a4a8eaf408dddb248e9488b7aa656667aa9b69d7ff759f211f8a60c1eee1a4c65823e38235572eaf350605fd582fcb939a6fd9ffa314960a6f5ee4a5be53fdc302cf25c2ee02720e8dbf5ca7c7bc7d4288a5b435ede7002e93906a7cb3a99623743167e598f414fc9b899db8ddf79c0cdd6e7245ccfeb8e4fbfd1c033a26d45c13b0a28e7bc9d1f9f5e30dfbe390c61fcf394107bd99df68d83c0d04658c042a05dc4017822f7c339ecbaa1a7492c5d8d52a7e5754143abfbf107e7f5b95af66018a8ff5b554557be52fa696607c3b9b4d49dd6539afae024e86892a72543b1c5b2c6189f0dec43472011648c6e1dfc72231033583266f18474de81c2f819d63e6545547cfc60bbc424ba60489d338949123788df275a34fde81d927315a50ffb33e666a429bc9b8d44aa69e2bf690707cc11316fbcff1ceb4226dbdf31bf2b4feb269cf910cce87368aca266e15a65e483695e1c797cde9d1404d613fa2e0326d7ec4c96e63fc1224e71e664943786db6ef7ff5a6244bd941a9de5530d7011f2e13e38473c384f894b12710514894d5cb2bdc00a53e63e2733a517d413b9de6e2de55e282d6160b78a3f915d9d61bfc13604ed6fd60e2d16bd3b8ed410393a3dbca5db07cb11f573d46d5e88ff38d10f065b7bfe806c24f21a5dff3e8f7118abe1776d142699c4fafec5d9109a303b7a2db25f404e9bb5a152481827eb7ca9b0e66b1a8246ba5238c6dbbe4a83fe3a012dc3b01bc2d436564f1fa71e24cd6eb96ea75e7ce602e910f3f0c5b9753ec809fab61b6abea17f0ce940952f2726c18b5751816808786aa3757fe26030b41e59c268f46e6ad038a27f2a621e896b94af7332a9ecfa2bc5c8e5a07e7d6961a9addc746c44efd951b9c85a90d47ee19c091aa71b55cd4d380ef47973684fc7aab7ef81396a909ddf4577956e5644f1b9794e0eeba03173ce191dfe22939be7e168ca71433c982f4b9abe310bccf7009803d7b45d7cb026d8e5b098c96e4ed1071125e002aaf25961b54595a001f645f90c1a2f42379c9f0c8322f91b384bf16e0c3ff1f247b11c2747bace0b31d0ddd1993f2e2b823712d5a15bf4f06154490afc58cce15cc5f2b6433fadd177a4795f53aa2d1e06601a938951b985afe2de82425644fbf876c627d1798697eafd27037ad01355285701e8a01e4dcd034c2499e49c8aa9b3cef9fcdf81f641db7907f2849f16e4f1ce26945c5ce072ff5212b5a7e7fb12d1462e29aee578149422795cdd94421995008a669663323d4f3e86e9691a4c16d755ea387a35d058a5287a1795de8c7a4a36791047f11afb4fb0aad63ce3ad2b651d1010e31ef3111cc19e0db85517072a7c59529a0ba4969f037ddb07fbd70fc0c06ebaf28396ecd6de5fc3e9505d273ee341e3acc7b79ab58a43a1abcada39961ddac63f293acd2ff2295f9bf19e1920a911d4b1874b2ca893909e079d2c9e0190652992dde9c9009b8e86c6a133d4ac6ebb668ab09e36d1af768965ae252b9f73850cade650f81420fa8963bac45821923bc125965396321b38a1312d2f53a3c40ca23be93675b980f5d5", 0x1000}, {&(0x7f0000005140)="0df06e2032c3bb4041c5d9b30820475031a7c5057de37c03ff96ccc0cc234f4577f9d3303f1c9eaa3189d3eb825793afadd7377f9750d7f9616576ff1240ba9cb41f50c08eadfa1730895947d4d9fdd3fbe51a6f1b9071533885bb4559496f8d992591e3d8f6839d707b7d6a4bea2dc15bf704ce121af49c781481a086f6af162ddd0df87caf6cf6ff3b9e8817b36a89c7b8dbc2865b42350ddfa643bdf0bab67b6b09ecf4e33d4bce6916d391290c35dbb150f5ab92e3", 0xb7}, {&(0x7f0000005200)="a82b9376bcfba94e27684bd92ba65817d2a2a0aba7a3dec606cf70ac1f519f2c17a982a395f15cc73e7f092fa7018943058e06c955ad0b0a3eba827cf4a284670fecd2e16058b18bb69aaefd30d997c9028af22d4d3013d3e2246472718cb7e63f3906b24d665692c1598fce9c02b3e1754e0322684a3eeec0fb01b8a335952eb0d765526ae8d804d81f1fb59ea5fcad8a0fe3aecb644f82184d9f10a43bf2a9904ccb74f0e2c4c90caecc7771e4538a9870ec4145825ee053ba91bd6e973193f4d947df2d47575b816a64764c32ebb69b6a09a142c6ed83c74573b17fc59b27b6b51ef640e5d3fe31ec0a78753e85be897d80a19de51c997b19d012d64e688f07248be6411460570ba28fb73679311ba084328f4ecbbb6abde25bce70187d3677958cf008cfe1c108ea7c3863ba062970b8554d7dce877aa204be326a75317b6c652af8686ecdb41c126b09c8204b17f7adf46f0dfe5a42f0df2d8be7f9da32588850936021dd818e48ae1510a75e675cc89eb5d77905ca18ce07751f9417d3dcffb2bde6c16cd1298221980c3967b06752089282be8c9d107a5b08eb135e7ca35f903365d855bea34b105a50e501cc5c996c13c422898acf8991487b707b1f4b64943c86bd7c321093d73067a021057e7730da8fda1e8edb19ba3c6fae9861b5adaac43ef6e53d4356f36dc9af4ef56e8b8f1bca3bcbee6d4c7d7bccaec34004e3c6f02f360aad7c530f53af47cae5fa530fb9a89c0b64251dbc8453ae8eb3bb277ae2a57ba8c9623991c8c56f531bbf8f49f77ad087bd848f45bf6e709aad6d2da90f03f83a916797e8fc7e38de474efe8f372d43201daac8a54f9ce043f4438b23b06ab64d82ab3cb958313f10acd5f933f8363ee7e451fef4ce66b0d47511df6b34a73441444921feaf77a9d71d62e3c9076af2cbaa8bacfe153a90a0769d393368eb334a4237be788be283dd6006958ddd6479ab37e208be82e708cc4006634bba7a1bb54be45e572e4b2e52f06e4e86fc86c5ab3c2e124c7b65fdced1dce4ca9bc367def7aeface58e16c5b2271995c76288e79fd8ae36698a9bc58df413aff7ffe8e05d79c39c4ee601f395bb0f1240c728e175e680e117eebe1dabebf42333c00fff78dce8a9409b63f65291dc5c9bca892fe700fd6eb108d61970ad0dd8589dc4eceb9a98e08bbfdf32f232aeecf46f51f91b5aa38a9bf4be6c8e66cdae5d04b8e9a2bc03980dbc8cefbe478761a717b26200a64070a2970ae76874261e93cc71800f0cece3657896dd9452e672ce8022fafe44908546824a82444828ddc317637a6e8bdf7b6c63585a8972491a9416745763b2264495f84bdb536e95728eefe41fb3a80901dce2a45702809a41823347fe5cd19ecd477c262022fef200b6dbdf397d5bf4faa58b4cdae3624e5774c594f05ee710a03ba6c3fe8ff8201ccc24f7d4c1c499b3db77eab89b579ae4dc3a18819d4602e823f5fdb3f84bf442dabc9eec027f1403e781e0ce65836ef1cc2161e8ed2a689c604b84fa11bd7c88907b38dd042c60244b5c0dc5605965ff950c4a83c3c05270ad56ac0343307f1defe7dffcd0e09ba8c590615cbc23a7b948d6d56f2c0497dbdd48a5781b70bf358bfed24ef8343f6cfd099c4ca35168b58630c4ed68480148da4c8231a4773d77730e13cc0177b3104d2a103f0734212c40974965551b0624652a67879ec23484114f8b4c82177dbbd7b9f95698b2f1c4f5f2de6264c38745f847ffebb810774d8bf5875c42eee189b4c209a7f6512b928765f899e2281bd64e5e954444b70574e6280a4923cadea95e63d4aa0ef9410de303bfbb52e24071d25bf4aec8f18c569c7de57d4fd33b85ccd6eb2cbadd24541b471742bef393dbba476eddec33c008be02af5163ccd74e2a770147113b4343eb2952c8b5b252d9bee7118bc984095dff8deca7fd875ca166af4a31be5242cfd518c945e361c1a38773be1d38b046db8948d65e4c14bde877313f0819e7dd5b00052ec95fe5a2f065c3130cf9a129c1435b1db07801388d08a98f8474536421d6c5073f26b4f25f14fb86aea5d4e27e20f980ec2168a303e0f20a25cf2633dbabd3a19be2d2882052e2a151cabec185916782dd6f41a6fcce9f15944e9e8335ddbee085a0d364280c0f545df02f2eeea9eae06725b1a37849a6b91ec69dc1a99b5a8f7dfb5a1f74a1aa3f3808947bdfedd72373535bf42d6476b2f72f53431e89d47c324ede908301f2f70e2bbcedeb2ffa70849ea3ee4957072242402a8b34de5302fe38746d12f4fe75913f41481f68d30e249d4f663e4199afbce35478d598180f89ee006f70975453427da2a51d8c7404dbc4f775b93578422390a7a212fceb31b388a4b11e23fc3b50b586606dd638e222e5b019fe4c638883565fa0cecd9dded170da71d5d3a4acc2b4f3614419b6c1e81fb26db7ff865842c24d8e3b550668acf0b934704c866a15a68e5bbfda7e12a9d0223f7529ef3f44a3336457c66654fb25709a814950c0ca0b7c060643f18af1fd53f3b1422c3e5b92214b6f85e35045722be60892b12e57e0fb11e2e9169701856915f72e9af0d7eafa6971d2bc399846eaa1ec7554626b17a690df041130bf21206855450baafd5f474f6541189452bcba8a3c97ec4b76f945af616ce89c26c9172dcb86c998748a804f3b13288e6106edc1488a363868ae6fab05538d854f5d29963c5772811e1fa206b05493b6c3cf58d33ff094462e5760a06025ac3c95705ff2db9525334c8c08ca5b9738f197d53899c8e56dff42175fbda04cba35dc68dd7bd8752dd66b14f7b3466cd30ca549e155f53bad9390f3191907842b54a4c1ae91bbb18b9e740d73e95bc50937728f7312a5484cec28f5dcf4b7a2e416dcfc5e0d932ac8d5451d6f9deccb4b20a1a6ffa308acd8dae42074af7c6916df71ae153fd6faace6fd8e14d6cdb69aa279e41d8968d9dffcbb96ac800ae96599a8d9edd7707b8ae8a0f9aadc7e9df496d1928558745499599b1c8e35f950217fba145022d3d3510b1204caef3abbec568780e88bcf65c5f1911906603d02469be1bcfb0b25bf4d3d67bbf17e34e9dfcfc42dfdac983f5e80acdb0d8d36aad5185577bd923a3722d69658e2958eb328aa7519ed72e7da0ac6629dc418333e955d9ee74b66db52851ad296803555b84c3423dcd84e133cd860541dba153fba61bec1accf9a8b6d7dc13438a53c15f2c5dedd5972ccc5a7ecdc440a6dd1bf94a73c1d3299716f18c0d04288969bc24581c597b77e23d147c78b9a388eb3b7938d23305404a7929f051b9d21bebff472d1b3d03ae2858c6d54b28d7bd9d4b13bd934729c1392b3580914affefb0456613e60bf19746f20d14c54f42d0fa1106018e694258646aa9092f4ebcc57fdcbeca066f1e60a58c59501a8fc1d26add85142fddbf096dfaa5a669dec9b827842e93bded2cc6ed7708a21a8450e5cc082461a9ee0f48642e193da4beff41a72de5f4f27c50001ea3a268299dfdc0843f2675f5f638c37a909b1628f50f2ed0f2b5bbcf6547ca883f1119aedb942419598d33d9b914d7304a595cde68ff6247a79c371357e2a7fff9b2fb3ac2894e90551b23f5b5f3d4c5e51fadb39584cd4c978e8964f1155cc6256cd0812f7a23646d87c7b5e2e653356a90f1e32a091fbc5208a90327d11b9f9d34022961eb63ac6341fc776857edc9e3707fbd8bff1553599ba734bc3f5beb8daf044220a7ce3b2a73a781b6d1d171799e9a6916263caec6c6b80ba9d83d88ef3736b7725606bd456e2bc12150715d153627bff2700e3e46472f3ccd1f97a0fa98a572224892b8d51a882e4b8c0a3ef530b72d2a1efeadb5e86ecfc21764cfaa78afd75586e3a13c30fdef94c2532d5bd8b3194ae9acb330feecde6d05c08071ecfa303a857531a0171f7aeb35f87de433e5f02a9bac0767f68a301c98efa0b33f4167ab19d835b255eebc6ad2bbcaa36bdf64a050b3a67c87a6cb4754cb034286cb14dc72c5507f81e4625265cbca7b4ebd7eab977e78bff24a0af3af6b34693717f72406aa72b7f823961df3cac4567510156ceb3f250c8f9fea4dff83b923623e43fd32dd314ca40f6907e5d771dc19bd086aaa118b60828f00fc2db30f85f617540c9e127728ff98ec11ea22b6b1df89f0898e410504728968c5cf78ca24eb824f97b00e5a5203da77668f58c3d57b29ef7112f8d71fe900941fe2d3fc4b0af6076ffa1910b3b677d7121a7bcf79b3a7fe931b05c05f07366c0df467df86acf342da1c548a39452eca9d7672bb261755d8f9f3adf96034d40ca7b2237086864d69410f67b52cc99f793f65fd1dbaf1e30066edc0051ba6486b0d6af05f6c0b947d6260d4f3cdf27d9d030bcf5b9e59aec0230a42b8063b514aaa1cee0adb95fc9913cfb1d706f3cc041ecae0b58ec5167ff6864d520fee0b7b78c4f3c37651afd29fba7c94412f8555dd22c569d8d115d4c8ca7f74c0d508007e64abfcddad9aec838e0e7f12283872e64f631ea077d9415d2c5b6480d202bfbd2d8ac0eab408ebdced3aa44701eaf2c0b2995c3ba3a80e4ead0468f6f93897b7c17ae572d9be4a97404d234ac66ab665f1534c9be6730c2daba8e0d66cc220af4fa36b06b06a195499d94b2e8bc958bd7f527d15ad6be6b3e95a9ad16981fbe935166d53cb8978218bab8214e8622098b1f018a13db377883fbc1d9d9a986190a435a79669c939864a8efd351995dc2d61974c381f24de660e1405f1b9d0eaa2c48b40479989e946983ce3d025b53c7fa29ad23ec0862734c0d718ce9023e89d0d6a94f4d02cc198cfbcffa7fdab764e348f962f56b650235261f91ce7fbcca9a82508efa4e5f2478e1afef5a4385b664a2e274b9b2c45840207ce725d322b215184cc55b76efd48089e135da36820b388f1e035fbca74d71b124733e6eb37f2446bbcbe79e7a5402bde510c0562407c8e3357fe2fe229f5a9cbaea6dac766e41901d942b23a80ab3f22d1df6f58d40bd106554a90a1f4a8969fdebeb8f48e273549776898fd0397c143ac9eace0e88b41f8ece87dbafa8a1a63ca6b157c81026cae3b2297442272a15070d41471aa7c0c73af5b3e685c558c0aee056c85a3d195411ef82c62fffbbb994d4a1f836d611580b2589d7283dcf3929c17a5315cefa21320598b2ac7369c7503e26d09634e9a2b2485d7d093af59d5d8a5ef69b9e03f93fca1c3d318b0f8452feb9984fed87803c4619e6408fd8a47203a46eee277555509bd47343f1535d90dc13e6250f5020712916b376584955aad02681fe0e4a64c6832e5ce6a2f53b05377b83cc959b7ae448ed44eb06fc0a09e271506e1a4288b1104991c66b70328ded6de4caeb54737a1501cf497ac07a4a2a3e22f16019592f109527b7de1e23be6dfa9aab440c192841a10a64bb09c2939a6d64398a905276ac6a6c7523bd83ead91d5cce27356b8492196a472ce1b8226dc963521fa1f787a5fc557bdf62ed83979cec44222241256cb641215e856556bb6cc1b6da27882d47de215940f8876a68579c5ca0edfbbb55d0d03b307f3b9129e7acf9a078342c18e4e1157dd3e570bf13acc961b788bcb1cc6a23a27c4fd37e8bc8426c364b94a5dea88aba1396d1745ef836d85122793ca436e69ffec4ea79ee527ff5e5f96fbe2be2dd034419402abaede6d14743c7bbee835f1bc914dcc3b7285e5717fbf9ee873c6953e8abe95435f706d2bd250d6ac31dfa068bed29a3c08096e003a138d58be1a3c9f4a1a", 0x1000}, {&(0x7f0000006200)="03e29ef275c7ecd4c75299", 0xb}, {&(0x7f0000006240)="cdcbe19cf9ac7d51fe02b6e7778fed363f0916c026dd5c269aa8cfbcfb0686e487593cb0fb742ffbfc5c1650b1f0ec6296356a40f30075c20a01baff53950c97f16d5dec786c9b7aefc967aad72b02f41797b4a6af9a646b5138dc9faf7253e1bb02fbc836bc1bde4ca23075555763", 0x6f}], 0x5, &(0x7f0000006480)=ANY=[@ANYBLOB="1c00000000f9ef587d0d7fc7afbada00", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32=r4, @ANYRES32=r3], 0x60, 0xc014}, {&(0x7f0000006500)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000006880)=[{&(0x7f0000006580)="dfa34b0025c6d7bdd02c020d0f821abb58c570e8912a99aa3ad6db2b11dc45fb5bf3e1ee9af6a2e6782499aa3e03ee4b55224bffddbe44d0447ce57de73ff26d5b896cb619b7ab09a5105a24e17de5a4d12b35d16cd3507b22d76317044c69cbfd19de6fb55a2f7e723ef817d877fdc11e205bc153c7dbe5abc7aee312c5208473ed211430061428f1b20c0b28ebb24e17d1d053d52e5154fc1cb7b7d4760de07bc7d6d834471d07a1d6bc3d097d9c9b86256e67a2288f86884b62c069f55342019096705095ed0e6995ea5eb37e1453", 0xd0}, {&(0x7f0000006680)="ea4c8f00736393efd124", 0xa}, {&(0x7f00000066c0)="0d00f3a683f0cfd44255da8ffce28fc8f6094e507a8faad99298310af59bfb9c5039d74269588e57e0ab02b5855f39d9dd873a4fe998cc7fe2b59ac9017691acbe4aa4a22dc4865c55ac7131ded33c19d35811fd8cca291a1a209742f270ce8b57b30a8c6af48f775cfdd6294fdcdae7ee88d3b0e58db137c4ba8abf5a8161161a64fe57e8cbbb389b7586163906bd7ed90366e002015d4e5a8138ad7235f2f86ba71736a09154ac166cbfc1", 0xac}, {&(0x7f0000006780)="306ae1c28b13e7ccf36d54a71618db3b183fd51e851dc321b65324f25126440531c5cb9288898c9d3381cbab1d4ed6a595a29129c1c03e2aeb6e7892f0f75d8c0bd5e3a1251576de863fafe14fa1442bae8022a885e14c66ee3af2154628b18260d0e69ca41ff7a1235e611b695953dc2d26c890a861250675597e3c01c27ca03740ad1382373a55cf4801ca8cd8042216780ca757134fa65a8b362ef3cdb60c5f56f1a9756bff18915d5e93ee6deba7d22e5bb448f17f8da2914387fd14bdcdab731c3cd83cd2747dc2a540432577adba8a3a88f977bd4b81", 0xd9}], 0x4, &(0x7f0000006980)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40, 0x4}, {&(0x7f00000069c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000006e00)=[{&(0x7f0000006a40)="9cf6c7b4c8ffd9248ec874a2be330271c9eb1d55153ba2764fee7de8bfc1979e1966dfe5c6188b2bf59a66978875b289ad14e48e308f57abdc08637609293dc0a286855815ba64eddc3696133c9f4be4acc26f0f5b32035dc5aab864f97e3c6744c3e14976a7deb3fce6709b3262ba8f0d72980205274c371869e45e2e3f628d4da4ed43bf1990fd4b46951341b907e2916f338580", 0x95}, {&(0x7f0000006b00)="488ff70906a2a2cb6b131b02203e6726ef2bf7469a0cbb925728ed9a37542daf6e8c9c1e26556a294788011957771e2645fa418451ae5c4eab67168190d07f13cf947af67113f40df429d548f9dee4b0971b008260f911c7b25fc3df9f5c66aabc1ff9d8129beb9e2cabb8c84b14991b64ac3858eec4beddf4066b3d770dd4b8ed2980243e4a826a9ed1146805b57cdfa1d2d4a94d4f662cc1157b9cdd15", 0x9e}, {&(0x7f0000006bc0)="19ef9036dec459829f930a76f976c76aa4ad4a0d6ef4e720cbffe08398559266504ebb62be966265b671863056d177594b107485bb16f1ab4910f0ca7e6d4c01922b9d515206ccad958b28a91de6d9b28af4fb48fc1e38ee6a8deafc9de0eb8c0c79df1e82f17e2cb50e0e67a02635bdc3bb29c04ef4c6794093ffd0af1977aba9e2fb868fb20409e3047dabf59c986cdf90b7f3a79e5fe3c47a0724f5e74295091b8a48ea5adfcea71e8a4e8181998fbd77aaf4dac91a7a57450855c3f33b9aad1d6159f36999eae5e4cf048a424f8696952071d78d67d590002bbf5cd96a12809116166f030f6c04b7", 0xea}, {&(0x7f0000006cc0)="8490c5ff4dd4b6d2301f463a48bedf53595cba516a6bf982de58068e5a5b15f913927b6564a4e48249e6d496968a46c0e60b025a328194540491dde880c7e05dbde45adbf30cef642f5f4d820b86c1d3cd2166d634d0351c5a2f578a2fd70855aa63e76829b31203dbb3e09123bcb800c8c2e11500fd2485bcc0bf74c3a3a4608abc22231fb67e6a679e409bc56a406bfeece07527b5a7fdb5388a5a890aa6af62155e1b44145d411ebf77a2e60aa5f82db501503ebff75634ec03d0083a20b5f23289", 0xc3}, {&(0x7f0000006dc0)}], 0x5, 0x0, 0x0, 0x80}, {&(0x7f0000006e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000007500)=[{&(0x7f0000006f00)="2d95596646bde9e36692f4b76d1485c0c1d77f1b243139b1dc22b5bb75dc00d4f0d7a957a3de821e655305e3c572bdaf76828647", 0x34}, {&(0x7f0000006f40)="542540f5bee7aae024491b83419cc304f177bad3ca650a4a91b7c96ef9b87ca4d0b2753e763fcf2076928c5fe29edfdc4ab73ab320465332f9974925f7d5b515aa0ddbff315671cecd3061eb113b3eb26ef33a80811f9b481c44d3260ced3798947dd6f86091d75d5e52749c9ab52ec733668f5f0e6c196cdd8cbf54463bfaf2f00d70df827414cccc54b222f5c012e25737f0eaac71beee61829b4b538914fc64a789b99667640dcc5502cb8f278bd1e03ff54c86bb158e235791bb04d700a17f3e030a3be035cff8a15e10943fc31add8ce3b087cc", 0xd6}, {&(0x7f0000007040)="74c1942a155f34958d498d7a471f198fa4c5552b11c1caa6906cdaa963143b", 0x1f}, {&(0x7f0000007080)="dfcd4c8a20172780dd4ecd20528b56940dd5c8d8e866129deaea99b0c45a7b8f23d80490fe9e9f941b2cbecea434769b997284facb2a664795b04ecc37f60692b81e3e784aefcb4951c98f4a629efe4fd0f5bb5a45daa95aafb504879015087920ca65959a6dbf5da67a04", 0x6b}, {&(0x7f0000007100)="ab9f2f3c0600ca14fae27adce2dbbd31f5e9fee25b9c3aca8e9810f46371ab4ac60c8735a4f9de4dcb017dcee6a4741a4f6038e4c88d33492e6bc01fc9cbed46ecb17353a83378e3ccd03ccb9a42", 0x4e}, {&(0x7f0000007180)="79be8390f04eb3f540f3710b78d64e971a345f6461bdc3a35eb988a547d3109467c851ff3daffa53b4995885827ae77afecc3bd9787492b1d25eebbb66df90328bd0fa233e76cbf7ce2bd1ff97013fb5a1a5ff833fbca94244de219f99", 0x5d}, {&(0x7f0000007200)="8333a9b9e8a111edd91b38803fe5f2f0d5f56a95ee736530934c8941448f650cf6b7bda4beaca74d1c030a8c4ea127cdafe95bfcc197b042d02d173c4cf9d9218496274591af6b1b9f199760e5abda308bbabd8e6986122793280b844e8eab181999e7b8aad07c893859baab025150be54cb9dc238e6f10442b95747956a4394eb045deab9a3eb29cb33d43fb5", 0x8d}, {&(0x7f00000072c0)="3a7174227bfb2684afece0bb11e8321913bd608a41c8f5b9c430cda3f8a16a62fa1374b25824b442554e608a7856620dec6170595752cb3482e02e9d721427c2b65d8863e295e6ea3d610a1673e3fc82c551554fd5dc1b1b6a68c550c9323592fd1bf786f41eb6c14354e7e68ebb58d170a57d0024bffbad4d80be", 0x7b}, {&(0x7f0000007340)="ad009e17736cd3c52ef49e60e779de5e5ab485ff0bc9ca8300afbe0d94a95ad3342b6121c87e6e643c1427c5661fc8323a93ac7d36e51dd8bf31201ffb378fd7506e2e595fff2ef7c1080689b248254027695464bf4d8d0825a743bfe6da28830547b18b1de283d537c41ee8a787e2f858e276730a150c27b23b560c48a1aa33689265e1bfb730944d45d980375bd0ca7a1e", 0x92}, {&(0x7f0000007400)="09bde8bb842a29f0ddaf6093d1494fc4605556c2d834a113a86129965361dc6f10ec22b34d5349b1d135c31c6f9422056937a51dccb250c6d2118c6388fb9b2515962bc352ab5c2ad504bacfadf619fa88c7b9a8ec5736030867b790ae5181abe8d4a714f6b5b46060bcdc527305cf0adebde8625a66d526052a7e2615c8ef17b11cce18e38df6e56af3c5d95980c0d9833e5c35d30daac9fa88ea05bffc5c4507f5395b0a40f8c5fe2008e7db39ac0176a2c71b030f42be95433165d3a2d71348a13fe59a243e0af12e1730fd5ebefaaec1f239b8f4", 0xd6}], 0xa, &(0x7f0000007840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @rights={{0x20, 0x1, 0x1, [r0, 0xffffffffffffffff, r5, r9]}}, @cred={{0x1c, 0x1, 0x2, {r10, 0xee00, r13}}}], 0xb8, 0x4001}], 0x7, 0x8000) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(0xffffffffffffffff, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:28 executing program 0 (fault-call:7 fault-nth:41): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1388.506593][T10224] FAULT_INJECTION: forcing a failure. [ 1388.506593][T10224] name failslab, interval 1, probability 0, space 0, times 0 [ 1388.519251][T10224] CPU: 1 PID: 10224 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1388.528101][T10224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1388.538156][T10224] Call Trace: [ 1388.541426][T10224] dump_stack+0x137/0x19d [ 1388.545818][T10224] should_fail+0x23c/0x250 [ 1388.550227][T10224] __should_failslab+0x81/0x90 [ 1388.554988][T10224] ? io_issue_sqe+0x418f/0x6080 [ 1388.559867][T10224] should_failslab+0x5/0x20 [ 1388.564388][T10224] __kmalloc+0x66/0x360 [ 1388.568666][T10224] ? rw_verify_area+0x136/0x250 [ 1388.573521][T10224] io_issue_sqe+0x418f/0x6080 [ 1388.578205][T10224] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1388.583625][T10224] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1388.589568][T10224] ? __io_queue_proc+0x99/0x260 [ 1388.594425][T10224] ? vga_arb_write+0x17d0/0x17d0 [ 1388.599360][T10224] ? io_async_queue_proc+0x3f/0x50 [ 1388.604456][T10224] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1388.609817][T10224] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1388.615633][T10224] ? try_to_wake_up+0x353/0x470 [ 1388.620642][T10224] ? io_wqe_enqueue+0x457/0x4d0 [ 1388.625497][T10224] ? io_wq_enqueue+0x3a/0x40 [ 1388.630084][T10224] ? io_queue_async_work+0x18d/0x230 [ 1388.635413][T10224] __io_queue_sqe+0xe9/0x3a0 [ 1388.640012][T10224] io_queue_sqe+0x6d/0x160 [ 1388.644568][T10224] io_submit_sqe+0x15c7/0x30c0 [ 1388.649360][T10224] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1388.654815][T10224] io_submit_sqes+0x61f/0xaf0 [ 1388.659493][T10224] __se_sys_io_uring_enter+0x217/0xb20 [ 1388.664959][T10224] ? fput+0x2d/0x130 [ 1388.668969][T10224] __x64_sys_io_uring_enter+0x74/0x80 [ 1388.674491][T10224] do_syscall_64+0x34/0x50 [ 1388.678908][T10224] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1388.684811][T10224] RIP: 0033:0x4665f9 03:59:28 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r3, 0x2866, 0xa5a, 0x6ca0637599eb2ca4, &(0x7f0000000100)={[0x9]}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:28 executing program 1: shmget$private(0x0, 0x3000, 0x1000, &(0x7f0000ffd000/0x3000)=nil) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x0, 0x80}, {}, {0x0, 0x400}], 0x3) r0 = semget$private(0x0, 0x2, 0xc9) semctl$GETZCNT(r0, 0x0, 0xf, &(0x7f0000000040)=""/9) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1388.688703][T10224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1388.708389][T10224] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1388.716810][T10224] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1388.724841][T10224] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1388.732806][T10224] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1388.740785][T10224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1388.748787][T10224] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:29 executing program 1: semop(0x0, &(0x7f0000000040), 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000000)=[{0x4, 0x7fff, 0x1800}], 0x1, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) semget$private(0x0, 0x0, 0x102) 03:59:29 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$GETALL(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000080)=""/89) 03:59:29 executing program 2: r0 = semget$private(0x0, 0x7, 0x73a) semop(r0, &(0x7f0000000040)=[{0x2, 0x80, 0x1000}, {0x0, 0xff85, 0x800}], 0x2) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:29 executing program 1: chroot(&(0x7f0000000000)='./file0\x00') symlink(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000180)='./file0\x00') semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0x7) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0x1000, 0x1000}, {0x1, 0x4, 0x1800}, {0x0, 0x4, 0x1000}, {0x0, 0x6, 0x1800}, {0x3, 0x9, 0x800}, {0x1, 0x1, 0x1000}], 0x6, &(0x7f00000000c0)) umount2(&(0x7f00000001c0)='./file0\x00', 0x7) 03:59:29 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x8010, r0, 0x10000000) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) syz_io_uring_submit(0x0, r3, &(0x7f0000000100)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x9, 0xa, 0x1, {0x0, 0x0, r4}}, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:29 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget(0x0, 0x4, 0x80) semop(r0, &(0x7f0000000000)=[{0x1, 0x1f}, {0x1, 0x3, 0x1000}, {0x3, 0x7ff, 0x1800}, {0x2, 0x40, 0x1800}, {0x3, 0xfff7}, {0x4, 0x8001}], 0x6) semctl$IPC_RMID(0x0, 0x0, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x2, 0x5}, {0xbac8fb4ce3e6f467, 0x816a, 0xaf4b666fa6fe0e23}], 0x2, &(0x7f00000000c0)={0x77359400}) 03:59:29 executing program 0 (fault-call:7 fault-nth:42): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:29 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000), 0x0) r1 = semget$private(0x0, 0x0, 0x100) semctl$SETVAL(r1, 0x1, 0x10, &(0x7f0000000000)=0x7fff) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:29 executing program 4: syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.pending_reads\x00', 0x4800, 0x8) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000240), &(0x7f00000001c0)='./file0\x00', 0x100, 0x400, 0x1}, 0x1000) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x400450a, 0xffffffff, 0x0, 0x0, 0x0) 03:59:29 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39001b080000006d"], 0x78) 03:59:29 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r2, &(0x7f0000000280), 0x0, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b39380000080000000009001f00000000080000006d91157b04d954acfbe896c034eeec79ea327ce44d837a2b24eb6f1ff5931b5075019885c7cdad6af3ace3331a56bf1c670db689445e52b2270afc28cab7f26ab86148f004f3b246f3f058cd37f27fd04d81e3c557000000000000000025425724606fb547993b1ef0bcdb0ad9823843d2ec65156f7c50785084322d406dd45bce766576e6cc17058c10635840c42a85fc4a1a864c1684e0fae8e9252f8c45855b55f287b30224fc0471"], 0x78) [ 1389.398327][T10301] FAULT_INJECTION: forcing a failure. [ 1389.398327][T10301] name failslab, interval 1, probability 0, space 0, times 0 [ 1389.411004][T10301] CPU: 0 PID: 10301 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1389.411023][T10301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1389.411032][T10301] Call Trace: [ 1389.411038][T10301] dump_stack+0x137/0x19d [ 1389.411056][T10301] should_fail+0x23c/0x250 [ 1389.411073][T10301] __should_failslab+0x81/0x90 [ 1389.411118][T10301] ? io_arm_poll_handler+0x15e/0x420 [ 1389.411160][T10301] should_failslab+0x5/0x20 [ 1389.411218][T10301] kmem_cache_alloc_trace+0x49/0x320 [ 1389.411234][T10301] io_arm_poll_handler+0x15e/0x420 [ 1389.411256][T10301] ? io_wq_enqueue+0x3a/0x40 [ 1389.471488][T10301] ? io_queue_async_work+0x18d/0x230 [ 1389.476785][T10301] __io_queue_sqe+0x133/0x3a0 [ 1389.481544][T10301] io_queue_sqe+0x6d/0x160 [ 1389.485971][T10301] io_submit_sqe+0x15c7/0x30c0 [ 1389.490743][T10301] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:29 executing program 1: r0 = shmget$private(0x0, 0x4000, 0x80, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000080)=""/75) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = semget$private(0x0, 0x3, 0x4e) semop(r1, &(0x7f0000000000)=[{0x2, 0xfff7, 0x800}, {0x3, 0x7ff}, {0x2, 0x5f, 0x800}, {0x4, 0x1, 0x1000}, {0x2, 0x1, 0x800}, {0x0, 0x81, 0x400}, {0x2, 0xffff, 0x1800}, {0x1, 0x1ff}], 0x8) 03:59:29 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x1, 0x5, 0xc00}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000040)={{0x1, 0xffffffffffffffff, 0x0, r2, 0x0, 0x11, 0x6}, 0xd33, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x400}) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000140)=0xc) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000180)={{0x0, r2, r4, r5, 0x0, 0x652789b985a8d9f6, 0x6}, 0x8, 0x26e, 0x0, 0x0, 0x0, 0x0, 0xffff}) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) [ 1389.496198][T10301] io_submit_sqes+0x61f/0xaf0 [ 1389.500881][T10301] __se_sys_io_uring_enter+0x217/0xb20 [ 1389.506377][T10301] ? fput+0x2d/0x130 [ 1389.510281][T10301] __x64_sys_io_uring_enter+0x74/0x80 [ 1389.515660][T10301] do_syscall_64+0x34/0x50 [ 1389.520234][T10301] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1389.526141][T10301] RIP: 0033:0x4665f9 03:59:29 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) syz_io_uring_submit(r1, r2, &(0x7f00000018c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@llc={0x1a, 0x10e, 0xff, 0x5, 0xe0, 0x8, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x80, &(0x7f0000000100)=[{&(0x7f00000002c0)="304ffd90936541ebf491511ca83093260e5ee8645505b336f769dd3aaf4563d314e4899c5e31b4e431c9f2aa34fcb083ff81d6b26280ac0ff7b380b1162765c336f7e4cef17fc4758834c9d07d5bc8b7e955d513a0e6b0a780a31bb4771946c48cac1e7e9c826d816288fadf5966509b6b57d4b9bacb42d00d6a81918c0a519026a58ba6f6470e1b69817ab8efef56f972301c5287193a", 0x97}, {&(0x7f0000000380)="3a53a15b5acb1d136fe53760298d94f9bd0b24169c5987192f10b6ccb9cd9c1e71d7ef2445a4031445521a1d5519dc449680689391f2f791b8e1ee038ced97fbc68ca65b28fa90fa3b13888834c1fbdb856e1c2d98d8af015d76214b6cb698fb695204d454e0bd3c958a88bb272199aac5ac57", 0x73}, {&(0x7f0000000400)="5184a6a99390bc7ef8832bb2cc68c17a79eae6f143b397be146a98e5aba03ebd2c31f107c7b460d2f197e13cd47765eee15bc9e88802063de9e421d9b5c7430530844e9cb9bf54dac34571b5f63c65db31f7c424fcdd35fc3ca9b3afd108", 0x5e}], 0x3, &(0x7f0000001900)=ANY=[@ANYBLOB="1010000000000000070100000300000070354a9eb914e2973ebad8ec562551671f823070f627476ef7ae845f377bf76dba2a908f2184fa64f09bb635385455701467b9aa7712957ad4e1b32d8329ea12514a86075e7f385c734fa363dc24eba494b2de80e9666074f6fcf1ac3d3440d46e7be530aeec29232c2ef5ba413238ed795ed55b56fb5158ea667a3c8f262083acf99a2a23bf09fde68722f560c1b579124813c0e5a9264716d899bb9a67eb3ee00ef313c8fcb3ba637ec110a865add79d72ff40355aca766c69d5d0e2b45df3481f083609ac939d6ecf3c2bc52d3dce944c18c795e67345a6a76343f033a7865b92565f74542d15e102fbaa496b146219e68a637439195c1a29b0142d6519e362f535db9ab468d3f3712f81be42f7dad06ce6ce9e3beb94f9be67e7e30aa5037d46e8f3a7ed0b15607772fae76c45c7ea15f2487876590e05d74c5eb6db6f0ae72eae7d3623301416574e348f0c24ca6bb89a2273b653f1163e92737047a57d319f046ea68ff1076b3d0b0c16beaef8c35ed2dfa2de097cab46690567b46c8b8fd4b9a078696b378f4b8f08d188e42ba7c295f3b23dee1ab3b341f0927f328d69368eb8c3faee7862332db397defe6ba7749fe50b5ab594a9660aaea7a32c3a7df89bf9d02f95ddfff59e96cbbd3acb0f76b7e1e60a0909beb93cf2c3c09690d269a1f885d27cfecd61ce84dc9af853de7150b5b0f9fbd7a972bf7aa3cc96c72e82a705dd5e200b9fcec16e2897feff8f0233f208cca6709aa7d10273562433af47d2d4affa04d31dfcc5a5d0c82c7fb8448aed232c3ba8cf1fcb4cbe2dddfabe277bcd7a703b7d0be20d489a608f1fdbf0b47d5c6db87090b4e5c83abfa894ffb5575337554e92abee2be999c2aec4006110fa96eefde9b5ef9c42880d2c682254eef4639d43fa17627ba159bd2481f3487e30b30ee4401842781331bc9a36762ec9f472eb99626a57171e147d23c73f48b7771f236ee57553e06be7d7b26ce68ca44dd1347ee2c39f214be0df91a5995354f2f52287804479322dbdec41e6c4aaa1dba0ef07f091e1ae9db4793aa8d9e62986a1ab1a93d6671d69ecc7d9d961d18519b164b45e556a8267df51a4343a2ec2dc60a7d58d75749ea323858b461e98393d9f9c691440d6d39630b125b880c70e68bb233faa7b803fb6d8784e88120fa3fe4251411cabcbca15b7d38ff6e0488aef0793cc55a7bbf73aaeb444f11410cc4f32c540ace1c035a40a31997901e584f58f23ea485112d60ef33ec52c0be854b7e7a2035d6127ea83afcdd5167e159c666abdac48d163c0327dc9c70cafa1c6b554e423fb976777081f558606ee11513caac6dcafa1fccb8765b9fb546743b75d07112bd9228060f62a96d076cab96c462cdab129282ca488ff4d6b207952f3cd5b605a16cbd48203b5a218e9a8599d54188f0abba4d2d1401ce706a4df679fec8090237cc6041bb548ea32804d01b6907367f85dc56018290a0c8b212dd527930cf684d482130b6a615d519abdd6791f48a8a628ce7dc99757c741f82222bf933a38220d0c49051c51d0cb2df962c454f73d29eb8f6a456de24e9abe78884e674e279f6c24692a1fd2acb3d3f44803d51bd836db54b3c3a8fa2f6548c0d3ba33ef93f6084417b7a7d61fbe7e7095d677e3224bd37c2c74a9b08cc7933df9e216d7a63bb72bdeac5b920ce8a3fd631f23230d54b3af7c2fb1c7c8e986bb45648992f859889ecce56449147efbb5773e4d4b04fbe0c9bec3e80456fff3cab9add0e470d5c98ca4cdfe4624ce5e68f883a7db3fa0735943e7b3bf50d88e17724d103fb1f17412bbf0e6be3fae46ec96dfbe10ef7599cfa770038cfb56190df14f88c5f149bcfce6abf9099cb1247481c71cb69376c94eb440c956a24315445eb11a0f4f99370a7c1a7d1192701adf4ba8603f54cbf97529b3f1e32aaa2dfe7e7b76b8ab9c7f5511d225bf8683d4ec3b65ae0e23b414e1c20c4ea55df3d26b2d85a27185ed77b12849f3591fe8e50fcf3c76572f3e728884cd901f25a8d08d149418c9253ff69e47422c7c4082a8dcc8e9e9aaa4fce27322195a0fd6fefcb3c9b251e964b93674e5213ae36141eb6c3f3bf4ac7c40aa9b75dad8a30f408ae40a2f25f04f625c08b44272b6d96c7d086720188d90b8a62c4cd64bc70d307eff2fadd78bff3a38dad04c07084556c79f69aff8d71c619270dd4356a0ba94168aa3f4e6d03bc897192f9d9a995d7121d379387c63761b72e8a16fab4674bc2b76684e237d10aa419dd0b7f66c6f8bec6fe2b2caa9190b3d0adcbd376418364f827e3829f163d092fd90dffbdb16abf72fb40fefddb10961df6e3bdc314aa7b0aa14ce71a493f73627ed2d6dabf6f7b0a8e54ccd4b17adbbf47bbfa1ba9b180a08cf6376af793d4abc8ea01f61eb52a13352698b55f210ce61e4b4247a17fefb302a2f37114910204b9e41eb06c3a9f245b79fce2a203f0de9378d1b6a48aa02be26732b87a38485c1531cb1f8618db11fba8212483b22df897c5df2fe7e6caa77ea7df7bec848e385d8a86857afb02ee11e53d1e4e0b3eab50a8113d0f2cc120c04f341f130a4ff5f55428d6a1eb5498ec8f140ebcb1c9256dd18a1f098503cda81491ded383fa716b69fb5cf15d32523fa0f2a621e8303858583774744fea35ebdf2f17b9b8d1ef9fac27c76135e23e6613d481966fca0396d936bf7322fb8e97f3cd4e0276e06488a684578e36f1c31723085051b5c45eb68b6840fef0c3c0f5aff5c1de44fb8380ff9d1332ab6f756b130a2cb7a72b2746f80844a0b195120afc82237f27166e0330973aafeeceb3695d93e5ac55ef1e358ece748fa96151fca5910531797f135332ae73b532ebad2fa9dca5ac6150d0a8fe33cd7a0321bc6b3d24b378831c126cba8da338126497260d4279bbbabbc059e33b83e56ac64f794703c359e1627cfd645647512dd385248f99fbe32da4074392ee59caba99953bdede1904e2724469950ce7a5d1658a3fa99d6aea5de6cf4ed0167c30093d354d1d19a2a9d565ed4d28d8bbd9e0b9e0c0db5c90ddc2efefc3c5062360a2ae8c7db480d84e2fe16d0d7082dc86853023222fc9f4bfc9a57a7b736afba350ee6858095ae95b05dfa15a35e23f39bdb7c1fc224a97529225994f6465de96a7a38768eda21059b0d7043536b5b9af50349062f9ea6d4405351d51c103bbe52ae96ff05077dd251fc86de10c697de40aa3efb6c98a52801d38c6cf5d4e583545e368935714c439810d19caaae44282a42666d2f3f283e475793a5dbef23f2327d5773a298e571abdbf75a478a3a7be848f11b97639a5c75ac005e5df2b0ad1f159c5fc673804243b79c9491eb27472a5cc854d6cf361cb32eb0a1a48c4e4ce7078e4320f2589ff78964459c555917742e75f2a7a2b67bdd870b6955e55e7e89b118a3004fa7fab2db8d533ec9bb81ec54b8b0b91c34d8a07455f3e878f8c519a52e847b40e9d88ba3b00d476d05c48d5a31e095aaf8cc19b4e380991aa567f13e3a3912b4a04403471b535672bd71478d619ab3d7f488023c46ded7bf628ec9aeedc943047fcd42469cdb3d61891e2d6edf09308a0c992f97e8ee9594d687eb7db999fac8b68a77b90b9b66c7080f394bb4e7bad83cc7b64a85411c2ef850427c63153552761aafad37c6af4e9921de1db3ed4ce1f2abd09cbf4f462ed33412fe67bc75a7b6b2f466e23489452d03dbdae797fc91cd465851c12b78cdc3c87945237c262107be4e75547b4a7ebfd073307aef17488d134ab38f03785494b0c4d9260962e4d854910557e2aeb95b705bc103609c9f0ed9d4f350c7822365672a86a8759e9aad8200c5bbee44b7f356dc7148291d52ef8fb7f8989d0fae31065760af03b130d496237788b50d25d744738f4b47efdcc17c72014458a4b9a9c89b30553de3c15bd687180c1de60488cbe2cce010c5e3507b689aee5412ec1bbe2c14f45f9ede20bdf629ad8b4db8877162679c7cbda33edfacd04e01e1c3b0728a72c143c2dbded8d4268ed9ac78c9ee538b8292b4dc26b76e008253d7ea0debd0741db9f4cab344a8567bcf15de0d13df51f9d4551acfb88580d3d7096ec8826212641d0849d565572aed6cdabdf6ee0adfb352bb4e5f4e16e21a306b6e70f14dcba41d87fdba39ef420dd68db3d07df8b6f4bd6dfd414d009264b4d45f667b86f820cad41de251907187e1b2a96a90c4f3da7e45d4b760b0b0675f7a9204db5e6ab4691b76f1e6181b3d34f369c6a635cc5357a668abb21e2fe0dd9b6ba360f58c334b9796d67458ff558321603b951c54e00e59179afc4bdd0cf596dfcaa17010505b50aebbdc1f18a736c217b0a8195ef4890a97ab3971d9aa46a6f32079af9ca0ae305ee74127c824a5749f35f800ec0c751ab664e0141b0466980f06929c4054c59733aa69fe0adcc0b460083a5aaf7d4d440164e3db90451064eb65f89099eaf39d0ba54671911c399e117e02cd16fa1ef645108bb0dd6b099bd30d386a6df5e9a532690ffc4da8c97f04904f0f01b8f1fe79a88ad6ae91540561e7e27b60726a6523af35b4e2c7eef9026342556d8f1d5ba1643aa2529dffaf7671e4d6e76f00a04c9306d5052cb1de3a63780bd959ccb1a98a3c99a81fb68988198a7f5bd6b53b7fbc3db875118f97f6dcff22f9edcfeaa56fab67a9c6d7a787c7661bc5ca7fa9069a9ac206cc50ac8935a613b93a6eae3f3d72d4b7b6b7e5f31e0709c861a6badf2dceb1f98eb76b7d379409fbe4908bf2da5a436b20c85e1d67d0285529ef36768decf92139ea6a21dae85f7c511aa8e8af1203ec5eeeaccf1f344e4f0f1c2c65be5a0d891c93c8ec5dc85f2d15a897dbea5117bf93fefd4f8409748e5abcfad41de5b13fb6188264c161c4ec00a9c5cce9d8107fa17fb48cf060c32cbbadbcb2be50e1517ea7321374c7337534c78534dc35b687bad05cc284c554b98b98673007bb6490be77bca5647cc4893a2b4fff9ba9e8f03597204e2bb043b0f6e0c96ce27a7ea77fad6959061240731943b37cccbcd01c29e5eefe7262f743c3c1eccdf7001cef8a798012178b59f5440f5461674a4b2a6547e3b1649410c72255e5a025568d12ecaa20ab9953d35c1f080e65924bfe91d72a230fde2c203c467b266166335a98ee422899b3832409648307d173d8c90616cfc934c24bf9b0d8a1c964c4ce2bab2220065d78389343d91ab3d79e2f34b7d0c286e9660c6400dc45067f1d111a3b64089d324784f5810375735eb53200b6a54f2788f65ea119b298dd6f36e7e2ed3f55e0bcc74b104179ffaf20959ae12662e393970b05601e69d2d32a7b4ec7d3c059e2dbc451dc4ed781dd77bbb899d09a5a4bc9deceeaba73df5db90f98f791b9b49cb09d3ab1fba2f45a72f6b82910fb850e513c8272b3de7e6763b2809f970a23e85241c7d087601e6351079953baee39eff2f6ee73c9f5e45ce7673c5077dc43814629706d6994d4fe6fdcbffeadc875333a3518aeaa125a87caa24ac00f216e20000e01250d0c3121950ccedc216f95c9f0ffce49ee880d89a16b36de9657c359ffdad604341e86e107d69986e262071424648200f5e993fae0a65029c36f3c40bd7d6f0849906737e1d9607d3a04c32504036fda1e713aec004baf533aa11070027156dbf3335a818d8239d441dcec25fff1159a205ea6656d7ba223fdb92acff0606b3375c600adbd7c930d5bd1bea867e438e0360bd156fb5d6df84fe81cbe0c2aa2baeb6338ab46911f1798116d418c1161676da9a8000000000000000001000008000000821970f7a77b63b343986908596867e56c1796815b1fc84f6b0d6c2a1231aadf536fbb78adf445e4f891502c860ffc92adf76c21634a5e40e1ea5b667d5a32cf394c768cc8edc5d754877266eaf5106d92630644e8cff9fe189629bd679af0a7e17c59c48dfedc6ef1ecb76044dd3a74be93eb9e26890427075d64ab728d83b3ae7738df1ffdf8f88c2ca4e200ed924b1fea9dac4ec5b6c89800000000000000190100000500000028793ea1780b5fd914b5690a6b44334d6b06b394fcbe455bade5f662e2499e378459743a127d039db059f3bf401435fdc56b0fbbcc80cacf96ce72636ff0efebdabae3ab7f300c2d5e239d9f0fa5b56bccbb6c8441a8e12e740d57eef12a08d821a3e06c58803cb2a4fe6c8b4bc5a388798e60794e8e2f91603cc9b24b43aabdf3e559ddfc400a2400010000000000000f010000fbffffff8c51fef39089e2e63babad30e8a968c458a4d0379a136c620268840cbbbf296b4755288ad5260a710edd62ae5a338da507324a06b2e9e3aca18ae39ecfef22ba725bc4d62e3c2f3c875e819e2f015532fb887304c75c1174e8c0bee8c626e2f27a85c39bd6edb4036e0e935a2010abb880e64cd56cf1556701461d5da7d117014b2b197696b7aa0c2c636a1f09519f253a760395dfe28f48fe7707ae213779420734f32454c673c82f00fd91a5050efb77f2ad5a2a4cd1d3368973f45fc6f82b1d98807bbb8098c4ae0f12170b46bfefc705ce2a1b02b6e94414f11b1d73410287d1c6fbded5a2b7975a3c0000000000d000000000000000140100001c0000000e875ab228e39e29f02b33f89d781cf624e12a899f60dd46d92438988f13a821f3547c38be924f161223ffbd930ea4bb258f9beb9d7cb266a4cefa98c1f3dd8072d8f4497944dc8fad6d569e5773dcfb155780de5259479d17ff565356265ac23e381a0b780b51649f903b695e602dda6ba7b8f90b5f53eed0b851d94a0e3dd8a914dba1f66165f97ab27ffee3ff2a59ef57a9279ab66c5f16deba1d052ef6fb8746a122fe0ba7782929627e61f98a551cccb1257fe70057773bff0000000000e80000000000000029000000e0140000b24090c28e22b84d009362fc1dd8049aa329f8599070eaa22ff3435f8312fa54eb864b2ad700f818cb8db328a077e77c1405d563ab38c962f7ab903aea7acbaa21e2f1dba091121e7d784a9e029d81d5705c3f25fb9cba953487dff46c1b4aca1acd19c60420ff10e57f8410df3630836aa33b6f380c104670553e73170a13e0f25d2a2a2230a632be1b9e076c29356caaad61c2fdafa16791cb3e00adce332a68fe4ae4df0841fee9e64af3227415bd4460720371cc90dcd42bc5b5ca88be3625e1dcae7118aee686768afb2aee0b00adfc860000000000ff3edc8a9aeca5c9f2d1fcfe9b970c7d393570efd53ff8da0bd5bafe16fdb4e38aba941df10ace34da50c6bda08e113b7c1706"], 0x1408}, 0x0, 0x4000095}, 0x4) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1389.530045][T10301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1389.549802][T10301] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1389.558301][T10301] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1389.566273][T10301] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1389.574244][T10301] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1389.582292][T10301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1389.590321][T10301] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:29 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETPID(r1, 0x0, 0xb, &(0x7f0000000040)=""/45) 03:59:29 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(0x0, &(0x7f0000000000)=[{0x2, 0x9, 0x800}, {0x3, 0x8, 0x800}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:29 executing program 1: semop(0x0, &(0x7f0000000000), 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:30 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) 03:59:30 executing program 0 (fault-call:7 fault-nth:43): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:30 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) r1 = semget(0x0, 0x3, 0x140) semop(r1, &(0x7f0000000040)=[{0x2, 0x2, 0x800}, {0x2, 0x9, 0x800}, {0x1, 0x7, 0x2000}, {0x3, 0x1, 0x1000}, {0x2, 0x100, 0x1000}], 0x5) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000140)=""/4096) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_STAT(r2, 0x0, 0x2, &(0x7f0000000080)=""/25) 03:59:30 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget(0x0, 0x4, 0x22) semtimedop(r0, &(0x7f0000000000)=[{0x4, 0x400, 0x1000}, {0x3, 0x3ed7}, {0x4, 0x3, 0x1000}], 0x3, &(0x7f0000000080)={0x77359400}) r1 = semget(0x2, 0x0, 0x0) semctl$IPC_RMID(r1, 0x0, 0x0) [ 1389.939612][T10353] FAULT_INJECTION: forcing a failure. [ 1389.939612][T10353] name failslab, interval 1, probability 0, space 0, times 0 [ 1389.952274][T10353] CPU: 1 PID: 10353 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1389.961039][T10353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1389.971103][T10353] Call Trace: [ 1389.974383][T10353] dump_stack+0x137/0x19d [ 1389.978734][T10353] should_fail+0x23c/0x250 [ 1389.983221][T10353] __should_failslab+0x81/0x90 [ 1389.987983][T10353] ? io_issue_sqe+0x418f/0x6080 [ 1389.992882][T10353] should_failslab+0x5/0x20 [ 1389.997374][T10353] __kmalloc+0x66/0x360 [ 1390.001512][T10353] ? rw_verify_area+0x136/0x250 [ 1390.006344][T10353] io_issue_sqe+0x418f/0x6080 [ 1390.011009][T10353] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1390.016383][T10353] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1390.022358][T10353] ? __io_queue_proc+0x99/0x260 [ 1390.027203][T10353] ? vga_arb_write+0x17d0/0x17d0 [ 1390.032143][T10353] ? io_async_queue_proc+0x3f/0x50 [ 1390.037296][T10353] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1390.042665][T10353] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1390.048581][T10353] ? try_to_wake_up+0x353/0x470 [ 1390.053586][T10353] ? io_wqe_enqueue+0x457/0x4d0 [ 1390.058489][T10353] ? io_wq_enqueue+0x3a/0x40 [ 1390.063062][T10353] ? io_queue_async_work+0x18d/0x230 [ 1390.068365][T10353] __io_queue_sqe+0xe9/0x3a0 [ 1390.072941][T10353] io_queue_sqe+0x6d/0x160 [ 1390.077348][T10353] io_submit_sqe+0x15c7/0x30c0 [ 1390.082111][T10353] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1390.087560][T10353] io_submit_sqes+0x61f/0xaf0 [ 1390.092304][T10353] __se_sys_io_uring_enter+0x217/0xb20 [ 1390.097779][T10353] ? fput+0x2d/0x130 [ 1390.101679][T10353] __x64_sys_io_uring_enter+0x74/0x80 [ 1390.107037][T10353] do_syscall_64+0x34/0x50 [ 1390.111545][T10353] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1390.117462][T10353] RIP: 0033:0x4665f9 [ 1390.121338][T10353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1390.141538][T10353] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1390.149949][T10353] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1390.157918][T10353] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1390.165884][T10353] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1390.173837][T10353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1390.181824][T10353] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:30 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b5b073b3938000008060000000002000000897e062eb3f2001b080000006d"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0xfd, 0x0, 0x0, 0x33, @private2, @mcast1, 0x80, 0x0, 0x20}}) write$binfmt_misc(r2, &(0x7f0000000040)={'syz1', "0decb60db6391138e6fdc3803eece98717283146ff8438a3414d8524a1a2e53ac930d9fe2742b2713956"}, 0x2e) 03:59:30 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x1, 0xc8) semctl$IPC_RMID(r0, 0x0, 0x0) 03:59:30 executing program 4: sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000000201010000eb00"/23], 0x24}, 0x1, 0x0, 0x0, 0x24000004}, 0x24048011) syz_io_uring_setup(0x140f, &(0x7f0000000300)={0x0, 0xc1bc, 0x0, 0x1, 0xa1}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000380)=0x0, &(0x7f00000003c0)) r1 = syz_io_uring_complete(r0) r2 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0x2, 0x0, 0xfffffffc, 0x0, 0x0, r1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ee7000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r7, 0x0, 0x0}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r8 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x2000)=nil, 0x2000, 0x1000000, 0x4000010, r2, 0x10000000) syz_io_uring_submit(0x0, r8, &(0x7f00000006c0)=@IORING_OP_FSYNC={0x3, 0x1, 0x0, @fd_index=0xa, 0x0, 0x0, 0x0, 0x1}, 0x12) io_uring_enter(r2, 0x6611, 0xd0ea, 0x3, &(0x7f0000000680)={[0x80000000]}, 0x8) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) syz_io_uring_submit(0x0, r6, &(0x7f0000000640)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000600)={&(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000480)=""/133, 0x85}], 0x1, &(0x7f0000000580)=""/102, 0x66}, 0x0, 0x0, 0x1, {0x1}}, 0x8) r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$vga_arbiter(r9, &(0x7f0000000100), 0xf) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r2, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:30 executing program 2: ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000040)={0x0, 0x3f, [0x81, 0xa25, 0xffffffff80000000, 0x4800000000000, 0x4, 0x6]}) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:30 executing program 0 (fault-call:7 fault-nth:44): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:30 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) [ 1390.348323][T10386] FAULT_INJECTION: forcing a failure. [ 1390.348323][T10386] name failslab, interval 1, probability 0, space 0, times 0 [ 1390.360970][T10386] CPU: 0 PID: 10386 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1390.369828][T10386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1390.379867][T10386] Call Trace: [ 1390.383156][T10386] dump_stack+0x137/0x19d [ 1390.387483][T10386] should_fail+0x23c/0x250 [ 1390.391899][T10386] __should_failslab+0x81/0x90 [ 1390.396650][T10386] ? io_arm_poll_handler+0x15e/0x420 [ 1390.401923][T10386] should_failslab+0x5/0x20 [ 1390.406482][T10386] kmem_cache_alloc_trace+0x49/0x320 [ 1390.411769][T10386] io_arm_poll_handler+0x15e/0x420 [ 1390.416892][T10386] ? io_wq_enqueue+0x3a/0x40 [ 1390.421472][T10386] ? io_queue_async_work+0x18d/0x230 [ 1390.426804][T10386] __io_queue_sqe+0x133/0x3a0 [ 1390.431528][T10386] io_queue_sqe+0x6d/0x160 [ 1390.435994][T10386] io_submit_sqe+0x15c7/0x30c0 [ 1390.440767][T10386] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1390.446330][T10386] io_submit_sqes+0x61f/0xaf0 [ 1390.450994][T10386] __se_sys_io_uring_enter+0x217/0xb20 [ 1390.456440][T10386] ? fput+0x2d/0x130 [ 1390.460336][T10386] ? __fpregs_load_activate+0x103/0x1b0 [ 1390.465885][T10386] __x64_sys_io_uring_enter+0x74/0x80 [ 1390.471262][T10386] do_syscall_64+0x34/0x50 [ 1390.475712][T10386] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1390.481643][T10386] RIP: 0033:0x4665f9 [ 1390.485520][T10386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1390.505122][T10386] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1390.513557][T10386] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1390.521512][T10386] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1390.529505][T10386] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1390.537536][T10386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:30 executing program 1: semop(0x0, &(0x7f0000000000)=[{0x3, 0x0, 0x1800}, {0x3, 0x7f, 0x1000}, {0x4, 0x4, 0x800}], 0x9) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$IPC_RMID(0xffffffffffffffff, 0x0, 0x0) [ 1390.545562][T10386] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:30 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000040)=[{0x4, 0x7, 0x1800}, {0x0, 0x200, 0x1000}, {0x0, 0x4, 0x800}], 0x3) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:30 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000fee000/0x10000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:30 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semget(0x0, 0x2, 0x121) r0 = semget$private(0x0, 0x0, 0x2) semtimedop(r0, &(0x7f0000000000)=[{0x1, 0x5, 0x1000}, {0x0, 0x2, 0x800}, {0x2, 0x2, 0x1000}, {0x2, 0x9, 0x1800}, {0x0, 0x8c45, 0x800}, {0x4, 0x2, 0x1800}, {0x4, 0x2, 0x1000}, {0x2, 0x83, 0x800}, {0x4, 0x1f, 0x800}], 0x9, &(0x7f0000000080)={0x77359400}) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2aaaaaaaaaaaab08) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f00000000c0)=[{0x3, 0x12, 0x1800}, {0x0, 0x3, 0x800}, {0x0, 0x8}, {0x0, 0x3, 0x1000}], 0x4) 03:59:30 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) r1 = semget$private(0x0, 0x2, 0x110) semctl$IPC_RMID(r1, 0x0, 0x0) 03:59:31 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x432a22d242bcaf0e, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0xf800, 0x800}, {0x4, 0x100, 0x1000}, {0x2, 0x5, 0x800}, {0x1, 0x3, 0x1800}, {0x4, 0x7f, 0x1800}, {0x5, 0x2, 0x1800}], 0x6) 03:59:31 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:31 executing program 0 (fault-call:7 fault-nth:45): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:31 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000000)=[{0x4, 0x4, 0x800}], 0x1) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) semtimedop(r0, &(0x7f00000000c0)=[{0x3, 0x9, 0x1000}, {0x2, 0x5c9, 0x1000}, {0x4, 0x9, 0x1000}, {0x0, 0x140, 0x1000}, {0x1, 0x1, 0x1000}, {0x2, 0x5}, {0x1, 0x19, 0x800}, {0x4, 0xf388, 0x800}, {0x637e09e75d8fb9f8, 0xc60}], 0x9, &(0x7f0000000140)) r1 = semget(0x0, 0x2, 0x241) semop(r1, &(0x7f0000000180)=[{0x2, 0x200, 0x800}, {0x4, 0x6, 0x1800}, {0x1, 0x6, 0x1800}], 0x2aaaab90) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r2, &(0x7f0000000080)=[{0x4, 0x3dec, 0x1000}, {0x2, 0xff, 0x1000}, {0x1, 0x0, 0x1800}, {0x3, 0x8cad}, {0x3, 0x1ff, 0x1000}, {0x1, 0x1, 0x1800}, {0x1, 0x1}], 0x7) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r3, 0x0, 0x0) 03:59:31 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget(0x3, 0x1, 0x2) semctl$IPC_RMID(r1, 0x0, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:31 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ee7000/0x4000)=nil, 0x4000, 0x2000004, 0x10, r0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x5, 0x0, 0x0, 0x1, &(0x7f0000000100)={0x77359400}, 0x1, 0x0, 0x0, {0x0, r4}}, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:31 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x80280, 0x95) mmap(&(0x7f0000208000/0x3000)=nil, 0x3000, 0x3000009, 0x40010, r1, 0x2000) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) lseek(0xffffffffffffffff, 0x7fffffff, 0x3) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)=0x0) syz_open_procfs(r3, &(0x7f0000000080)='net/dev\x00') [ 1391.244462][T10454] FAULT_INJECTION: forcing a failure. [ 1391.244462][T10454] name failslab, interval 1, probability 0, space 0, times 0 [ 1391.257226][T10454] CPU: 1 PID: 10454 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1391.265988][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.276079][T10454] Call Trace: [ 1391.279357][T10454] dump_stack+0x137/0x19d [ 1391.283689][T10454] should_fail+0x23c/0x250 [ 1391.288094][T10454] __should_failslab+0x81/0x90 [ 1391.292868][T10454] ? io_issue_sqe+0x418f/0x6080 [ 1391.297726][T10454] should_failslab+0x5/0x20 [ 1391.302285][T10454] __kmalloc+0x66/0x360 [ 1391.306444][T10454] ? rw_verify_area+0x136/0x250 [ 1391.311289][T10454] io_issue_sqe+0x418f/0x6080 [ 1391.315969][T10454] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1391.321596][T10454] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1391.327004][T10454] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1391.332813][T10454] ? __io_queue_proc+0x99/0x260 [ 1391.337732][T10454] ? vga_arb_write+0x17d0/0x17d0 [ 1391.342671][T10454] ? io_async_queue_proc+0x3f/0x50 [ 1391.347778][T10454] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1391.353158][T10454] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1391.358973][T10454] ? try_to_wake_up+0x353/0x470 [ 1391.363822][T10454] ? io_wqe_enqueue+0x457/0x4d0 [ 1391.368672][T10454] ? io_wq_enqueue+0x3a/0x40 [ 1391.373297][T10454] ? io_queue_async_work+0x18d/0x230 [ 1391.378581][T10454] __io_queue_sqe+0xe9/0x3a0 [ 1391.383173][T10454] io_queue_sqe+0x6d/0x160 [ 1391.387605][T10454] io_submit_sqe+0x15c7/0x30c0 03:59:31 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7ffc}], 0x1, 0x0) semop(r0, &(0x7f0000000040)=[{0x3, 0x400, 0x1000}, {0x0, 0x3, 0x800}, {0x2, 0x6, 0x1000}, {0x0, 0x1, 0x1000}], 0x4) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0x1ff, 0x3, 0xff, 0x1, 0xd]) semop(r0, &(0x7f00000000c0)=[{0x2, 0x1, 0x1800}, {0x1, 0x0, 0x800}, {0x0, 0x0, 0x1000}], 0x3) [ 1391.392440][T10454] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1391.397898][T10454] io_submit_sqes+0x61f/0xaf0 [ 1391.402587][T10454] __se_sys_io_uring_enter+0x217/0xb20 [ 1391.408121][T10454] ? fput+0x2d/0x130 [ 1391.412012][T10454] __x64_sys_io_uring_enter+0x74/0x80 [ 1391.417383][T10454] do_syscall_64+0x34/0x50 [ 1391.421854][T10454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1391.427779][T10454] RIP: 0033:0x4665f9 [ 1391.431666][T10454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1391.451272][T10454] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1391.459678][T10454] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1391.467643][T10454] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1391.475616][T10454] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1391.483589][T10454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:31 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x1, 0xeeef, 0x1000}, {0x4, 0x8, 0x1000}, {0x2, 0x3ff, 0x1800}, {0x2, 0x4, 0x1000}, {0x3, 0xa4a4, 0x1400}, {0x1, 0x1ff, 0x800}], 0x6, &(0x7f0000000080)={0x0, 0x3938700}) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) [ 1391.491563][T10454] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:31 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100), 0x54000, 0x0) fstat(r3, &(0x7f0000000240)) 03:59:32 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) r1 = getegid() r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r5) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000040)={{0x3, 0xee00, r1, r3, r5, 0x12, 0xb6}, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) 03:59:32 executing program 0 (fault-call:7 fault-nth:46): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1391.813575][T10505] FAULT_INJECTION: forcing a failure. [ 1391.813575][T10505] name failslab, interval 1, probability 0, space 0, times 0 [ 1391.826342][T10505] CPU: 0 PID: 10505 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1391.835112][T10505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.845160][T10505] Call Trace: [ 1391.848490][T10505] dump_stack+0x137/0x19d [ 1391.852887][T10505] should_fail+0x23c/0x250 [ 1391.857368][T10505] __should_failslab+0x81/0x90 [ 1391.862134][T10505] ? io_arm_poll_handler+0x15e/0x420 [ 1391.867420][T10505] should_failslab+0x5/0x20 [ 1391.871989][T10505] kmem_cache_alloc_trace+0x49/0x320 [ 1391.877276][T10505] io_arm_poll_handler+0x15e/0x420 [ 1391.882438][T10505] ? io_wq_enqueue+0x3a/0x40 [ 1391.887138][T10505] ? io_queue_async_work+0x18d/0x230 [ 1391.892428][T10505] __io_queue_sqe+0x133/0x3a0 [ 1391.897105][T10505] io_queue_sqe+0x6d/0x160 [ 1391.901591][T10505] io_submit_sqe+0x15c7/0x30c0 [ 1391.906354][T10505] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1391.911812][T10505] io_submit_sqes+0x61f/0xaf0 [ 1391.916487][T10505] __se_sys_io_uring_enter+0x217/0xb20 [ 1391.921941][T10505] ? fput+0x2d/0x130 [ 1391.925853][T10505] __x64_sys_io_uring_enter+0x74/0x80 [ 1391.931229][T10505] do_syscall_64+0x34/0x50 [ 1391.935686][T10505] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1391.941645][T10505] RIP: 0033:0x4665f9 03:59:32 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semop(r0, &(0x7f0000000140)=[{0x0, 0x3, 0x1800}, {0x2, 0x8001, 0x1000}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) semtimedop(r0, &(0x7f0000000040)=[{0x1, 0x800}], 0x1, &(0x7f00000000c0)={r1, r2+60000000}) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r3, &(0x7f0000000180)=[{0x1, 0x20}, {0x7, 0x5, 0x1000}, {0x2, 0x9, 0x1800}, {0x3, 0x2402}, {0x4, 0x5}, {0x6, 0x0, 0x1000}, {0x1, 0x8, 0xfcdb8c9c7061ff8b}], 0x7) [ 1391.945577][T10505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1391.965178][T10505] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1391.973586][T10505] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1391.981557][T10505] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1391.989521][T10505] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1391.997485][T10505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1392.005456][T10505] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:32 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:32 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x5711, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$vga_arbiter(r3, &(0x7f00000001c0)=@other={'lock', ' ', 'mem'}, 0x9) ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f0000000100)) 03:59:32 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget(0x1, 0x1, 0x20) semop(r0, &(0x7f0000000000)=[{0x3, 0x80, 0x1800}, {0x3, 0x800, 0x1800}, {0x3, 0x8, 0x1800}, {0x2, 0x5, 0x800}, {0x2, 0x8}, {0x3, 0x5, 0x800}], 0x6) 03:59:32 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], 0x78) 03:59:32 executing program 1: setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000000)=0x6, 0x4) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f00000014c0), &(0x7f0000001500)=0x4) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r1 = semget(0x0, 0x2, 0x6) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000080)=[{0x3, 0xfbe1, 0x1800}], 0x1, &(0x7f0000000100)={r2, r3+10000000}) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000140)=[0x0, 0x2, 0x7, 0x3ff, 0x5]) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:32 executing program 0 (fault-call:7 fault-nth:47): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1392.215491][T10549] FAULT_INJECTION: forcing a failure. [ 1392.215491][T10549] name failslab, interval 1, probability 0, space 0, times 0 [ 1392.228163][T10549] CPU: 1 PID: 10549 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1392.236926][T10549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.246984][T10549] Call Trace: [ 1392.250258][T10549] dump_stack+0x137/0x19d [ 1392.254632][T10549] should_fail+0x23c/0x250 [ 1392.259111][T10549] __should_failslab+0x81/0x90 [ 1392.263873][T10549] ? io_issue_sqe+0x418f/0x6080 [ 1392.268806][T10549] should_failslab+0x5/0x20 [ 1392.273315][T10549] __kmalloc+0x66/0x360 [ 1392.277458][T10549] ? rw_verify_area+0x136/0x250 [ 1392.282325][T10549] io_issue_sqe+0x418f/0x6080 [ 1392.287010][T10549] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1392.292387][T10549] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1392.298199][T10549] ? __io_queue_proc+0x99/0x260 [ 1392.303050][T10549] ? vga_arb_write+0x17d0/0x17d0 [ 1392.307986][T10549] ? io_async_queue_proc+0x3f/0x50 [ 1392.313089][T10549] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1392.318454][T10549] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1392.324257][T10549] ? try_to_wake_up+0x353/0x470 [ 1392.329106][T10549] ? io_wqe_enqueue+0x457/0x4d0 [ 1392.333954][T10549] ? io_wq_enqueue+0x3a/0x40 [ 1392.338569][T10549] ? io_queue_async_work+0x18d/0x230 [ 1392.343947][T10549] __io_queue_sqe+0xe9/0x3a0 [ 1392.348541][T10549] io_queue_sqe+0x6d/0x160 [ 1392.353037][T10549] io_submit_sqe+0x15c7/0x30c0 [ 1392.357880][T10549] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:32 executing program 2: sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0x53e}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x10) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x1, 0x7fff}], 0x1, 0x0) r1 = accept(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, 0x3, 0x7, 0x3, 0x0, 0x0, {0xc, 0x0, 0x9}, [@NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7fffffff}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) semop(r0, &(0x7f0000000180)=[{0x0, 0x8, 0x1000}], 0x1) 03:59:32 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmmsg$sock(r2, &(0x7f0000000a00)=[{{&(0x7f0000000040)=@qipcrtr={0x2a, 0xffffffff, 0xbffe}, 0x80, &(0x7f0000000480)=[{&(0x7f00000000c0)="fa1c449a25f9f9c3644c563f275fec0a6c0a1d3de7df2ee4403892aae507abf3c70c4c2f3353f34a542c48e4be6913edf01038018b87c635d3b887b42e61423fa2d071b5dfbbb904e5a6a116823efe6ce1e76b525671cd1a6be3ec78464884239bc17f81ba257bbe300621dfa4de560b0d9cbbc849195131248d1081959c15318bff4146f70f2d53", 0x88}, {&(0x7f00000001c0)="90d2bad90ac2fd7b6b8087bff27abbc2443d0b56021c9f1af878c7b6474769fa052935f56f51f9058093ade285dff59b695eb69349f17e50d34561f796e26807aac6b1ede8afe0f528a99fb63c7982f12018446df82fcc6179d659e395bd76a5cedf29fa60f1ad72c42a064d9a30142557c6893264184acd24d10661a675a129798008d85151275ab545cd4d587904f8a25ca5e9f1ab1083f318e20faf46450e59ef2fb2e2df3bcbe02143875a3a41751603511ae236357ce4846c8793a7c8dae4a6935afff2fd1db983265a05086436cad9f38904", 0xd5}, {&(0x7f00000002c0)="5efca02f450ae4ceeecaf6f82fec92b7d16031c1b47e2d556a09b2cb0d19c3d5cc012f1614b1627af909adc546788a837aea395cb3787f57bbcb9ceab209ea402ddcb9ddc1fa74777e88f44fbf3deb18028e43abebd38a4b94b5e356bf64b3f8ca6be627f8f1ca542a037656bcd27cc3033c02e232fbd966b366293e3b524013c5b469787638307d1fe05730b3a5326b642e28cf1b1f3b7cd382d141500b865980788e168db594865e058cb4ec408806be79d91a29811dfa5898d487760dd864248fc61a1611ee8d9c626e6a0d4ecdeb044b873a179e7c52e355b023d1a86872e5", 0xe1}, {&(0x7f00000003c0)}, {&(0x7f0000000400)="97599bb114f046354791452b0b7b50d596e5aedd1b541c379842b37ce9bf515ea45e29c6fef60e0356c93d2a846f7d9d8fb3f676eac03b38c2ea25547c15", 0x3e}, {&(0x7f0000000440)="14d41d9fbc1e51c56154c865eacc3917a85a", 0x12}], 0x6, &(0x7f0000000500)=[@txtime={{0x18, 0x1, 0x3d, 0x81}}, @timestamping={{0x14, 0x1, 0x25, 0x1ff}}, @timestamping={{0x14}}, @txtime={{0x18, 0x1, 0x3d, 0xb6}}, @txtime={{0x18, 0x1, 0x3d, 0x1f}}, @timestamping={{0x14, 0x1, 0x25, 0x8}}], 0x90}}, {{&(0x7f00000005c0)=@in={0x2, 0x4e23, @remote}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000640)="bc174b86014ceac718a7e1bb14c2bb136a56c0e7d16a386d3f340139cdab934d745cf332fb74bb2b375a4c53bf2ae32be47016841941a609784192491006ed2e5b14f58250fee51598d6a66b915c4c1f7070fc9189c7c10a85bd365602000dc445039399020fa5e0cf6799d9af46c25d2f1cf88e444b310c4f11157e1b2c9cebf71424928c965de3cd162d3b145a1998a7d2801c794f16ee862f6d7c76ecdd0f00d563c44901010313b7a90792f66fab4cdacbb58bf67ee3a858cafc0718e42eacaeb65756dd1566eeffd5f19a3549cddc5b0cb2a71dbe3cb44be06534a2c38990a846a7", 0xe4}, {&(0x7f0000000740)="ce84ceede57cd23837ceefde2e73d6b7b4c03c047d388ecd04e9bd8009476073a13d1a082731ec7e71fad0c9ae00fb55978c5f1f6b3f8facf4701ecf3f3f8c35d458f23deb7afb884d2b355767a979fdb07af797386bc2b926d7d044a1d0adf7896037a54641db71d4555405c0d7", 0x6e}], 0x2}}, {{&(0x7f0000000800)=@l2={0x1f, 0x400, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x400, 0x2}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000880)="830dcc451475eb2c4a3c340a18cd024ea0", 0x11}, {&(0x7f00000008c0)="9ca52a0285c9b919ea9bea98ba56b641d2d3f2b3d0539e17d2e7eb75fd3c46e09b7ca42a16e75151e663706e200676f39642f6e5647947076e4c2e077a01326eecc35e222a15f5eeaf79c77bdf460b392c7b74d857abe1498dcc9c58096817fe76553f7350f9a44bee0e34cc7addf03c451063bb3e6d7bbd27cc2d9e80783d3f23b42280fe9e461c5c349141f9385aec934046d6e59d02c5a955a085f47609aba3c54f32b278e8d51a87ffdd238cb227119a332174da3e5367410bc8657854a53deac228b3c2390bc0200479c493c5c283c02eeba0da070c", 0xd8}], 0x2}}], 0x3, 0x40000) [ 1392.363331][T10549] io_submit_sqes+0x61f/0xaf0 [ 1392.368018][T10549] __se_sys_io_uring_enter+0x217/0xb20 [ 1392.373555][T10549] ? fput+0x2d/0x130 [ 1392.377460][T10549] __x64_sys_io_uring_enter+0x74/0x80 [ 1392.382851][T10549] do_syscall_64+0x34/0x50 [ 1392.387345][T10549] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1392.393240][T10549] RIP: 0033:0x4665f9 03:59:32 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {0x0, 0x7fff}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$IPC_STAT(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000001080)=""/177) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000080)=""/4096) [ 1392.397120][T10549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1392.416804][T10549] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1392.425299][T10549] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1392.433264][T10549] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1392.441299][T10549] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1392.449260][T10549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1392.457225][T10549] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:32 executing program 2: ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000000)={{0x1, 0x2, 0xfffffffd, 0x0, 0xfffffc00}}) semget$private(0x0, 0x7, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x10001, 0x0, 0x6}}) semtimedop(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x40}], 0x1, 0x0) r0 = semget(0x2, 0x3, 0x0) semctl$GETZCNT(r0, 0x2, 0xf, &(0x7f00000000c0)=""/221) 03:59:32 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x7, 0x0) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000080)=""/46) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$SETVAL(r0, 0x2, 0x10, &(0x7f0000000000)=0x7) 03:59:32 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x4, 0x400) semop(r1, &(0x7f0000000040)=[{0x3, 0x20, 0x46fd9506f5efacc1}, {0x0, 0xf47, 0x1000}, {0x4, 0xd07, 0x800}, {0x2, 0x2, 0x1000}], 0x4) semget(0x2, 0x1, 0x60) 03:59:32 executing program 0 (fault-call:7 fault-nth:48): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1392.756422][T10599] FAULT_INJECTION: forcing a failure. [ 1392.756422][T10599] name failslab, interval 1, probability 0, space 0, times 0 [ 1392.769131][T10599] CPU: 0 PID: 10599 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1392.777915][T10599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.788063][T10599] Call Trace: [ 1392.791334][T10599] dump_stack+0x137/0x19d [ 1392.795664][T10599] should_fail+0x23c/0x250 [ 1392.800077][T10599] __should_failslab+0x81/0x90 [ 1392.804896][T10599] ? io_issue_sqe+0x418f/0x6080 [ 1392.809848][T10599] should_failslab+0x5/0x20 [ 1392.814355][T10599] __kmalloc+0x66/0x360 [ 1392.818509][T10599] ? rw_verify_area+0x136/0x250 [ 1392.823408][T10599] io_issue_sqe+0x418f/0x6080 [ 1392.828087][T10599] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1392.833470][T10599] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1392.839301][T10599] ? __io_queue_proc+0x99/0x260 [ 1392.844894][T10599] ? vga_arb_write+0x17d0/0x17d0 [ 1392.849824][T10599] ? io_async_queue_proc+0x3f/0x50 03:59:33 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000240)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) 03:59:33 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0) clone3(&(0x7f0000000440)={0x4801000, &(0x7f0000000140)=0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0), {0x40}, &(0x7f0000000200)=""/244, 0xf4, &(0x7f0000000300)=""/216, &(0x7f0000000400)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x6, {r1}}, 0x58) copy_file_range(r2, &(0x7f00000004c0)=0x2d8, 0xffffffffffffffff, &(0x7f0000000500)=0x20, 0x9, 0x0) fallocate(r1, 0x2, 0x0, 0x101) semop(r0, &(0x7f0000000000)=[{0x0, 0x80}, {0x1, 0xfffb}], 0x2) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) lseek(r1, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, r3, 0x32e63000) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) [ 1392.854941][T10599] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1392.860321][T10599] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1392.866145][T10599] ? try_to_wake_up+0x353/0x470 [ 1392.871004][T10599] ? io_wqe_enqueue+0x457/0x4d0 [ 1392.875850][T10599] ? io_wq_enqueue+0x3a/0x40 [ 1392.880441][T10599] ? io_queue_async_work+0x18d/0x230 [ 1392.885796][T10599] __io_queue_sqe+0xe9/0x3a0 [ 1392.890388][T10599] io_queue_sqe+0x6d/0x160 [ 1392.894806][T10599] io_submit_sqe+0x15c7/0x30c0 [ 1392.899618][T10599] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1392.905188][T10599] io_submit_sqes+0x61f/0xaf0 [ 1392.909959][T10599] __se_sys_io_uring_enter+0x217/0xb20 [ 1392.915497][T10599] ? fput+0x2d/0x130 [ 1392.919464][T10599] __x64_sys_io_uring_enter+0x74/0x80 [ 1392.924843][T10599] do_syscall_64+0x34/0x50 [ 1392.929265][T10599] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1392.935159][T10599] RIP: 0033:0x4665f9 [ 1392.939046][T10599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1392.958715][T10599] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1392.967126][T10599] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1392.975189][T10599] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1392.983154][T10599] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1392.991120][T10599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1392.999085][T10599] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:33 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) mmap(&(0x7f00002f4000/0x1000)=nil, 0x1000, 0x4, 0x810, r2, 0x52b87000) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$VT_SETMODE(r4, 0x5602, &(0x7f0000000100)={0x4, 0x81, 0x6, 0x4ac, 0x3}) fsetxattr$security_capability(r3, &(0x7f0000000040), &(0x7f0000000080)=@v1={0x1000000, [{0xffffffff, 0x4}]}, 0xc, 0x3) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0x78) 03:59:33 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semtimedop(0xffffffffffffffff, &(0x7f0000000000)=[{0x1, 0x1, 0x1800}, {0x2, 0x6, 0x1000}, {0x2, 0x1000, 0x1000}, {0x3, 0x2d, 0x1000}, {0x6, 0x6, 0x1000}], 0x5, &(0x7f0000000080)) semop(0xffffffffffffffff, &(0x7f00000000c0)=[{0x3, 0x1000}, {0x2, 0xffff}, {0x2, 0x6, 0x1800}, {0x7, 0x5, 0x1800}, {0x2, 0x97, 0x800}, {0x2, 0x2, 0x800}], 0x6) 03:59:33 executing program 2: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r1 = semget$private(0x0, 0x0, 0x0) semop(r1, &(0x7f00000000c0)=[{0x2, 0x8080}, {0x0, 0x4008}], 0x2) semctl$SEM_STAT_ANY(0xffffffffffffffff, 0x3, 0x14, &(0x7f0000000000)=""/8) r2 = semget$private(0x0, 0x2, 0x44a) semop(r2, &(0x7f0000000080)=[{0x2, 0x3f}, {0x3, 0xfff9, 0x1800}, {0x0, 0x7}, {0x4, 0x683c, 0x800}, {0x4, 0x6, 0x1800}, {0x0, 0x2, 0x1000}, {0x2, 0x8, 0x1000}], 0x7) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:33 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000080)=0x7) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x280000, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(r2, &(0x7f00000002c0)='.pending_reads\x00', 0x208000, 0x2a) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xf8, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x6, 0x4, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x2}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x2}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x20040000}, 0x1) 03:59:33 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:33 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_setup(0x16e0, &(0x7f0000000240)={0x0, 0x230b, 0x20, 0x2, 0x138, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000100), &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = syz_open_dev$vcsu(&(0x7f00000002c0), 0x8, 0x80) write$vga_arbiter(r3, &(0x7f0000000300), 0xf) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r4 = syz_open_dev$vcsu(&(0x7f0000000340), 0x6, 0x1) preadv(r4, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/17, 0x11}], 0x1, 0x80, 0x80) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:33 executing program 1: ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f00000001c0)) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x208000, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xa0dd268b4286f76a}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c000000000b010100ad034000000001080002400000000508000340000000016fc10720bf9a00020800024000000004aa357a6cd895d4d2cf82d5e6df11"], 0x3c}, 0x1, 0x0, 0x0, 0x11}, 0x0) semop(0x0, &(0x7f00000000c0)=[{0x0, 0x80, 0x800}, {0x0, 0x0, 0x1000}], 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000040)={0xb}) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:33 executing program 0 (fault-call:7 fault-nth:49): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:33 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x10c) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c46002004d30300000000000000020003000500000007020000000000004000000000000000eb0200000000000003000000030038000200070003009800070000004dc800000300000000000000040000000000000043d500000000000007000000000000000800000000000000000800000000000036bd8356591654aa59a4d76ff5e3e23c304fef51eb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f574b1970000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007c212856000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400"/2436], 0x98d) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) r4 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r4, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r6 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r5}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000001100)={0x4, &(0x7f0000000cc0)=[{0x8, 0x1, 0x7, 0xbfe}, {0x400, 0x1, 0x0, 0x4}, {0xa23, 0x3f, 0x2, 0x4}, {0x0, 0x7f, 0x0, 0x5}]}) sync_file_range(r7, 0x8, 0x101, 0x4) sendmmsg$inet6(r3, &(0x7f0000001080)=[{{&(0x7f0000000100)={0xa, 0x4e23, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c, &(0x7f0000000dc0)=[{&(0x7f0000000b80)="734c6e6394651ecaedc9cfaf8a9dec54634e6eca5d3a1bc03469d4e4aea3208bd9c700c6c9428de8024c0d0c4de8b192b6ad1bfb5f97f421a85a94147f9e391473d6cea748cb1f1edc8263354204ae29a5139befe845e77113934657b575dd50d18cd67f111e5a84083f6937f65889110870661e70f6889eed2a5a9878026d6aa1f468f47fc58820f17ca070217b3984b48e7eb83f2a6d8b66866175d82c75afc615272fdf6e5696889c30935a43e184210e08aa373698f0cd3e67", 0xbb}, {&(0x7f0000000140)="18608bbea53bc81569dc172e19e1ae704fd29fa108825de51306b33556", 0x1d}, {&(0x7f0000000c40)="1ca2368003ceb9a7159ca223bec2892662aa18d01d4c7583a251635c1990b02bfc94317710c8", 0x26}, {&(0x7f0000000c80)="f9ed4c4d868ef328e9b79b22ce734cacdb0c4658f847ac1cfcd04b63", 0x1c}, {&(0x7f0000001140)="d93f2d97f49469c89902d1dad55c503faad5d8711aaebc38ce215ee20da3b0d661648cc3ea5360ae117fcea6880b30b7fce7388eb52c2efe1593795feb4c6c0179d349971748915c28ed0b829948e028982299cee75c7830e3320c0978d35604eb9683e31902263f9958fe828e7cb248181f511fb8ed9ddcfddbe53091f8e530d6ebd0d3aa4f6e1584b60aae4e60f384fc95f67997bdeb91c98d280e2b0798e9fa4a8938b00fe8c92d42f2a76a0db6cf1f1472fa909df8ddc5a31bda9a3204e19de39c78874fa1215125ba92cfae0e9c9bda00c2973601007ca8b5c298b07e49d59ce9331739482d199e9dd86bb69bb9532a4d4d2df2d7a9a3bc48339f4cb73940c2b3e90d736ba56d7ba1b5cbbd34521746604fccd0f82a68b20b2f7280620a4045ddd2655704372d5a321582612507361d5cf9fd522058a7b8cde09774f1be2d92b2cddf40427d59984c83e2b99ce3fbbcb21cb5ad82a01471c30e3114f60e462e063e621982e3f5b3547ef07b5b42cf5d116aad18a660eab83c461861aafdb9a5300cf09fcf5b2ff63e7978c1bcb5c630", 0x192}], 0x5, &(0x7f0000000e40)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x8000}}, @rthdr={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x1, 0x3, 0x0, [@private2, @empty]}}}, @flowinfo={{0x14, 0x29, 0xb, 0xffffffff}}, @hoplimit={{0x14, 0x29, 0x34, 0x1}}, @rthdrdstopts={{0x80, 0x29, 0x37, {0x2e, 0xc, '\x00', [@calipso={0x7, 0x40, {0x2, 0xe, 0xe0, 0x7ff, [0x10000, 0x8d6, 0xffffffffffffffff, 0x5, 0x3, 0xbf, 0xf06d]}}, @jumbo={0xc2, 0x4, 0x401}, @enc_lim={0x4, 0x1, 0xa8}, @enc_lim={0x4, 0x1, 0x8}, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @jumbo={0xc2, 0x4, 0x3}, @pad1]}}}, @pktinfo={{0x24, 0x29, 0x32, {@private2, r5}}}, @hopopts_2292={{0x50, 0x29, 0x36, {0x4, 0x7, '\x00', [@enc_lim={0x4, 0x1, 0xd9}, @pad1, @calipso={0x7, 0x30, {0x0, 0xa, 0x9, 0x1f, [0x4, 0x0, 0x1, 0x80, 0xab]}}]}}}], 0x178}}], 0x1, 0x4001) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$PIO_SCRNMAP(r3, 0x4b41, &(0x7f0000000080)="0032eb09d50592f76bff46a9e23f8330f031d9773d1f99") [ 1393.399685][T10661] FAULT_INJECTION: forcing a failure. [ 1393.399685][T10661] name failslab, interval 1, probability 0, space 0, times 0 [ 1393.412399][T10661] CPU: 0 PID: 10661 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1393.421171][T10661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 03:59:33 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) [ 1393.421183][T10661] Call Trace: [ 1393.421189][T10661] dump_stack+0x137/0x19d [ 1393.421261][T10661] should_fail+0x23c/0x250 [ 1393.421277][T10661] __should_failslab+0x81/0x90 [ 1393.421293][T10661] ? io_issue_sqe+0x418f/0x6080 [ 1393.421311][T10661] should_failslab+0x5/0x20 [ 1393.421328][T10661] __kmalloc+0x66/0x360 [ 1393.421342][T10661] ? rw_verify_area+0x136/0x250 [ 1393.421437][T10661] io_issue_sqe+0x418f/0x6080 [ 1393.421453][T10661] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1393.421470][T10661] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1393.421488][T10661] ? __io_queue_proc+0x99/0x260 [ 1393.421516][T10661] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1393.421588][T10661] ? vga_arb_write+0x17d0/0x17d0 [ 1393.421604][T10661] ? io_async_queue_proc+0x3f/0x50 [ 1393.421621][T10661] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1393.421708][T10661] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1393.421725][T10661] ? try_to_wake_up+0x353/0x470 [ 1393.421797][T10661] ? io_wqe_enqueue+0x457/0x4d0 03:59:33 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000100), 0x1, 0x40080) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000140)) semop(0x0, &(0x7f0000000000)=[{0x2, 0x1f, 0x800}, {0x0, 0x4, 0x1000}, {0x3, 0xfffd, 0x3800}, {0x3, 0x3}, {0x3, 0x9, 0x800}, {0x5, 0x8, 0x1000}, {0x2, 0x1, 0x1800}, {0x1, 0x7, 0x800}], 0x8) semctl$IPC_RMID(0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) semtimedop(0x0, &(0x7f0000000040)=[{0x2, 0x5, 0x800}, {0x3, 0x1, 0x1800}, {0x33538113ec4196c4, 0x101, 0x800}, {0x0, 0x8000, 0x1800}, {0x3, 0x5, 0x1000}], 0x5, &(0x7f00000000c0)={r1, r2+60000000}) [ 1393.421813][T10661] ? io_wq_enqueue+0x3a/0x40 [ 1393.421825][T10661] ? io_queue_async_work+0x18d/0x230 [ 1393.421841][T10661] __io_queue_sqe+0xe9/0x3a0 [ 1393.421857][T10661] io_queue_sqe+0x6d/0x160 [ 1393.421874][T10661] io_submit_sqe+0x15c7/0x30c0 [ 1393.421958][T10661] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1393.422041][T10661] io_submit_sqes+0x61f/0xaf0 [ 1393.422063][T10661] __se_sys_io_uring_enter+0x217/0xb20 [ 1393.422080][T10661] ? fput+0x2d/0x130 [ 1393.422111][T10661] __x64_sys_io_uring_enter+0x74/0x80 [ 1393.422131][T10661] do_syscall_64+0x34/0x50 [ 1393.422153][T10661] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1393.422172][T10661] RIP: 0033:0x4665f9 03:59:33 executing program 0 (fault-call:7 fault-nth:50): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1393.422183][T10661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1393.422274][T10661] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1393.422289][T10661] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1393.422299][T10661] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1393.422318][T10661] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1393.422328][T10661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1393.422339][T10661] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1393.736927][T10687] FAULT_INJECTION: forcing a failure. [ 1393.736927][T10687] name failslab, interval 1, probability 0, space 0, times 0 [ 1393.772916][T10687] CPU: 1 PID: 10687 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1393.772993][T10687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1393.791807][T10687] Call Trace: [ 1393.791817][T10687] dump_stack+0x137/0x19d [ 1393.791836][T10687] should_fail+0x23c/0x250 [ 1393.791849][T10687] __should_failslab+0x81/0x90 [ 1393.791866][T10687] ? io_arm_poll_handler+0x15e/0x420 [ 1393.791945][T10687] should_failslab+0x5/0x20 [ 1393.791961][T10687] kmem_cache_alloc_trace+0x49/0x320 [ 1393.791978][T10687] io_arm_poll_handler+0x15e/0x420 [ 1393.792003][T10687] ? io_wq_enqueue+0x3a/0x40 [ 1393.792091][T10687] ? io_queue_async_work+0x18d/0x230 [ 1393.792184][T10687] __io_queue_sqe+0x133/0x3a0 [ 1393.792207][T10687] io_queue_sqe+0x6d/0x160 [ 1393.792230][T10687] io_submit_sqe+0x15c7/0x30c0 [ 1393.792255][T10687] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1393.792278][T10687] io_submit_sqes+0x61f/0xaf0 [ 1393.792302][T10687] __se_sys_io_uring_enter+0x217/0xb20 [ 1393.792376][T10687] ? fput+0x2d/0x130 [ 1393.792418][T10687] __x64_sys_io_uring_enter+0x74/0x80 [ 1393.792453][T10687] do_syscall_64+0x34/0x50 [ 1393.792470][T10687] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1393.792490][T10687] RIP: 0033:0x4665f9 [ 1393.792502][T10687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:59:34 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = syz_io_uring_complete(0x0) ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000040)) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:34 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r5) fsetxattr$security_capability(r3, &(0x7f0000000100), &(0x7f00000001c0)=@v3={0x3000000, [{0x3, 0xffffffff}, {0x9, 0x5}], r5}, 0x18, 0x3) 03:59:34 executing program 0 (fault-call:7 fault-nth:51): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1393.792517][T10687] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1393.792548][T10687] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1393.792557][T10687] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1393.792567][T10687] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1393.792579][T10687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1393.792669][T10687] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1394.017220][T10708] FAULT_INJECTION: forcing a failure. [ 1394.017220][T10708] name failslab, interval 1, probability 0, space 0, times 0 [ 1394.017243][T10708] CPU: 0 PID: 10708 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1394.017261][T10708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1394.017271][T10708] Call Trace: [ 1394.017277][T10708] dump_stack+0x137/0x19d [ 1394.017300][T10708] should_fail+0x23c/0x250 [ 1394.017326][T10708] __should_failslab+0x81/0x90 03:59:34 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) [ 1394.017347][T10708] should_failslab+0x5/0x20 [ 1394.017439][T10708] kmem_cache_alloc_bulk+0x40/0x380 [ 1394.017456][T10708] io_submit_sqes+0x515/0xaf0 [ 1394.017477][T10708] __se_sys_io_uring_enter+0x217/0xb20 [ 1394.017498][T10708] ? fput+0x2d/0x130 [ 1394.017520][T10708] __x64_sys_io_uring_enter+0x74/0x80 [ 1394.017597][T10708] do_syscall_64+0x34/0x50 [ 1394.017617][T10708] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1394.017637][T10708] RIP: 0033:0x4665f9 [ 1394.017647][T10708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1394.017661][T10708] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:59:34 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) mmap(&(0x7f00005ac000/0x1000)=nil, 0x1000, 0x1000000, 0x100010, r2, 0xce26000) mmap(&(0x7f00005ab000/0x2000)=nil, 0x2000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b2c21dca10fc2338f2a073bb4d5af605c62e8ca23584cba16dd9d3938000008000069b90980ed891f3350006655a40d8500ce380900000000"], 0x78) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_script(r3, &(0x7f0000000140)={'#! ', './file0', [{0x20, '}*'}, {0x20, '%'}]}, 0x10) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000080)="37d511d8b87564071bf5822ca095991c86aaa3e4c254043ba15780e8bf7b4cdef3e2b04e32a985ca39e9eec89010") 03:59:34 executing program 0 (fault-call:7 fault-nth:52): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1394.017676][T10708] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1394.017708][T10708] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1394.017719][T10708] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1394.017730][T10708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1394.017741][T10708] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1394.583133][T10744] FAULT_INJECTION: forcing a failure. [ 1394.583133][T10744] name failslab, interval 1, probability 0, space 0, times 0 [ 1394.595783][T10744] CPU: 1 PID: 10744 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1394.604549][T10744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1394.614617][T10744] Call Trace: [ 1394.617896][T10744] dump_stack+0x137/0x19d [ 1394.622238][T10744] should_fail+0x23c/0x250 [ 1394.626658][T10744] __should_failslab+0x81/0x90 03:59:34 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget$private(0x0, 0x7, 0x0) r1 = semget(0x1, 0x2, 0x10) semtimedop(r1, &(0x7f0000000080)=[{0x0, 0x535, 0x1800}, {0x0, 0x1, 0x800}, {0x3, 0x1, 0x1000}], 0x3, &(0x7f00000000c0)) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xb10}], 0x1, 0x0) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r2, 0x0, 0x0) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r3, 0x0, 0x0) [ 1394.631427][T10744] ? io_issue_sqe+0x418f/0x6080 [ 1394.636285][T10744] should_failslab+0x5/0x20 [ 1394.640877][T10744] __kmalloc+0x66/0x360 [ 1394.645039][T10744] ? rw_verify_area+0x136/0x250 [ 1394.649972][T10744] io_issue_sqe+0x418f/0x6080 [ 1394.654665][T10744] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1394.660052][T10744] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1394.665919][T10744] ? __io_queue_proc+0x99/0x260 [ 1394.670776][T10744] ? vga_arb_write+0x17d0/0x17d0 [ 1394.675857][T10744] ? io_async_queue_proc+0x3f/0x50 [ 1394.680976][T10744] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1394.686355][T10744] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1394.692167][T10744] ? try_to_wake_up+0x353/0x470 [ 1394.697073][T10744] ? io_wqe_enqueue+0x457/0x4d0 [ 1394.701924][T10744] ? io_wq_enqueue+0x3a/0x40 [ 1394.706514][T10744] ? io_queue_async_work+0x18d/0x230 [ 1394.711805][T10744] __io_queue_sqe+0xe9/0x3a0 [ 1394.716399][T10744] io_queue_sqe+0x6d/0x160 [ 1394.720823][T10744] io_submit_sqe+0x15c7/0x30c0 [ 1394.725668][T10744] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1394.731218][T10744] io_submit_sqes+0x61f/0xaf0 [ 1394.736001][T10744] __se_sys_io_uring_enter+0x217/0xb20 [ 1394.741544][T10744] ? fput+0x2d/0x130 [ 1394.745447][T10744] __x64_sys_io_uring_enter+0x74/0x80 [ 1394.750824][T10744] do_syscall_64+0x34/0x50 [ 1394.755442][T10744] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1394.761425][T10744] RIP: 0033:0x4665f9 [ 1394.765319][T10744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1394.785031][T10744] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1394.793447][T10744] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1394.801427][T10744] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1394.809408][T10744] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1394.817420][T10744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1394.825396][T10744] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:35 executing program 3: ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000180)=0x1) preadv(r1, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/189, 0xbd}, {&(0x7f00000004c0)=""/190, 0xbe}, {&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000001580)=""/184, 0xb8}, {&(0x7f0000001640)=""/182, 0xb6}, {&(0x7f0000001700)=""/149, 0x95}, {&(0x7f00000017c0)=""/204, 0xcc}, {&(0x7f00000018c0)=""/221, 0xdd}], 0x8, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b5b073b393800f50e79a8a6415a6b25670900080300000009000000000000080000006dac1ff3bbd756e70f10421698fd85652f5ed6a157419dd5145520209c3b98df0f8fb534ea22bc5a6c23bf9c10ec0525a7134d4296a01178ebd49eadb736b17951db968f2e7dd4f8fc0383f36e16209a129124ae9f5c319f566bf870480098e8879c40c689c3d23a744545cfbcdd327fa3d0da6941b621d1362f322e5a5a20007fffb3f65353972137156b72c5591b6a7f1df263b8e1a44e5e5dac819f243af25801a3c68b0d7b985c23700881106d380e75ffc9df883f479cc4a60c79867fde28dd3b49f731d0d19f5e7887583c5c65816242b68066c2039a4ccbc66e93100260169b33a3ace37e1205e0a00707d4d746cb2d"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r3 = open_tree(r1, &(0x7f0000000140)='./file0\x00', 0x100) connect$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e20, 0x7, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}, 0x8}, 0x1c) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x100) r5 = openat$cgroup_subtree(r1, &(0x7f0000000040), 0x2, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f00000000c0)={0x6, 0x0, &(0x7f0000000080)=[r1, r2, r4, r0, r5, r6]}, 0x6) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000280)) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x3) write$binfmt_aout(r7, &(0x7f0000000c40)=ANY=[], 0x736) ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000100)) 03:59:35 executing program 0 (fault-call:7 fault-nth:53): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1395.033181][T10764] FAULT_INJECTION: forcing a failure. [ 1395.033181][T10764] name failslab, interval 1, probability 0, space 0, times 0 [ 1395.045853][T10764] CPU: 0 PID: 10764 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1395.054619][T10764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1395.064681][T10764] Call Trace: [ 1395.067969][T10764] dump_stack+0x137/0x19d [ 1395.072313][T10764] should_fail+0x23c/0x250 [ 1395.076738][T10764] __should_failslab+0x81/0x90 [ 1395.081519][T10764] ? io_arm_poll_handler+0x15e/0x420 [ 1395.086902][T10764] should_failslab+0x5/0x20 [ 1395.091486][T10764] kmem_cache_alloc_trace+0x49/0x320 [ 1395.096805][T10764] io_arm_poll_handler+0x15e/0x420 [ 1395.101929][T10764] ? io_wq_enqueue+0x3a/0x40 [ 1395.106527][T10764] ? io_queue_async_work+0x18d/0x230 [ 1395.111869][T10764] __io_queue_sqe+0x133/0x3a0 [ 1395.116633][T10764] io_queue_sqe+0x6d/0x160 [ 1395.121059][T10764] io_submit_sqe+0x15c7/0x30c0 [ 1395.125943][T10764] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1395.131408][T10764] io_submit_sqes+0x61f/0xaf0 [ 1395.136116][T10764] __se_sys_io_uring_enter+0x217/0xb20 [ 1395.141643][T10764] ? fput+0x2d/0x130 [ 1395.145580][T10764] __x64_sys_io_uring_enter+0x74/0x80 [ 1395.151037][T10764] do_syscall_64+0x34/0x50 [ 1395.155463][T10764] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1395.161437][T10764] RIP: 0033:0x4665f9 03:59:35 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) utimes(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{r2, r3/1000+10000}, {0x0, 0xea60}}) [ 1395.165332][T10764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1395.184939][T10764] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1395.193355][T10764] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1395.201330][T10764] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1395.209309][T10764] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1395.217353][T10764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1395.225329][T10764] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:35 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) mmap(&(0x7f00005ac000/0x1000)=nil, 0x1000, 0x1000000, 0x100010, r2, 0xce26000) mmap(&(0x7f00005ab000/0x2000)=nil, 0x2000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b2c21dca10fc2338f2a073bb4d5af605c62e8ca23584cba16dd9d3938000008000069b90980ed891f3350006655a40d8500ce380900000000"], 0x78) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_script(r3, &(0x7f0000000140)={'#! ', './file0', [{0x20, '}*'}, {0x20, '%'}]}, 0x10) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000080)="37d511d8b87564071bf5822ca095991c86aaa3e4c254043ba15780e8bf7b4cdef3e2b04e32a985ca39e9eec89010") 03:59:35 executing program 0 (fault-call:7 fault-nth:54): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:35 executing program 4: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)={0x44, r0, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x40088e0}, 0x8080000) r2 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee7000/0x1000)=nil, 0x1000, 0x2000001, 0x10010, r2, 0x8000000) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r6, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r8, 0x0, 0x0}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r7, &(0x7f0000000100)=@IORING_OP_ASYNC_CANCEL={0xe, 0x3, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x0, {0x0, r9}}, 0x8) io_uring_enter(r2, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1395.575945][T10789] FAULT_INJECTION: forcing a failure. [ 1395.575945][T10789] name failslab, interval 1, probability 0, space 0, times 0 [ 1395.588624][T10789] CPU: 1 PID: 10789 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1395.597388][T10789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1395.607446][T10789] Call Trace: [ 1395.610730][T10789] dump_stack+0x137/0x19d [ 1395.615107][T10789] should_fail+0x23c/0x250 [ 1395.619572][T10789] __should_failslab+0x81/0x90 [ 1395.624361][T10789] ? io_issue_sqe+0x418f/0x6080 [ 1395.629263][T10789] should_failslab+0x5/0x20 [ 1395.633766][T10789] __kmalloc+0x66/0x360 [ 1395.637918][T10789] ? rw_verify_area+0x136/0x250 [ 1395.642768][T10789] io_issue_sqe+0x418f/0x6080 [ 1395.647449][T10789] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1395.652847][T10789] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1395.658876][T10789] ? __io_queue_proc+0x99/0x260 [ 1395.663709][T10789] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1395.669260][T10789] ? vga_arb_write+0x17d0/0x17d0 [ 1395.674188][T10789] ? io_async_queue_proc+0x3f/0x50 [ 1395.679297][T10789] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1395.684656][T10789] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1395.690487][T10789] ? try_to_wake_up+0x353/0x470 [ 1395.695386][T10789] ? io_wqe_enqueue+0x457/0x4d0 [ 1395.700264][T10789] ? io_wq_enqueue+0x3a/0x40 [ 1395.704851][T10789] ? io_queue_async_work+0x18d/0x230 [ 1395.710123][T10789] __io_queue_sqe+0xe9/0x3a0 [ 1395.714794][T10789] io_queue_sqe+0x6d/0x160 [ 1395.719214][T10789] io_submit_sqe+0x15c7/0x30c0 [ 1395.724017][T10789] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1395.729478][T10789] io_submit_sqes+0x61f/0xaf0 [ 1395.734158][T10789] __se_sys_io_uring_enter+0x217/0xb20 [ 1395.739616][T10789] ? fput+0x2d/0x130 [ 1395.743569][T10789] __x64_sys_io_uring_enter+0x74/0x80 [ 1395.748946][T10789] do_syscall_64+0x34/0x50 [ 1395.753395][T10789] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1395.759303][T10789] RIP: 0033:0x4665f9 [ 1395.763188][T10789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1395.782791][T10789] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1395.791197][T10789] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1395.799164][T10789] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1395.807136][T10789] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1395.815099][T10789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1395.823066][T10789] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:36 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semget(0x0, 0x0, 0x40) semget$private(0x0, 0x1, 0x80) semget(0x2, 0x1, 0x248) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x6, 0x1800}, {0x4, 0x84, 0x1000}, {0x2}], 0x3) semget(0x0, 0x4, 0x400) r1 = semget$private(0x0, 0x7, 0x20b) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r1, 0x0, 0x0) 03:59:36 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, &(0x7f0000000080)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b39387fc59d5c59eb9afb0000080000000009000000000000080000006d"], 0x78) 03:59:36 executing program 1: semop(0x0, &(0x7f0000000000)=[{0x1, 0x3, 0x800}], 0x1) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$GETALL(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000040)=""/4) 03:59:36 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$SEM_STAT_ANY(r0, 0x0, 0x14, &(0x7f00000000c0)=""/208) r1 = semget$private(0x0, 0x1, 0x10) semget$private(0x0, 0x2, 0x0) semop(0xffffffffffffffff, &(0x7f00000011c0)=[{0x0, 0x4, 0x800}, {0x0, 0xaa, 0x800}, {0x2, 0x7, 0x1000}, {0x0, 0x79e}, {0x3, 0x3, 0x800}], 0x5) semctl$GETALL(r1, 0x0, 0xd, &(0x7f00000001c0)=""/4096) semctl$IPC_RMID(r1, 0x0, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) semtimedop(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x0, 0x3938700}) r2 = semget(0x2, 0x3, 0x8) semop(r2, &(0x7f0000000000)=[{0x4, 0x5}], 0x1) 03:59:36 executing program 0 (fault-call:7 fault-nth:55): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:36 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) [ 1396.183812][T10827] FAULT_INJECTION: forcing a failure. [ 1396.183812][T10827] name failslab, interval 1, probability 0, space 0, times 0 [ 1396.196468][T10827] CPU: 0 PID: 10827 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1396.205224][T10827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.215300][T10827] Call Trace: [ 1396.218579][T10827] dump_stack+0x137/0x19d [ 1396.222919][T10827] should_fail+0x23c/0x250 [ 1396.227328][T10827] __should_failslab+0x81/0x90 [ 1396.232095][T10827] ? io_arm_poll_handler+0x15e/0x420 [ 1396.237520][T10827] should_failslab+0x5/0x20 [ 1396.242009][T10827] kmem_cache_alloc_trace+0x49/0x320 [ 1396.247356][T10827] io_arm_poll_handler+0x15e/0x420 [ 1396.252481][T10827] ? io_wq_enqueue+0x3a/0x40 [ 1396.257095][T10827] ? io_queue_async_work+0x18d/0x230 [ 1396.262382][T10827] __io_queue_sqe+0x133/0x3a0 [ 1396.267065][T10827] io_queue_sqe+0x6d/0x160 [ 1396.271511][T10827] io_submit_sqe+0x15c7/0x30c0 [ 1396.276319][T10827] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1396.281779][T10827] io_submit_sqes+0x61f/0xaf0 [ 1396.286471][T10827] __se_sys_io_uring_enter+0x217/0xb20 [ 1396.291934][T10827] ? fput+0x2d/0x130 [ 1396.295925][T10827] __x64_sys_io_uring_enter+0x74/0x80 [ 1396.295950][T10827] do_syscall_64+0x34/0x50 [ 1396.295973][T10827] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1396.311590][T10827] RIP: 0033:0x4665f9 03:59:36 executing program 4: ioctl$CHAR_RAW_DISCARD(0xffffffffffffffff, 0x1277, &(0x7f00000002c0)) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000280)=@req={0x28, &(0x7f0000000240)={'team_slave_0\x00', @ifru_flags}}) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) sendto$inet6(r0, &(0x7f0000000100)="a2ac0800000000000000b24f62bbf6904442bbc1474cd75b7cfe5890b5450c377f387c2c0000008e234a960cbe5037bc14b67e510000000000000000", 0x3c, 0x20000080, &(0x7f00000001c0)={0xa, 0x4e24, 0x4ba, @local, 0xc90}, 0x1c) r1 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r1, 0x400450a, 0x0, 0x0, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)={{0x107, 0x9, 0x6a, 0x36a, 0x135, 0xf50, 0xa1, 0x5}, "4bbdcc6bcb64cc7afcce8fe6dce04ec936037844a20e30a0ec93198a284c28393f5cbee502063dad7eb14ac3d9b14cd51c32df"}, 0x53) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x1, 0x1010, r4, 0x8000000) 03:59:36 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) fstat(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$SEM_INFO(r3, 0x3, 0x13, &(0x7f0000000300)=""/220) setuid(r2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000180)={{0x1, r0, 0xee01, r2, r4, 0x2, 0x80}, 0x2, 0x8}) semctl$IPC_RMID(0x0, 0x0, 0x0) r5 = semget$private(0x0, 0x7, 0x0) semop(r5, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r5, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r5, &(0x7f0000000000)=[{0x1, 0x6, 0x1800}, {0x1, 0x201f, 0x800}, {0x4, 0x8}, {0x4, 0x7ff, 0x1800}], 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200), &(0x7f00000002c0)=0xc) 03:59:36 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = accept$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) mmap(&(0x7f00005ac000/0x1000)=nil, 0x1000, 0x1000000, 0x100010, r2, 0xce26000) mmap(&(0x7f00005ab000/0x2000)=nil, 0x2000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b2c21dca10fc2338f2a073bb4d5af605c62e8ca23584cba16dd9d3938000008000069b90980ed891f3350006655a40d8500ce380900000000"], 0x78) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_script(r3, &(0x7f0000000140)={'#! ', './file0', [{0x20, '}*'}, {0x20, '%'}]}, 0x10) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000080)="37d511d8b87564071bf5822ca095991c86aaa3e4c254043ba15780e8bf7b4cdef3e2b04e32a985ca39e9eec89010") [ 1396.315485][T10827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1396.335179][T10827] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1396.343640][T10827] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1396.351613][T10827] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1396.359592][T10827] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1396.367565][T10827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1396.375555][T10827] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:36 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:36 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x4, 0x3, 0x800}], 0x1) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000280)=""/178) semctl$GETZCNT(r0, 0x0, 0xf, &(0x7f0000000180)=""/206) 03:59:36 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget(0x1, 0x3, 0x40) semctl$IPC_RMID(r0, 0x0, 0x0) 03:59:36 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f0000000000)=[{0x4, 0x100, 0x1000}], 0x1) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r0, &(0x7f0000000080)=[{0x3, 0x8, 0x1000}, {0x3, 0xfffb, 0x1800}, {0x4, 0x5, 0x800}], 0x3, &(0x7f0000000140)={r1, r2+10000000}) 03:59:37 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r3, 0x8008f513, &(0x7f0000000100)) 03:59:37 executing program 0 (fault-call:7 fault-nth:56): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:37 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000080000006d00"/25], 0x78) 03:59:37 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$GETNCNT(0x0, 0x3, 0xe, &(0x7f0000000080)=""/205) semget(0x2, 0x1, 0x200) semctl$IPC_RMID(0x0, 0x0, 0x0) semget(0x0, 0x1, 0x430) [ 1396.859483][T10889] FAULT_INJECTION: forcing a failure. [ 1396.859483][T10889] name failslab, interval 1, probability 0, space 0, times 0 [ 1396.872204][T10889] CPU: 1 PID: 10889 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1396.881002][T10889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.891161][T10889] Call Trace: [ 1396.894451][T10889] dump_stack+0x137/0x19d [ 1396.898776][T10889] should_fail+0x23c/0x250 [ 1396.903187][T10889] __should_failslab+0x81/0x90 03:59:37 executing program 1: semop(0x0, &(0x7f0000000000)=[{0x0, 0x44, 0x1800}, {0x4, 0x864b, 0x1800}, {0x4, 0xd46, 0xc00}, {0x0, 0x104}], 0x4) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000040)={{0x1, 0x0, 0xee01, 0xee01, 0xffffffffffffffff, 0xcb, 0x2800}, 0x7, 0x2ca5, 0x0, 0x0, 0x0, 0x0, 0xffa9}) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1396.907941][T10889] ? io_issue_sqe+0x418f/0x6080 [ 1396.912787][T10889] should_failslab+0x5/0x20 [ 1396.917285][T10889] __kmalloc+0x66/0x360 [ 1396.921425][T10889] ? rw_verify_area+0x136/0x250 [ 1396.926275][T10889] io_issue_sqe+0x418f/0x6080 [ 1396.931034][T10889] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1396.937805][T10889] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1396.943614][T10889] ? __io_queue_proc+0x99/0x260 [ 1396.948525][T10889] ? vga_arb_write+0x17d0/0x17d0 [ 1396.953581][T10889] ? io_async_queue_proc+0x3f/0x50 [ 1396.958697][T10889] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1396.964167][T10889] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1396.970072][T10889] ? try_to_wake_up+0x353/0x470 [ 1396.974948][T10889] ? io_wqe_enqueue+0x457/0x4d0 [ 1396.979796][T10889] ? io_wq_enqueue+0x3a/0x40 [ 1396.984381][T10889] ? io_queue_async_work+0x18d/0x230 [ 1396.989665][T10889] __io_queue_sqe+0xe9/0x3a0 [ 1396.994258][T10889] io_queue_sqe+0x6d/0x160 [ 1396.998702][T10889] io_submit_sqe+0x15c7/0x30c0 [ 1397.003473][T10889] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1397.009037][T10889] io_submit_sqes+0x61f/0xaf0 [ 1397.013735][T10889] __se_sys_io_uring_enter+0x217/0xb20 [ 1397.019210][T10889] ? fput+0x2d/0x130 [ 1397.023106][T10889] __x64_sys_io_uring_enter+0x74/0x80 [ 1397.028482][T10889] do_syscall_64+0x34/0x50 [ 1397.032903][T10889] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1397.038805][T10889] RIP: 0033:0x4665f9 [ 1397.042692][T10889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1397.062294][T10889] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1397.070713][T10889] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1397.078819][T10889] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1397.086790][T10889] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1397.094758][T10889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1397.102722][T10889] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:37 executing program 2 (fault-call:4 fault-nth:0): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000800000043"], 0x78) 03:59:37 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r1, 0x800, 0x70bd26, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0x9, @media='eth\x00'}}}, ["", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x5}, 0x4010) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:37 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000000000000001b080000006d"], 0x78) 03:59:37 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x0, 0x400) r1 = semget$private(0x0, 0x7, 0x0) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r2, 0x0, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r1, 0x5, 0xf, &(0x7f0000000100)=""/4096) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000)=[0x1, 0x7, 0x6]) semtimedop(r0, &(0x7f0000000080)=[{0x0, 0x0, 0x800}, {0x1, 0x81, 0x800}], 0x2, &(0x7f00000000c0)) 03:59:37 executing program 0 (fault-call:7 fault-nth:57): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1397.401364][T10925] FAULT_INJECTION: forcing a failure. [ 1397.401364][T10925] name failslab, interval 1, probability 0, space 0, times 0 [ 1397.414250][T10925] CPU: 1 PID: 10925 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1397.423009][T10925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.433069][T10925] Call Trace: [ 1397.436340][T10925] dump_stack+0x137/0x19d [ 1397.440678][T10925] should_fail+0x23c/0x250 [ 1397.445108][T10925] __should_failslab+0x81/0x90 03:59:37 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x3000)=nil, 0x3000, 0x1000000, 0x20010, r0, 0x8000000) r4 = syz_io_uring_setup(0x31ea, &(0x7f0000000240)={0x0, 0x69ee, 0x10, 0x0, 0x114}, &(0x7f0000ee8000/0x4000)=nil, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000000100), &(0x7f00000001c0)=0x0) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x8010, r4, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r7 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r7, 0x0) mmap(&(0x7f00000b8000/0x1000)=nil, 0x1000, 0x0, 0x20010, r6, 0x6dbed000) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r7, 0x3848, 0xb0e6, 0x3, &(0x7f0000000380)={[0x401]}, 0x8) syz_io_uring_submit(r3, r5, &(0x7f0000000340)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r6, &(0x7f00000002c0)={0x440981, 0x10, 0x13}, &(0x7f0000000300)='./file0\x00', 0x18, 0x0, 0x12345}, 0x8) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r8, &(0x7f00000007c0)=[{&(0x7f0000000400)=""/38, 0x26}, {&(0x7f0000000440)=""/197, 0xc5}, {&(0x7f0000000540)=""/70, 0x46}, {&(0x7f00000005c0)=""/125, 0x7d}, {&(0x7f0000000640)=""/1, 0x1}, {&(0x7f0000000680)=""/73, 0x49}, {&(0x7f0000000700)=""/170, 0xaa}], 0x7, 0x5, 0xfffffffb) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1397.449870][T10925] ? io_arm_poll_handler+0x15e/0x420 [ 1397.455206][T10925] should_failslab+0x5/0x20 [ 1397.459712][T10925] kmem_cache_alloc_trace+0x49/0x320 [ 1397.465000][T10925] io_arm_poll_handler+0x15e/0x420 [ 1397.470119][T10925] ? io_wq_enqueue+0x3a/0x40 [ 1397.474716][T10925] ? io_queue_async_work+0x18d/0x230 [ 1397.480004][T10925] __io_queue_sqe+0x133/0x3a0 [ 1397.484677][T10925] io_queue_sqe+0x6d/0x160 [ 1397.489098][T10925] io_submit_sqe+0x15c7/0x30c0 [ 1397.493864][T10925] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:37 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_setup(0x6efe, &(0x7f0000000240)={0x0, 0x5a22, 0x0, 0x1, 0xd6, 0x0, r0}, &(0x7f0000ee8000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r4, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r6, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r5, &(0x7f0000000380)=@IORING_OP_WRITE={0x17, 0x2, 0x2004, @fd_index=0x8, 0x352, &(0x7f00000002c0)="c5b75087034fa2ea952a4a4f8a7758a85f4607eff7d18ab85ee13f2e7197125ec677ee955e8bdc45ed21d1e24907fbe67adc411c14fc23324777167571f623db0022a342430581295c5ab6a226b942df001ef1aab5a683f9ec07dfc34767938e57d93bf672d949152246c85723351ebbf6831c2542fc253a5f204210a61b011e653a6aab37cef27c2ee13a77cf444b4be5ae3ae02d90ce99d71fcaedd4fc9421aebd0d325f411ed5cb1b2dee6ae83b611dd7", 0xb2, 0x8}, 0x5d) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1397.499321][T10925] io_submit_sqes+0x61f/0xaf0 [ 1397.503996][T10925] __se_sys_io_uring_enter+0x217/0xb20 [ 1397.509524][T10925] ? fput+0x2d/0x130 [ 1397.513480][T10925] __x64_sys_io_uring_enter+0x74/0x80 [ 1397.518882][T10925] do_syscall_64+0x34/0x50 [ 1397.523335][T10925] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1397.529231][T10925] RIP: 0033:0x4665f9 03:59:37 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x2, 0x7e}, {0x1, 0xdbc9}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget(0x2, 0x2, 0x108) semctl$IPC_RMID(r0, 0x0, 0x0) [ 1397.533140][T10925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1397.552773][T10925] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1397.561188][T10925] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1397.569160][T10925] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1397.577201][T10925] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1397.585177][T10925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1397.593142][T10925] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:37 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x104, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) getsockopt$inet6_udp_int(r4, 0x11, 0xb, &(0x7f0000000100), &(0x7f00000001c0)=0x4) sync_file_range(r3, 0x3f, 0x1, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1397.742704][T10912] FAULT_INJECTION: forcing a failure. [ 1397.742704][T10912] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1397.755804][T10912] CPU: 0 PID: 10912 Comm: syz-executor.2 Not tainted 5.12.0-rc8-syzkaller #0 [ 1397.764635][T10912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.774688][T10912] Call Trace: [ 1397.777971][T10912] dump_stack+0x137/0x19d [ 1397.782300][T10912] should_fail+0x23c/0x250 [ 1397.786705][T10912] should_fail_usercopy+0x16/0x20 03:59:38 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000040)={0x0, 0x95a, 0x4, 0x1, 0x8, 0x4}) preadv(r1, &(0x7f0000000140)=[{&(0x7f0000000080)=""/160, 0xa0}, {&(0x7f00000001c0)=""/237, 0xed}], 0x2, 0xd9b, 0xfffffffe) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:38 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000080)=""/4096) 03:59:38 executing program 4: mount(&(0x7f0000000100)=ANY=[@ANYBLOB='/mev/md0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='securityfs\x00', 0x2042000, &(0x7f0000000280)='/dev/vga_arbiter\x00') r0 = syz_io_uring_setup(0x4129, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ee7000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1397.791729][T10912] _copy_from_iter+0x15a/0x7b0 [ 1397.796550][T10912] ? __virt_addr_valid+0x15a/0x1a0 [ 1397.801650][T10912] file_tty_write+0x3d1/0x660 [ 1397.806368][T10912] ? n_tty_read+0x10c0/0x10c0 [ 1397.811035][T10912] tty_write+0x24/0x30 [ 1397.815097][T10912] vfs_write+0x69d/0x770 [ 1397.819333][T10912] ksys_write+0xce/0x180 [ 1397.823566][T10912] __x64_sys_write+0x3e/0x50 [ 1397.828141][T10912] do_syscall_64+0x34/0x50 [ 1397.832615][T10912] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1397.838515][T10912] RIP: 0033:0x4665f9 [ 1397.842404][T10912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1397.862006][T10912] RSP: 002b:00007f7b9dede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1397.870453][T10912] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1397.878426][T10912] RDX: 0000000000000078 RSI: 0000000020000180 RDI: 0000000000000003 03:59:38 executing program 2 (fault-call:4 fault-nth:1): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000800000043"], 0x78) 03:59:38 executing program 0 (fault-call:7 fault-nth:58): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1397.886396][T10912] RBP: 00007f7b9dede1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1397.894413][T10912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1397.902384][T10912] R13: 00007ffe4f6efb9f R14: 00007f7b9dede300 R15: 0000000000022000 [ 1397.948269][T10983] FAULT_INJECTION: forcing a failure. [ 1397.948269][T10983] name failslab, interval 1, probability 0, space 0, times 0 [ 1397.961847][T10983] CPU: 1 PID: 10983 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1397.970619][T10983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.980690][T10983] Call Trace: [ 1397.983969][T10983] dump_stack+0x137/0x19d [ 1397.988286][T10983] should_fail+0x23c/0x250 [ 1397.992701][T10983] __should_failslab+0x81/0x90 [ 1397.997464][T10983] ? io_issue_sqe+0x418f/0x6080 [ 1398.002316][T10983] should_failslab+0x5/0x20 [ 1398.006843][T10983] __kmalloc+0x66/0x360 [ 1398.010989][T10983] ? rw_verify_area+0x136/0x250 [ 1398.015906][T10983] io_issue_sqe+0x418f/0x6080 [ 1398.020643][T10983] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1398.026105][T10983] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1398.031917][T10983] ? __io_queue_proc+0x99/0x260 [ 1398.036763][T10983] ? vga_arb_write+0x17d0/0x17d0 [ 1398.041748][T10983] ? io_async_queue_proc+0x3f/0x50 [ 1398.046844][T10983] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1398.052214][T10983] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1398.058031][T10983] ? try_to_wake_up+0x353/0x470 [ 1398.062885][T10983] ? io_wqe_enqueue+0x457/0x4d0 [ 1398.067719][T10983] ? io_wq_enqueue+0x3a/0x40 [ 1398.072305][T10983] ? io_queue_async_work+0x18d/0x230 [ 1398.077594][T10983] __io_queue_sqe+0xe9/0x3a0 [ 1398.082285][T10983] io_queue_sqe+0x6d/0x160 [ 1398.086707][T10983] io_submit_sqe+0x15c7/0x30c0 [ 1398.091502][T10983] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1398.097001][T10983] io_submit_sqes+0x61f/0xaf0 [ 1398.101687][T10983] __se_sys_io_uring_enter+0x217/0xb20 [ 1398.107355][T10983] ? fput+0x2d/0x130 [ 1398.111238][T10983] __x64_sys_io_uring_enter+0x74/0x80 [ 1398.116607][T10983] do_syscall_64+0x34/0x50 [ 1398.121013][T10983] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1398.127010][T10983] RIP: 0033:0x4665f9 03:59:38 executing program 5 (fault-call:3 fault-nth:0): r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 03:59:38 executing program 4: iopl(0xff) r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x6000, @fd=r0, 0x1, 0xea1a, 0x3, 0x2, 0x0, {0x1}}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r4 = fcntl$dupfd(r3, 0x406, r3) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0xe, 0x2, 0x7, 0x4, 0x7b, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8000, 0x20, 0xcbc6, 0x10000}}) 03:59:38 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget(0x2, 0x1, 0x166) semop(r0, &(0x7f0000000000)=[{0x4, 0x9, 0x800}, {0x2, 0x4080, 0x800}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1398.130898][T10983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1398.150491][T10983] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1398.158904][T10983] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1398.166886][T10983] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1398.174840][T10983] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1398.182808][T10983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1398.190785][T10983] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1398.274805][T11011] FAULT_INJECTION: forcing a failure. [ 1398.274805][T11011] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1398.287887][T11011] CPU: 1 PID: 11011 Comm: syz-executor.5 Not tainted 5.12.0-rc8-syzkaller #0 [ 1398.296651][T11011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.306704][T11011] Call Trace: [ 1398.309980][T11011] dump_stack+0x137/0x19d [ 1398.314345][T11011] should_fail+0x23c/0x250 [ 1398.318762][T11011] should_fail_usercopy+0x16/0x20 [ 1398.323789][T11011] _copy_to_user+0x1c/0x90 [ 1398.328207][T11011] simple_read_from_buffer+0xab/0x120 [ 1398.333587][T11011] proc_fail_nth_read+0xf6/0x140 [ 1398.338594][T11011] ? rw_verify_area+0x136/0x250 [ 1398.343449][T11011] ? proc_fault_inject_write+0x200/0x200 [ 1398.349076][T11011] vfs_read+0x154/0x5d0 [ 1398.353235][T11011] ? __fget_light+0x21b/0x260 [ 1398.357914][T11011] ? __cond_resched+0x11/0x40 [ 1398.362656][T11011] ksys_read+0xce/0x180 [ 1398.366824][T11011] __x64_sys_read+0x3e/0x50 [ 1398.371335][T11011] do_syscall_64+0x34/0x50 [ 1398.375819][T11011] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1398.381720][T11011] RIP: 0033:0x41937c [ 1398.385685][T11011] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1398.405352][T11011] RSP: 002b:00007fce876b8170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1398.413907][T11011] RAX: ffffffffffffffda RBX: 0000000000001fec RCX: 000000000041937c 03:59:38 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(0x0, &(0x7f0000000000)=[{0x1, 0xb62, 0x1000}, {0x1, 0x8, 0x1000}, {0x2, 0x4}, {0x2, 0x8000, 0x800}, {0x2, 0x401, 0x1800}, {0x4, 0x401}, {0x2, 0xa1f, 0x800}], 0x7) r0 = semget(0x0, 0x2, 0xc00) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000000c0)=""/231) semop(r0, &(0x7f0000000080)=[{0x3, 0x432, 0x800}, {0x3, 0x3, 0x1800}, {0x3, 0x1, 0x800}, {0x2, 0x5, 0x800}], 0x4) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r1, 0x0, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:38 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x201}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0xc0, &(0x7f0000000100)=0x1, 0x0, 0x4) [ 1398.421875][T11011] RDX: 000000000000000f RSI: 00007fce876b81e0 RDI: 0000000000000003 [ 1398.429839][T11011] RBP: 00007fce876b81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1398.437807][T11011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1398.445775][T11011] R13: 00007ffceecbd3ef R14: 00007fce876b8300 R15: 0000000000022000 03:59:38 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 03:59:38 executing program 1: semop(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x7, 0x0) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) semtimedop(r0, &(0x7f00000000c0)=[{0x4, 0x3}, {0x0, 0x9, 0x1000}, {0x4, 0xfffe, 0xc00}, {0x2, 0x0, 0x800}, {0x2, 0xd6, 0x800}, {0x3, 0x6, 0x1800}], 0x6, &(0x7f0000000180)={r1, r2+60000000}) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(r0, 0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000280)=""/4096) semctl$GETZCNT(r3, 0x0, 0xf, &(0x7f00000001c0)=""/135) semtimedop(r0, &(0x7f0000000000)=[{0x2, 0x1f, 0x3000}, {0x2, 0x8001, 0x800}, {0x1, 0x20, 0x800}, {0x2, 0x4dd, 0x1000}, {0x2, 0x4, 0x1000}, {0x4, 0x610, 0x800}, {0x4, 0x4, 0x800}, {0x3, 0x7, 0x1800}, {0x0, 0x1000, 0x800}], 0x9, &(0x7f0000000080)={0x0, 0x989680}) 03:59:38 executing program 0 (fault-call:7 fault-nth:59): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:38 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000040)={0x3, 0x9, 0x200}) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) [ 1398.717104][T11040] FAULT_INJECTION: forcing a failure. [ 1398.717104][T11040] name failslab, interval 1, probability 0, space 0, times 0 [ 1398.729753][T11040] CPU: 1 PID: 11040 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1398.738537][T11040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.748584][T11040] Call Trace: [ 1398.751915][T11040] dump_stack+0x137/0x19d [ 1398.756254][T11040] should_fail+0x23c/0x250 [ 1398.760674][T11040] __should_failslab+0x81/0x90 [ 1398.765442][T11040] ? io_arm_poll_handler+0x15e/0x420 [ 1398.770730][T11040] should_failslab+0x5/0x20 [ 1398.775281][T11040] kmem_cache_alloc_trace+0x49/0x320 [ 1398.780634][T11040] io_arm_poll_handler+0x15e/0x420 [ 1398.785804][T11040] ? io_wq_enqueue+0x3a/0x40 [ 1398.790388][T11040] ? io_queue_async_work+0x18d/0x230 [ 1398.791724][T10993] FAULT_INJECTION: forcing a failure. [ 1398.791724][T10993] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1398.795673][T11040] __io_queue_sqe+0x133/0x3a0 [ 1398.795697][T11040] io_queue_sqe+0x6d/0x160 [ 1398.817926][T11040] io_submit_sqe+0x15c7/0x30c0 [ 1398.822748][T11040] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1398.828228][T11040] io_submit_sqes+0x61f/0xaf0 [ 1398.832892][T11040] __se_sys_io_uring_enter+0x217/0xb20 [ 1398.838408][T11040] ? fput+0x2d/0x130 [ 1398.842293][T11040] __x64_sys_io_uring_enter+0x74/0x80 [ 1398.847727][T11040] do_syscall_64+0x34/0x50 [ 1398.852135][T11040] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1398.858032][T11040] RIP: 0033:0x4665f9 [ 1398.861979][T11040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1398.881600][T11040] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1398.890007][T11040] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1398.897965][T11040] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1398.905946][T11040] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:38 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x3, 0x3, 0x1800}, {0x1, 0x4}, {0x1, 0x20}, {0x1, 0x3, 0x800}], 0x4) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget(0x0, 0x2, 0xc8fb547def116341) r1 = semget$private(0x0, 0x7, 0x0) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r1, &(0x7f0000000000)=[{0x2, 0xb1c, 0x1000}, {0x0, 0x3ff, 0x1800}, {0x0, 0xf800, 0x1000}, {0x4, 0x3}, {0x1, 0x65dc, 0x1000}, {0x4, 0xfff, 0x1000}], 0x6, &(0x7f0000000140)) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) semtimedop(r0, &(0x7f0000000180)=[{0x0, 0x2, 0x1800}, {0x2, 0x3062, 0x800}, {0x4, 0x8000, 0x800}, {0x3, 0xffff, 0x800}, {0x0, 0x9}], 0x5, &(0x7f0000000200)={r2, r3+60000000}) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000080)=""/152) [ 1398.913906][T11040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1398.921871][T11040] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1398.929840][T10993] CPU: 0 PID: 10993 Comm: syz-executor.2 Not tainted 5.12.0-rc8-syzkaller #0 [ 1398.938614][T10993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.948692][T10993] Call Trace: [ 1398.951965][T10993] dump_stack+0x137/0x19d [ 1398.956294][T10993] should_fail+0x23c/0x250 [ 1398.960711][T10993] __alloc_pages_nodemask+0xe7/0x310 [ 1398.966015][T10993] alloc_pages_current+0x21d/0x310 [ 1398.971128][T10993] __get_free_pages+0x8/0x30 [ 1398.975712][T10993] __tlb_remove_page_size+0xf6/0x180 [ 1398.981000][T10993] zap_pte_range+0x626/0xe20 [ 1398.985577][T10993] unmap_page_range+0x2dc/0x3d0 [ 1398.990425][T10993] unmap_single_vma+0x157/0x210 [ 1398.995263][T10993] unmap_vmas+0xc0/0x170 [ 1398.999488][T10993] exit_mmap+0x1be/0x400 [ 1399.003728][T10993] __mmput+0x27/0x1c0 [ 1399.007776][T10993] mmput+0x3d/0x50 [ 1399.011493][T10993] exit_mm+0x360/0x450 [ 1399.015549][T10993] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1399.021348][T10993] ? taskstats_exit+0x357/0x750 [ 1399.026183][T10993] ? acct_collect+0x3bc/0x420 [ 1399.030848][T10993] do_exit+0x3ff/0x1560 [ 1399.034990][T10993] do_group_exit+0xce/0x1a0 [ 1399.039486][T10993] get_signal+0xf83/0x15d0 [ 1399.043895][T10993] ? tty_write+0x24/0x30 [ 1399.048127][T10993] ? vfs_write+0x51d/0x770 [ 1399.052644][T10993] arch_do_signal_or_restart+0x2a/0x220 [ 1399.058194][T10993] ? task_work_add+0x11e/0x140 [ 1399.062962][T10993] ? fput+0x108/0x130 [ 1399.066949][T10993] exit_to_user_mode_prepare+0x104/0x170 [ 1399.072574][T10993] syscall_exit_to_user_mode+0x20/0x40 [ 1399.078025][T10993] do_syscall_64+0x40/0x50 [ 1399.082508][T10993] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1399.088439][T10993] RIP: 0033:0x4665f9 [ 1399.092320][T10993] Code: Unable to access opcode bytes at RIP 0x4665cf. [ 1399.099154][T10993] RSP: 002b:00007f7b9dede188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1399.107562][T10993] RAX: fffffffffffffe00 RBX: 000000000056bf60 RCX: 00000000004665f9 03:59:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000800000043"], 0x78) 03:59:39 executing program 1: semop(0x0, &(0x7f0000000000)=[{0x0, 0x80}, {}, {0x1, 0x9}, {0x4, 0x38af, 0x1000}], 0x4) semop(0xffffffffffffffff, &(0x7f0000000040)=[{0x2, 0x9, 0x3800}], 0x1) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:39 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) syz_io_uring_setup(0x4aff, &(0x7f0000000200)={0x0, 0x0, 0x1, 0x0, 0x14c}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) syz_io_uring_submit(r1, r4, &(0x7f0000000100)=@IORING_OP_FADVISE={0x18, 0x5, 0x0, @fd_index, 0x5f, 0x0, 0x8001, 0x2}, 0x10000) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x600, 0x5) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1399.115546][T10993] RDX: 0000000000000078 RSI: 0000000020000180 RDI: 0000000000000003 [ 1399.115565][T10993] RBP: 00007f7b9dede1d0 R08: 0000000000000000 R09: 0000000000000000 03:59:39 executing program 0 (fault-call:7 fault-nth:60): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1399.115577][T10993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1399.115600][T10993] R13: 00007ffe4f6efb9f R14: 00007f7b9dede300 R15: 0000000000022000 [ 1399.219815][T11072] FAULT_INJECTION: forcing a failure. [ 1399.219815][T11072] name failslab, interval 1, probability 0, space 0, times 0 [ 1399.232502][T11072] CPU: 1 PID: 11072 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1399.241266][T11072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1399.251395][T11072] Call Trace: [ 1399.254733][T11072] dump_stack+0x137/0x19d [ 1399.259069][T11072] should_fail+0x23c/0x250 [ 1399.263475][T11072] __should_failslab+0x81/0x90 [ 1399.268239][T11072] ? io_issue_sqe+0x418f/0x6080 [ 1399.273087][T11072] should_failslab+0x5/0x20 [ 1399.277592][T11072] __kmalloc+0x66/0x360 [ 1399.281805][T11072] ? rw_verify_area+0x136/0x250 [ 1399.286653][T11072] io_issue_sqe+0x418f/0x6080 [ 1399.291350][T11072] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1399.296786][T11072] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1399.302585][T11072] ? __io_queue_proc+0x99/0x260 [ 1399.307496][T11072] ? vga_arb_write+0x17d0/0x17d0 [ 1399.312436][T11072] ? io_async_queue_proc+0x3f/0x50 [ 1399.317582][T11072] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1399.322996][T11072] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1399.328859][T11072] ? try_to_wake_up+0x353/0x470 [ 1399.333712][T11072] ? io_wqe_enqueue+0x457/0x4d0 [ 1399.338565][T11072] ? io_wq_enqueue+0x3a/0x40 [ 1399.343151][T11072] ? io_queue_async_work+0x18d/0x230 [ 1399.348550][T11072] __io_queue_sqe+0xe9/0x3a0 [ 1399.353144][T11072] io_queue_sqe+0x6d/0x160 [ 1399.357560][T11072] io_submit_sqe+0x15c7/0x30c0 [ 1399.362347][T11072] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1399.367807][T11072] io_submit_sqes+0x61f/0xaf0 [ 1399.372539][T11072] __se_sys_io_uring_enter+0x217/0xb20 [ 1399.378560][T11072] ? fput+0x2d/0x130 [ 1399.382458][T11072] __x64_sys_io_uring_enter+0x74/0x80 [ 1399.387902][T11072] do_syscall_64+0x34/0x50 [ 1399.392319][T11072] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1399.398210][T11072] RIP: 0033:0x4665f9 [ 1399.402095][T11072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1399.421815][T11072] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:59:39 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r0 = semget(0x0, 0x1, 0x12) r1 = semget$private(0x0, 0x0, 0x85) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETALL(r2, 0x0, 0xd, &(0x7f00000000c0)=""/191) semop(r1, &(0x7f0000000080)=[{0x4, 0x1, 0x800}, {0x3, 0x8b8, 0x1800}, {0x4, 0x6, 0x1800}], 0x3) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) semtimedop(r0, &(0x7f0000000180)=[{0x3, 0x7, 0x800}, {0x4, 0x5}, {0x0, 0xd9a, 0x800}], 0x3, &(0x7f0000000200)={r3, r4+60000000}) semop(r0, &(0x7f0000000000)=[{0x1, 0x7, 0x1800}], 0x1) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:39 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x7, 0xb, 0x0) [ 1399.430232][T11072] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1399.438205][T11072] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1399.446178][T11072] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1399.454155][T11072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1399.462131][T11072] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:39 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {0x4, 0x2001}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x4, 0xffff, 0x1000}, {0x2, 0x8, 0x1000}, {0x1, 0x73f, 0x1800}, {0x3, 0x4}], 0x4) 03:59:39 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000008, 0x11, r0, 0x10000000) 03:59:39 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = eventfd2(0x9, 0x1) writev(r1, &(0x7f0000001840)=[{&(0x7f00000011c0)="a59d48a4f6777cbafa5b67fc6a9aba91b5375920f3f136e4a23ad14258d49f38818ec70d205b29b28c2dde8d57148687f756586833e8b2b7e56f491afe532730baf015af82a3b17e5bbd368fd7ff1ef882481c232689717e84fb8eebd22a0ff70ca0c684785df5a2bb906d55ba91d73f24c70b6d69f123d867fd5b326c7670c4fa9b0e9b5204aec5a7eb55d9f464e3b127cf83d72e460c9ad4560234d1", 0x9d}, {&(0x7f0000001280)="00234b5f6c8e7009caf9e7c2ac8c2dec9882d7ba6dcfa616baac9d66afbe1406962e69653f22d2cd04f01472804707cf9b6748abdc3b0de26811fd11fb5adaae71bb9fe9b502273b8ca6f4082f55198c9cc41da246a1954716854d7736d958e0930c047233426ba874edc90cac9839670aab6167cac7c36ff73270fbd8566e928a895f79e7593964a0976949a1a1ad899c50231d6ef59e655b420e4dc0d235d6c8f7d04fff2548c8def8c2445f137e683fcad60281b7c6b26d9a4df895ee80153a6e3a681fdb6031d0f9f5fce916b0282232f11b7c5815eb27bc7c7a207e9a8d98f50c2967216adf3516d600ca15a738075b2242c1368f", 0xf7}, {&(0x7f0000000140)="624791e3b0633e81db407e8525f7a2d4c51511e5932aec7507159abc425a009245c979e713949e8dd4477e102960eaf274c71aab11f4c6f7e46095db0088f83caecfa3178d3b6210c1e81a3ee2038cb57c1638d841bc628d378bf884fdaa2454e41e231a33910d8ddf965c844ac719487f4e212b", 0x74}, {&(0x7f0000001380)="a279d6a563921846ad26983b6a98faec709b0474cd2bbf7cdd6e144a4bb45cd99a628e0b0a8693f883d4761e8cdd865f328ff894daee77133bd60a8412d78b992ae4f6452b88e24d8f91e8d1e8b12406886ecc7afe71c10dd497b7934f7f354d938f2d5956bf026ba13b4ed1884f31b6ea3f1177a50aa2180549d4", 0x7b}, {&(0x7f0000001400)="92e3f15e40", 0x5}, {&(0x7f0000001440)="504e7f31d454f14661291d0ba4e572b4eb589a043a46b0db33ac5ba501c9f003aaf331bf983f21dc9fcab2fa7f73905ffeeb6de8005a5027375ba9fa3d39a2e9915d4624e03d8b6f0b90d492366544a0a8734e16a23387c8b50ae5e8ef2e27d8b7598fea4e278bd041e0adeca319698dc8a30b1691ab5107cb13e5484c65029b0573b7ae2e0c36315c0de408b9f9773196085b20a7e042393462351b784081af94d07aee696f25f925187883179032461239ec8b03cc3818794b7dd5d69a292205fc60b30ce4dcf36b979e9d1838b0d3fdcf179b3e810b50bb", 0xd9}, {&(0x7f0000001540)="39943d6d68f37ed0700e01e10abeac0c778793ba6099d5eaddf07e12eb81da07ad07160b66e4275209a7c47cce8ab3405e655be2b74811c390e8d35a862cff1f8c5bab252285a5939928c7c516a2e6c3c5dc2a21d4a3e82da8afef49ffd1bcce77d7897b86ba67e8087ef5ddc02d68d2615fa3811fa73346eff5e5c37767b216546df4df041cd695a785e4ea0737e6256674541e7a8b1fa4fb33bab6bcb7e7c387605cc48d5be9d59079bee6a558e82cc75d8f6385f7e77ec8d91d2af754f2459d94fa0029d2b62bc3be6e7e9b44231d36b623843c4a4d902742b0e15cb34f047c9c8edd6a671e0baf1dffc926072a", 0xef}, {&(0x7f0000001640)="e5f03b4d7bafd437aabb6e0d1175427bcac81aaaf6afd6a81a063c2b6c6d6406c0fce94561921bbbc35ebba4213b17820e26b3e36d4c0969cd05711e11d39b88f58e1fa2bb32d71c7e4f16f96ea98689ee3d3046dafa947899f760", 0x5b}, {&(0x7f00000016c0)="998acd6c32f61d5d26e8a8fc12a932141d1b9c2c8d75df37ff31fe2100e910ce451de22b948b043c77af8487c0b18ca8e57b38f3d09ed8089be13b46ec947257fbc722df389e2011dc5761189662dce8ef5778fe11ab4ab7e31d0f5a816eb1663618c05aaffb43ea30e0a0f5424f522565694720c0cb1cc8bc544928bacce729aae234a27377e9595f4b872389812c124c5e8edadecb349bb7b212f1c209a0f31ee52a5680767db0b60024cbdd0c50767934f6ea64f2fbaabb0b6807c95315ca6fbaac61d175ca9d9019e2", 0xcb}, {&(0x7f00000017c0)="47e4ade6b655cd6333cb0240b5e976342739cc4ac82160a06e711841824750eef3e76dc4aafa8b7f56c716b30feae7b49687e2375deb0d47e2187ba0c854c7c8fed460d7f73560b1c68d6b27cab2bbbfb5aa9cb0d6fdc66360bc287d43e9a2dbf1bed65c284910bcde0ee33b2b531174f2eb", 0x72}], 0xa) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r2, 0x50009401, &(0x7f00000001c0)={{r0}, "d9aa287f2adaaa9db76417209938fb1ad6acfcdc55164b12302f5f6e02a4b891703c4b4168a50627d7ce7d9689b8bf7e20a0eca0ec1f6c16b8a118ad81cb03be597682cba80cbf086596fc8dae917966d42a45d72019c3bc144c77503e6e47fc2eb91ebd44ee98a246ea14a3c9b398c05b6b7f13711f9ebe2d4af30ee6c9c99f11fd564048c3949eb325b47ccfd8dd3e8cd769d242e516b37e736ac1bc955601eb4dc1ce77e7b42cad83445d34dcb59bc615c151e79f16959396406a22bc53113a06354bbd85eb0482ca1b7d1b99263818be236ce93ffbd0fe16bb0c3ace662196a0612f45b0c35f2705463233b2a181c2a55d05ae411880c510c512fe1087ecd671b5b7eb8da9d70238805e79fee0149bb7f2bd7d061d034305e4c5f72de5e6618a4e588696d7050ba4cce540066358e5a1d7cf4115b20d904fdff4f38724af59e35417f0c4e9c0b5b7533fe4651de0f799df0e68783ad3c81f0b60dc292ce74031b2570e6e6499c93cb01472e33c136ed961f31dd274647cfde8bfe7af76143cf3d68e114fc8cad711ec36d35c877b7bd02cdc8071004d5ff6db1424640eaa0bdb9f4738997700e817327247b529c254f5231c5617cd88a51da84a1176251c3a397fd81cce86965b30f39a56bcb7229147688aa4b67ddce2299d0c35034ea69d66e3f6ed34c706535a75f88ec8bf6c3c126285cd535b455d6d0ac68654ae60788d3cb6aff6222606f150bc49098d07625a64c1860a66a413599014a3a8fa18bbf14e1af7ca40bd076bf288aec01afe9838072358c5aa576eba91ec5d801f42927139663396ce841190f6684fbd72c48f561a7b8aebb07305ea6cd604440ef78b20190ae91216f238df40a599d74303933c0d076e5a8095c929abb2b82a75ad4fba1ac99924fa4c33fa947278a62d97b52894c2ad7e65806cefbe6d01d71be0f1fd9bd5e93f7965e45c8489a69ecbe3d550b2bf61fc558c4c5f6870e08eb2587b72b3670aeeb91373bac172fea9368088b94cf0f7ba8db4e14e3fd963205cc820e788b04e3854300196a56ce51241da7e073826db04e8457abe1c318ee5c9aab9fee1da6d818008c8a1ca3ea33cef75763ade2356c68cb5bd475c73789c1ac70e97a62247720fe96f2fd6abaecae012d6df5e375af39a3ed3c3772d5714e2b19ef9684cd31c24d25db5ecc49efe01e1e8f077e8a74b169495d6a2f478d6a94936440e060933c2b3ab8648e6d4e458aaaf7dde9711061559f71ca437d27ebea58de295949e455f8c39950eebb81c835a4f268a5bdf4b318b9c12ef88fa9c56877a09408487973e1a38bf2ea3d21fb7137ad10c034d24134285f0bd60b2d2850b1587a7c12ec5951ec8fc74da541ca12132dc65d13a7f5335115c79a92174be72735e485e3fc08564c5cd851336ea9bd7984dc408224e86b426ddaacad1f3bd4cb61d4e71bf5305d05dac3063e7b8a71da0dc1a38f13a0a252671ecdcb5c8582aaef612faf2dc5ce7e6b1e1b32f2fbfab0f77224ad9c44ef1120d3b0baefd717e78b9d54b6b21faed9948bb06f516801fc4017f35a02e61813f677b72194d5f7a6f25a726deca721d86e693ebfe06dd0ca49b0695116fd8d60c3b9aec8ecffd149cfd98d66151c31dc5eaa553f8ed7c57de9406ed59489dce46ca816b6bd85f15cc888dbef1add0431b927b3e456c61e5de9585ca70380a4405a59533e7e017423394dcf51663164b21c5955638f6d61948238f161bae5a5f4873af2d05c9caf1db4ca6fef535cb872fa6cef24f4f0c739b0821f6dda541f153833b87ea51cb8dd43422ae489cb46a11ab6651689cd7929d69ddaf6d14df5130c51c11f19a10228f53442427aa4e7edfe8e3ea85eb48e0e3fbe60ab57f903e36258a44d48cf7df93972870832df45088b87a211ef0d8ef85b1e0b150536674acb57a4aebbec13a1da5dbecb7213729220aa61eae08c2d6b44d48fdec6b7f3064e3590b8818cdeca34abd4d0720594805e3e749b66fe1d3f4fa35f2cafb9096e03d17fc68da9e1b5146e1d9097d1afa83328e206a6cba4706447135090842661abe87f314efb6972aec9b8efe32ebb6ca4e8b6a18408ac6c0122bedfb2cbd0e68c6fd67d4f79b64fcddb72e5b7b3b93f4565e68498824191866a8854a27c067991f2ec88ea6d6867ddb8ca88e1cc079b082270da6a265455fe0386fd25bde3a5ace0c1924eea8ec1a442a0b750333a84ea4a0712d93bb42fff5247fa47adf60da5991055f445ebc3f2c5a26ca3be3560bbb39c12f7063902d57a04abf09e21b2d33824b15db3d8e0cd4239f055524c321dc18620293dc611737decc26c1465e9a0fe65be7073271ccc6483bda495266e14597893b47c4dc63c594971256126b5641ef964627ed5a8dca46a113c4e929df9c440c13e9fa621cd07b82086bff5a62ffa5a86dc9e6296cad6b4fff7c26c84cadaa85f9f2fb5a323181acfdd609f8f2653a1a39155526c458e88c3fbe4982f80d1af655514e79f802cb1176f84a815e76c2ca40a89ef0a2a5249a331b6adcfa145d7435ef8cb51c02a6fde09961c51e46b60feebee598da3bd64ed3e9a60000ef244410fa08f00faa5a46bad0627b1bfed2a63af784968fa6f41ab46f010f06a94ce1556bb8f9c4602337cc0c2c37d946432313fafd38c44f05e8e77474f3c69484ebe8ec6edaf8e98490b4e5a754893eed0afc13b56cb45b5c0577754026467efa6c472fe8166cb2d1feba6b87898c6c8a6b15322757748b3618c406a69a24d0630d861e16730b6d7c96f57a3996de5ae72fcbd4231708f8bd32a340942165081e54b030a09b77b5aa58ba7fac8aaba5b9339ec7de9fa4f07e89cd571f0fdbd9aef0891ae84921f94ab288cf552abf0f0a82d0f46d9fc0dadcd48f91f3cdb3ed972d37fbf0a43413da2ea37581859a82087163eb87b6a1b790a430cc4f2b13aab0ce4f7984a5ab0529d17a91f70fc6fe57f93bab5e05cec7d8b6c2f56457d27a661b2e5f119cfd372b3e4174d79b2f3572da872cf235d55108b1548c85ddb90154e9c578405d19fdbfd843c6afcec1d2aea8d990d8891f22f5f994e78df5f929af1b9db755b561d9db008057d51a7fd88359b1a5ec2743c7d99c399ec19345c52db9db78c354af14d6f621a721d4cea61c78e9c4ad23472e0c81eb193e5b73f7bce9c3a7353a4fe7c5e4f4ea9e2f314b64055be3a16c62c0f185a10de58ed0422ef47a62a44264398790e0dfc37550cb6ff51876757514679b5e7772f935c7031c1d6bcb578a703b5de5408eec55cd589504f71e245d52a062daaac93dcd33450702635f45b9e823648e7b39c542914ec4e9e4a5a048fd93926890c413ef1ce0f4ac4b8a25570899d84faf0c76c2ce9544a7c4cd4fb34221d25f59ac50d2b08caaa8ca13e10f377b4ee94ab552a4236f1042a8aa111a98ef4b93c1eac6afbee617bea3e280e8347969b0caf763a9f3cbd0ea13224ee55b56f38f708267dcc4cbb9d9c5699fb18766fea5a866d69ad988e841b4d9b188a4b4fcbe6a959ae86852920565589ea50ccbbfc167926ec7996001b9fd7913ea96acec3c593410e5ae2bb8ab3543fa0e1f33beacf0299771fa5aae4427a2b918ce9b514c97867ae746b3d8f6132eea80e390fd91d8b108d88fae33e8f18fe35f822d6d0125d4af515eebad453597b99b12fcf81d595753e973ec78a5ca42feeaaa67ad31e59a48a11b403f4d04cdefc14248461a38e6efd3ff2763c5a1b82ae532e46e67e1a2da2aaf65c27ba3b57184c61c4f75d4db31eb54b9fe0e9352ca82c7c8207eb69ae1664ed33e60bb2c50bc20c2c1c624b9f98dae15e0536902e74faf0c302ba52e4f36235ae7fe4924bf4c1d87953504481d961237a64105b89e7403901753322d438f9c2e72aeb9f536ca85638d408419645cbb16fb6c953ee1bdc802c554a8f58868f1487c9f71522e75c371ad6c942f4f90be31856951216a3dd5f8cff84ab1bcdc36281489bdeaf6682da59173f3b95b488e622cc2bac15131aff012e9ab160c7bcf4c98f69027ca3247481162ebc304e19dc3f10829d6031b5b0381992b3fe5232ca2e0f2076e85632431f88d11a90f996c8b3557c479420328dea6be8c321bb7d71c44cf90f8429a2190caaef5cdf8a7834469b999c712c42429f7fa3e12a864305cbc616dd90bb2a62b569cb87bdc72b512bd23055c754e50b22b518b38a8166ea2c22cdd8f59efe8875cdf371cf01dcb6702accc99d7016defe6efe1551ace22bcdf7154e6c7d6f05179620885d166ffac701a59ca10cfb9d1f74e2b4bc92243d2d49f4e1626153731b28f4b0c9e7c34c13390c2c03889cbb7011eeefb0b135c770b4ad3f0d2f2a3d49e775e204c96651f69c8626e739b1d2a63fb098ea2c39b2067911a58665efd6fb1797b19dda5dcd1069570a41160df33856a96fca9b20d556f264c23e5234e1aaf71c3c2b0e07edae60894c18654fe767e8f148b90564d45824986affa2693256f7e6f950aab650b05365e7358c5c88e91ef83a51e5793308a9e51536324c01d46505292fb1b51a80186a46cc4b619535d3c36011cf8b2f460c2f0f51db89696cc63387b0ca83dd16763e408758cd456ee3d811247a0828ee3a5613e1e9e1ebd64baca13406f8720cb73c31f698e9e11d030fce9eb203a3e0c2c47a98730917b981b0724d8773824263ea13665d522675d57bd9a42c1d61cc07db4810c551161ec05660c911e4b03b910027164d582bb27d1a5a2b0e8c4d7cd23be9939f9feaa6ae7156deb5dd9978dfdcffc162e60c3c3596e0482cfee597077e89e19d4d28c9f199ae58c67e492bfc047b760ba1c1e12fa237f9fe7089263a3f38b2ab3f990e972486fd41eb879073c0ad7e0aa16a60e1a947b10daf8fe02955d28a69f0dd9f07db38786bb1b8439b375556ebf2842b7729037b628bd329b09f42acfe8e811e06ee5469a8983e84b253c33f845973c5559955332e3c581a0f85c27a2961c9e04e40a7abacae4ec487d6d730242c715b7a3cd727871cb4482394ccfd20fb9f5ad89abd95ca032f7611288bdf7d7e2bccc2354b03a4619fb5004cdfb254d5d7f469574aeb70d29d9c88c168c837944f750ce5a81dab3db2a740ef6ca485527fb1d30567708b09434f226eece68f3caf6f99532df902e30ad36db14f6124d6012530f650c80b69022e933372128e58bd3aa8e14a5f9e9dfefdc92b01aa9048eba96711b6f150406715bc612662647dd5c8cf300eb32703f200b22957136de1ac71f8a347221edabfe9472396f8986d2934487795c3993118aaa85d75a78bdd9d8b47a3440173402a43a30cb7b7ece5e66a1f4fa769ce7ce0631d1d437598c6b06bbc4eea0ff98efcab8fe6cb4ec6b24ae8e878929d24dfb6f8b99d0d098c25f0e660935c98ec919cdca27a51186eb631732e48ac8d10f9593ba5107a6768d6eaf20049e60597817815f350c4288faa44cbcc8a7bc4e399c0d7e2aca342aa137a9b21ae19bf062d4a69d382d5f58e766f82b1a19429743efa1613ad075fffa6e621201ba0b56c95256ecd81279cc35b5bd6a11a9a8ce56d2509f9eb44376394678d8119aa6c444ec98ffdf0415f02bbfb68b3c13cc57dadcd495195f4b5f25f24844a160eb480c07cc1edb1eaca097a2dd218e8eb64110461c757d1053435b1372acde6c06c31e26d14bf23c371594dcecd3d7f9d42820c766482dbbf52f785e48d8ea63cf955561d5423ca9b5e16f327a215040ff7af796f15f16271253fa44152b410f10e5ed"}) r3 = socket$inet6(0xa, 0x5, 0x5) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, &(0x7f0000001900)) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, &(0x7f0000000040)=r4, 0x1) r5 = openat$incfs(r4, &(0x7f0000000080)='.log\x00', 0x404000, 0x1c0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000001a40)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001a00)={&(0x7f0000000100)={0x30, 0x0, 0x8, 0x70bd2c, 0x25dfdbff, {{}, {}, {0x14, 0x19, {0x80000000, 0x8, 0x27b7, 0x3}}}, ["", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x0) dup3(r3, r1, 0x80000) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @mcast2, 0x0, 0x0, 0x20}}) ioctl$sock_inet_SIOCSIFPFLAGS(r6, 0x8934, &(0x7f0000001a80)={'syz_tun\x00'}) write$binfmt_elf64(r0, &(0x7f0000001ac0)=ANY=[@ANYBLOB="1b5b073b3938000700000000000900000000002fff00080000006d90c1051680f641f8f14cfc67002c3d3c293eb4d6bf5274fa6efd3706182a255155f7e0b8f68400ec0dcac308b558d044bdb2b879be6023aa22b48509eb66bb1bafd98498a930474361823326e48aec9e0077f1b7ee4c7f8d5a0cbca656dfea08ff6f12dd1382d7f475e3ca3b50b4eaf7c74ca64ab9b2470c3cfb70c4a3ddb62a37bd9f7a000000000000e1b31c7cec0fcffa83e8c83e2a19ebdd7780f1ff78ba3ea832d131fa00aaf5ec869a0e6dd200"/218], 0x78) 03:59:39 executing program 1: pread64(0xffffffffffffffff, &(0x7f0000000000)=""/122, 0x7a, 0x7f) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040), 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f0000000080)=[{0x4, 0xffff, 0x1800}], 0x1) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:40 executing program 0 (fault-call:7 fault-nth:61): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1399.803156][T11121] FAULT_INJECTION: forcing a failure. [ 1399.803156][T11121] name failslab, interval 1, probability 0, space 0, times 0 [ 1399.815827][T11121] CPU: 1 PID: 11121 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1399.824592][T11121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1399.834691][T11121] Call Trace: [ 1399.837968][T11121] dump_stack+0x137/0x19d [ 1399.842298][T11121] should_fail+0x23c/0x250 [ 1399.846737][T11121] __should_failslab+0x81/0x90 [ 1399.851503][T11121] ? io_arm_poll_handler+0x15e/0x420 [ 1399.856826][T11121] should_failslab+0x5/0x20 [ 1399.861376][T11121] kmem_cache_alloc_trace+0x49/0x320 [ 1399.866675][T11121] io_arm_poll_handler+0x15e/0x420 [ 1399.871907][T11121] ? io_wq_enqueue+0x3a/0x40 [ 1399.876501][T11121] ? io_queue_async_work+0x18d/0x230 [ 1399.881818][T11121] __io_queue_sqe+0x133/0x3a0 [ 1399.886494][T11121] io_queue_sqe+0x6d/0x160 [ 1399.890995][T11121] io_submit_sqe+0x15c7/0x30c0 [ 1399.895757][T11121] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1399.901336][T11121] io_submit_sqes+0x61f/0xaf0 [ 1399.906022][T11121] __se_sys_io_uring_enter+0x217/0xb20 [ 1399.911483][T11121] ? fput+0x2d/0x130 [ 1399.915376][T11121] __x64_sys_io_uring_enter+0x74/0x80 [ 1399.920752][T11121] do_syscall_64+0x34/0x50 [ 1399.925298][T11121] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1399.931213][T11121] RIP: 0033:0x4665f9 03:59:40 executing program 1: fsync(0xffffffffffffffff) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) fstatfs(r0, &(0x7f0000000080)=""/155) [ 1399.935112][T11121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1399.954724][T11121] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1399.963135][T11121] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1399.971107][T11121] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1399.979076][T11121] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1399.987048][T11121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1399.995019][T11121] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393802000800000000000000000000000800000043"], 0x78) 03:59:40 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$GETZCNT(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000280)=""/4096) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) semtimedop(0xffffffffffffffff, &(0x7f0000000000)=[{0x4, 0x6, 0x6e44bda55d09811e}], 0x1, &(0x7f00000000c0)={r0, r1+60000000}) pselect6(0x40, &(0x7f0000000100)={0xfffffffffffff0a7, 0x1, 0x745b5c8, 0x20, 0x79, 0x80000001, 0x7, 0x20}, &(0x7f0000000140)={0x2, 0xffffffff, 0x4c6, 0x7, 0x5, 0x1ff, 0x6d, 0x81}, &(0x7f0000000180)={0x0, 0x9, 0x7fff, 0x4, 0x231b, 0x5, 0xffff, 0x4}, &(0x7f00000001c0)={0x0, 0x989680}, &(0x7f0000000240)={&(0x7f0000000200)={[0x3]}, 0x8}) 03:59:40 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semop(0x0, &(0x7f0000000000)=[{0x0, 0x800}, {0x0, 0x2a7}, {0x3, 0x200}], 0x3) 03:59:40 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0x2, 0x0) 03:59:40 executing program 0 (fault-call:7 fault-nth:62): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1400.437571][T11154] FAULT_INJECTION: forcing a failure. [ 1400.437571][T11154] name failslab, interval 1, probability 0, space 0, times 0 [ 1400.450273][T11154] CPU: 0 PID: 11154 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1400.459048][T11154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1400.469138][T11154] Call Trace: [ 1400.472421][T11154] dump_stack+0x137/0x19d [ 1400.476751][T11154] should_fail+0x23c/0x250 [ 1400.481164][T11154] __should_failslab+0x81/0x90 [ 1400.486026][T11154] ? io_issue_sqe+0x418f/0x6080 [ 1400.490872][T11154] should_failslab+0x5/0x20 [ 1400.495368][T11154] __kmalloc+0x66/0x360 [ 1400.499531][T11154] ? rw_verify_area+0x136/0x250 [ 1400.504398][T11154] io_issue_sqe+0x418f/0x6080 [ 1400.509146][T11154] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1400.514528][T11154] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1400.520405][T11154] ? __io_queue_proc+0x99/0x260 [ 1400.525322][T11154] ? vga_arb_write+0x17d0/0x17d0 [ 1400.530262][T11154] ? io_async_queue_proc+0x3f/0x50 [ 1400.535422][T11154] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1400.540797][T11154] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1400.546598][T11154] ? try_to_wake_up+0x353/0x470 [ 1400.551455][T11154] ? io_wqe_enqueue+0x457/0x4d0 [ 1400.556305][T11154] ? io_wq_enqueue+0x3a/0x40 [ 1400.560888][T11154] ? io_queue_async_work+0x18d/0x230 [ 1400.566179][T11154] __io_queue_sqe+0xe9/0x3a0 [ 1400.570875][T11154] io_queue_sqe+0x6d/0x160 [ 1400.575292][T11154] io_submit_sqe+0x15c7/0x30c0 [ 1400.580132][T11154] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1400.585591][T11154] io_submit_sqes+0x61f/0xaf0 [ 1400.590264][T11154] __se_sys_io_uring_enter+0x217/0xb20 [ 1400.595726][T11154] ? fput+0x2d/0x130 [ 1400.599753][T11154] __x64_sys_io_uring_enter+0x74/0x80 [ 1400.605143][T11154] do_syscall_64+0x34/0x50 [ 1400.609566][T11154] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1400.615460][T11154] RIP: 0033:0x4665f9 03:59:40 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_LOW_DMA(r0, 0x227a, &(0x7f0000001200)) r1 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x372e, 0x1, &(0x7f00000010c0)=[{&(0x7f00000000c0)="88d5a4f250035250d2842f7573a5bdb0ce8079429c40bea20b2ac4e2f7076122b983de56ab5ebe249352e0de3ecc0849408ead6727573dc7b9ab1fe8ccb7982bd3a4aec124a7fed65f9f50fa72951b434b915aeb19f0e74fdc89b646abcd06691336281829bb6e1d6b232b3cfda784f52a222c773ee95e471aeaaee5da5efe4208c2d820041e0e251fe8c7ed6bae3eff4d4ca25b474347801d4aed77d73b515eb129fc11bdcdb37da7d054c9fcaf0f453d7244c6de427501cf7af8e9c94874f82a8115e38c4dc8f57830ac8f585db55198ab345afe2f17fb5190a841d1e2288da32dade6b732e76e94e24484dc824db4293787767e448189f1dd3d4ffd0a3af23dd5c3405008e775d4c47a210e6a066bfae2b5edfef19c79df5e305b7086a7cac212363868444468dd3c6e44660b686c50e7f7e2cf4e647c6b65c088292c4a6373f54e58b180f3c3e371b6234ca8fe32e394e91de8287a9a60522354f7170fc1854c426ad25f9580b1f90b4362529483785e00c8e623978d47bcb7fda3b96fe86e2de4cffb25e95e3802abc68482003bcc12886229ca763004fc08fdef9005c0b2fa9408b3a08edf7651efc4fd16b2300f83979b2969437b1000754921605835427dd48ecba5ed19780aa295762a9f734a8a0c5af9feb9bf6f0bbb5dbd6dd7d4383ce54da33e82618ec647f99a94d754201a7eb4b70b157541bbbcc73c90402625962f8ea48ba3bcb0bd889e48aae70ddeebd389be22de0cab46aa66506ffd7fb0a44d3bce95021e5e4c546596bc8a325198ec5fd09d5e878c3792e010799c404f2d94d576b74e2c884809345c698e6d0f01cb0fdadd3cc98c7d93c647680b8607888739203b794c1e8fc796f9b5c8dd42fe8edfab9001a0ab75db034bc3744d0757b5ac27a5482bdf289af5c9ac03af761c940b2639eca20a57eb787e1caed3df7ad4ac0928a1d6cf54f77a920bd450510de6adf99bef6a682c989b91047fc666379bc0579886af9e3b3c72f0a65582576ef413772aed070326f07cf4756da83522ab11780724d8a836f8260bfb6d2420db982d90ebbea0ab7c3d1f34ecf3887d1c2b3b816b89bc469584b8774bd57d98695d0dd1198d7236a8a751e7bda2128ef4cf60d78717573c58d502c406c1962be4fe4b6ae69053af068e2648bf4a2d5fff7ea392b80bf26ad0bc6f635e2dc678d6a41219f7414009c597063f975bcc43d2421c18c253118d079fa1304ed40569bc75862bbdb458aa4eea371ca1808aef7836f723eff9dfdd19b9420eb330c535fe3985fb8b21b390a0b0c322140f76a5c474458c1afdd013c07b37207c4f9168c897bdd584c20128f2a8ef92a2cd599d9378b80d8e1ba0647470faee2687f725670082e3ee25ce6b5538e02c5f8ec4af3b3df0386088250aafed74fff4b039bbbd85d4dbef3728d5b133e7b710bb201fb4e44bcd1eca35f19b403b35e61d020c14b755a4c5e69abdbbdfa619cf8117fb6df828b3be33057dd83e1e7c8730ec9c9a4fc95f90478762f8b593709bdaf9d21031a289ed471f1af6ff29bb1f136a48ddb336afa72d4dae2698f9ffa384525ca765489dbdb3f1fe9264e0b026a43ab7175b013ef7cefe57386def112ece84a9b6f8441b2ddb12a5ffb381f4a7d3d222dbd807948177861770f9cabbaaf480f2c9d4af3c49b7a9fb99d40d2cb0811e7770d44e23c8e38a4ea787c39f2b02561aef02b8f84ed1e191f089a1a55a7f0f572b7223490f2fc6154077bbbe63748f4eda1327282b1a04f6064b028c2f0f05e1444764292503937df6276b91adc890b4906a8ffd7dc6077ccd2bc6f38b610d2d0562dde7bd8933628937d23fb4ad833aa8d40fed2a7485d6f92ecf4c6f52d985ef816f52a0c6372c6d553293ea2f650f47acc7d18368efbe5a1ec18eddc0fad56a3dc28d488df39b58153315aea89087731935a1396474e333df1045d5211dbcb9b437622b30ea9aa5e44c9d5338332f87773288554e0b572d3b32f5d2c4f968a701632bab818a193326fb403ed533d1a17f6ac0a074e156d4e05c28e9716c5796dbeea67e89c16f93a013a4887cc5f0ba8ced1176d97191ed49b71174316b138f752d75ada77b2f7c28a54225e46f888e23951342ee0de0cf82866fef28a98e875f0eb249deaaa4a7c96d169ba6b4ca5689d47f27f61654f82d48e7e03f30584b4d3f13c07feffa24bcbe68c0e4ffa0a5be6f6c035deea7d28425f8c7abd2eb3a2bb8fd12f9e0db0fd95a2fdb340115c3dfbad0dbc5d1e619e254274323eb23951c88b709ac3ea0f142d5d24afedfafb9b60ae1577d7f8fdc934a1a33b1b4a53fc8bdfa88d3212fc2d9f8e0c6ec1c8bb4e267f59630adc3d9c361d3cd40d4ce7e50d6c3cfddb0030dc0accdcfcc970a9a498a5072cb9b81185de11b53a91d1184d72f12eeee2207efcddf00ac3ccd14bcdf79ac5a708854d474503949c334dd4cbbcae4df7531a9ffdd5ae6e0f8da210bd4915b50bf4c7be3fd1c4d16f7074b6096b8178bc8067dda993e31636f1a7263369c586af3da4478b5f61e98ba1d249fa5ac9d62b144bedbbccd74ea3759205b04458ee4a110e083c66218e8d03c2b13c9077f9bca732f1f8e42886c57f9adff6153e31817f0e62711668a3fe115465c2809dfd36e42c80e857402efd3d77b8e241a057e10280bccb8356033572be511969dc76b8bdf08c6aed3ffc7b6eb5d7a4eb6e86f0ea91b5e922667329f720c0c243407bccd5d1b180b574b03334f1c7a46215a2cbe9b0b22ce4f8a8ecaa101475dd6d3de6667f3964c7390c3e431902aba78687662d155e6ff12b422caf987c8f342a4dc440a2d392011a4727cf2bb547f432032ebcc5ee531d32caada6182226fff3ddcdbd880a1df3e5b2249c9a8cbcb57598b6c1fda5d37c128a2d0c6b14e52dd1ae22c636ee48c5a7f9b5dabd8b18cb62376d442320792cd41a5554be9968879f23660d08d08290987fc5858ca4ea9dd4a6ea8aa42b2a5fd32b015e5810c0d149dc2c2bb98b094270130f3ab6bcf31a730d6eac23bf5576c5542202c23c9ce38da856e0b4dc88a20f64532f8d1a38102a0255933b28deba79baa9aa22588324cc8e14fe9b8f5b8c2029b34b436ecc6f410cd8eb476fd6d339b6fef56e43802fe2a066a5f8d4ef7a099886d795ab7523e2e515df54387e166a641778a7059e7b5003c9892942fdfdfd8a13f55ae6a30e9d8d58907e4f19af4dfe4464b700c2b4213fde3efda1e91ffa2f942e4fccbadbf7208785cf1de82fa91043f5a4d7ffbdd4647ae740ea83d376e6570e48391c7fe388a6a8137e235c6a342cf3af7937b709698a77e41106279ae3a7f7757be27e3cab283dcb48b25761f7f04a3b96107c16813742684dcf0d761a1cb8849b8a9667e919d07344da7b3bfbc4e184a107cce09e11ba89ef7c3cb568c9b4088270e5c1c7b964f8f142aa208c6815d0c9aaa009e6a99885240cf7413f2a447a187db1664e0d13610ca5b4301e3b17a115ef5a6c77f1056c2fb7270236f476ae40952087c3b2f762b458458d3f1b3528af0551aaab93165bbf25be02e5d2dd404bf0fd0240fe5b3f02656471178144b62d29e38a6a632a420f049e5f8133363c5b62d856ed299ee11a86d1b8d6c9a432c59a2819dd8706bf33d5112bd7635d08508f86454a819045b0dbaf15a385ef7ad77d36cda7d9598ba57f4d93820358b8f77d79ba38165066373e38f24889b019ac6bd64c0a58b047d93c980996948ac6f85b8604dd5334f83bb9e197931687dd69b96c448abf40bebc1a7264e1d6726c9d6c7a045de244db030c50570acd785d610a101937d4c2357b91db29f611f4cacb677f56e4715dc3af83d022529d82654af9b79d8279c69e6a5f15d74f48e1d4a4205267db1424b4c1968c7b2439c6a33b2412d8deb477c3eb6667a9d06ea84f60cf3f64004ece3f2a799f68bc8ff535d360bd8b174f89ea9a9e858e3462d4a3729c7af05355aa9a28e23e455e76a189cc7b4588bd931263c084807a3fbe6f4fb7f98d1d2facdb4f3d4a4f8543500a6296dbdf8a0ec3bad333bed9393998e0c61dd61ac426484798a554cd3be7f6ba598babaea9986703f24f5728588666d98cd4785306c38027de2008d5b85d9c4962b6b62fea7fb4a41f7c0f30c7ee916ec0e9d9ace4eb32c2ced21874b691e575fba45475d39ec5c655e12a9743ff0242e43fdf46bb4165900ae7c303d32a305d8adb378e008e36d99b82bcf9ea3f0b122defd151a0a752fd1b78d58b119c20dd92dc7110f07985ae0430fe5bf544e842492420f5ea8233ad69169586f411f64f71fa00d9260d98d3f23c21bade93010a0da384d70b883aa096804ede93b94c03ea82cd08f2e158c1da514fe46539c514f21eecf3194bb4f5d6bc0611cf9574e70e55199428b046089a64eb5d355810a0565383de20786a02cd48a82ff0ca7e4f0df001507527409a569d33b44e6f1e2305cc54029bc327481e8921100f222aa9af170c92308dca4f5ba34134bd1bba9499e23cfb6a7c100a54fb2b24d45dde1c363e10a744be44be684e1fbbf6b9eaae7d691e1eade9ff3c0d841a1cefddbf2bef50162b511401ad79377fdc9a77b50745e6614c5b53b33f155564549d00c6d88bd74c15ec5ff811a925fb4a7ce80e9d7b0f46756ed2be60a110914566c2cd35b353344a2dbf446928faf1cf8d0606b11ae97967cd975b5c83861c440d7c256644f76b2269854ed90af5a6261decab10b81ae534d417161d8370ddcb189ef078502631c5d1ddb378e13d13bff23e4dc447dd947da4678e753304045419b55d5673c7110ef56002549d5bce2654539f11c19a7b01b3cac1eac348db8902b500a7ef8101ecc02ee59b18a309ab4fbd817a6198a419b1ed69097c95f2c6780d261d2b65c1c70a3e36e33e13d4646e7d3ea42a0c48e4cd9d05ed63cd0b5b93ed64342a1907c7b714fdf18b54bc729346a73c0067a31ceed13bdfcd721d382a26b127bdfc065bcc1ff7d2ab24962c332e6f87c2557421011f12b6e3c19aa1dc626e0a41cf752a1434a91441cbb7d5447905b1759299ff9b935f4f50ebfec4f9cd53918c426779e5f470f6df30800683189e435626590bc9bc725a41e070b7b24eca3dfd293bd5ae59b51a5e81ccd30ff0e1499c811c1c48057b1c8f86c407c1e87dbfbe58a6ca8b3d3b70b164cee2e71acf6afa089e1c872000a8d4ec2a61efa06789a49e936df31c8c9c3c033d30c2c7d9f2c6dc842b287524bc572eb4d930c4949fdf7b3cccd9f7e5f37e67f3282e98ad7c70bf33e24f6430f43be633c52edccc3c943b6cce0c1e276c8aa77149cab2107a008e2b938ade5d1c7aac64bb94cde056430cf9d3aab92087831ea6da53d4cb4b19faf770d7dc1a5cddd6597a8a113a95c5d30cc8ef45dd8af5037d916bb700db635fee23040360a6a85bd897a2f394e5018bbdfb139d30c886d0b8994caec49977fd8eb2cda923965c43951d0759f11a1a923c355bc1de2b703d2afd9fc0ec353d43ae9ab86cca662aefd72395cd36949cd0db49cb8c6e94178146411dc89988a927b06451d689cf06cdb8dc5f0c810462652af7a1d5f91b9e8b02485e9ac11fa489c36775093a100d19ce45dfc3303a18f89255f8ebfe15f97adea7077e88dc7d73e8d134587d290782cc1ced8bef113381ce295251c8ce500a0c9818cdfe8dc70f3d2098cdf8eaa55620740edb59f00b126aebc2707975bf7447b469264841fee716bbc103c2ad2d75d52ed779e1f6b0dbc1f1af0ecf5860a23ab7e7b8b564a", 0x1000, 0x7}], 0x2040, &(0x7f0000001100)=ANY=[@ANYBLOB="73657373696f6e3d3078303030303030303030303030303036312c6f766572df296465726f636b7065726d2c646d6f64653d3078303030303030303030303030303030312c636865636b3d72656c617865642c6e6f6a6f6c6965742c6d61703d61636f726e2c646f6e745f686173682c6f626a5f757365723dff292c646f6e745f61707072616973652c7365636c6162656c2c646f6e745f61707072616973052c00"]) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) pread64(r0, &(0x7f0000001240)=""/232, 0xe8, 0x81) clone3(&(0x7f0000005e40)={0x0, &(0x7f0000005bc0)=0xffffffffffffffff, &(0x7f0000005c00), &(0x7f0000005c40)=0x0, {0x2}, &(0x7f0000005c80)=""/155, 0x9b, &(0x7f0000005d40)=""/131, &(0x7f0000005e00)=[0x0], 0x1}, 0x58) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000005ec0), 0x18000, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) preadv(r1, &(0x7f0000004340)=[{&(0x7f0000003080)=""/86, 0x56}, {&(0x7f0000003100)=""/177, 0xb1}, {&(0x7f00000031c0)=""/4096, 0x1000}, {&(0x7f00000041c0)=""/94, 0x5e}, {&(0x7f0000004240)=""/84, 0x54}, {&(0x7f00000042c0)=""/119, 0x77}], 0x6, 0x9, 0xffffffff) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000001380)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) sendmsg$netlink(r1, &(0x7f0000005fc0)={0x0, 0x0, &(0x7f0000005980)=[{&(0x7f0000002700)={0x124, 0x22, 0x200, 0x70bd25, 0x25dfdbfe, "", [@nested={0x43, 0x1b, 0x0, 0x1, [@generic="a1389eb497e0ea6bbbcbbcbdd8824f4d583a9a6027cd2802e00e53e9", @generic="21b14c134c85c424e7278c35c73af8d83913e5714c2db9194d60f0aa1199aaefcff121"]}, @typed={0x4, 0x44}, @generic="d5b14bca078536c7c235263277e9b783d7c8d575d63a73fc150444d0d9c31e05f31301a6c3a19fd6ba81a911658dd7bac00828de95960547bc71d9909e3c6888da105f334f446db092d5eceb2c49b4628633464f422350b50c9c7c09734255c8ac5d3faf6754994467a342bf75c34b826a152fde709bb662d5a0532ec3818bfb1faed081e2b2d88a50f98d982e4bb403434ffe9f1a0cbfba4dfd35a72607df0f1782423f3961c69e2ae52fb9b79084821750ab42cd3eb563b0d70a720ff53918274f13dffb48eefba4e831"]}, 0x124}, {&(0x7f0000001400)={0x128c, 0x3b, 0x1, 0x70bd28, 0x25dfdbfb, "", [@typed={0x4, 0x96}, @nested={0x10c0, 0x1, 0x0, 0x1, [@generic="2f7d9eb816355b91d0699c1d", @generic="d441b0747a362ccb2c206ce61679ca1dfd5d3f7faa660564932488279e1cab1cbbc6d96791ba57784b970a767f1e9e9ceb79f73c2152727146c50400e83d21a3baf6a52235268d961bc3fb2b7a72ee9021fec58e1ad3f66e2e1e8ca9f534ba67c2a21466a3da8bf4e5d507135d7718965fb6a2eae6de917d028b918d5f16acbb634647b3ee8ca12ba6339dbf9c0a9533bdc5ad6124594779462ec111abca069ea7254371f48deaa81c6536ed917dd782d657c7b54a3465a248501fafd8923f67a991487ca6314796929a5da2188d4f3f507f28eb75dbf504a7f63d3db1d366f2c17a4a3476e42be18ae9d728b2c3e34c00090422f9383684c247cde0dab7cccb68de19146c44423fadb7bc93dad9328ce3353bb4a14960353ee3c29518686c02df7af3856b742adff8d9c017b21b98627ffce16f79c07741b76efa595cc4ee18b0c8e3b338e306a36e8f89c1202526bf79ecee133dce66affb1936519a529f0f9a6fd460cb0bf9dba9ceb67e5e02ad26a3f9ad7fff973be7f0d722255cc863c121c598eacc34437b63528d43be0fde2830558b4c5883f07e1b31f342302132a09613ff2905f9fb292dddb51520cc6ec459b942938d96c5885cb44620584d48943fafd91702a36fff03701e47b2b8a19351674f6c9e587d5ae2185e82893f1a85068b77002488c16751d4af568b11c410045a253a0467055ce87a16d4b0d04c9d983272d6821aa20b9f5c5810feb04a1c823bc16b3b01628bcd78067129794f1dcb21e76c0fb35b32e1edeb07691863d8da5a5b74220557d36bc5d989f7abb29517747e821d5f38510a858023c9ce7dfb482e669cca6d3e9773d82ba76ae2c2fa002a616949699992cf67004dca646f9d6dd9ee7fc6d06f8d0032f6559a0a1e68ed7c603f3a570f877efa4ea244fb654e3a1902ba3d3ea5894067527680e0b2981fd677c073e61a0b41175c6db41eb1549f5ba21afcfb672a48ba86ab4adb3430666d1fe66d188baa5e64c8a49870e4a84ae299bff59320728b94fd7d5e5e7404d9991a3df94083248d80d7fb8c1f73d74ab3ec9b596c02079512e65b2191af6b3647cc19c7ee0f22c21f67a752885222f560e8bd0be7bdeb5cbe0c30a23e18f3adcbb7679d8297f5252a1a1eff79b8a09cf30c5c4705b803281f2a9ddad00a2452258fd1594de6e2bd43ed8b4ddaf7b29f1c9777bb53e3fb98d8655ada959ae5d96242d3e00cadec4e2f6b05819c6fa6303cdf02b2aa9ed77692fd18b537674f17615f5af3f0b06866c049a870336c9e65cfecdaffb199c7f57853aa67331316161dcd3a9d43e11319ca28739ba79f2c850de9b48fd99515257868f7bf542e4bc373bb6d26f6d710f8fe38e4aef702d72a14ed1f7da8ff7c828089246dfb32066de3cd65f4380f83c418d7bc8d3c87a55964e573c1e9be9f5581c2081cbfbf09eb4addf19455952fe54b2806289055092478da5ab08d776bd6093fc0f59b1c92d2ce77ea607be7c05b7a05bfe943d16a5bfd3856bf1bdd790d84ada45e19febf2b13f431e4086d09d8d875b6ae9ee00f7f775f93395eaacf5cd3179e5c997890e511f31a925d5f8258f1e9640a24b11d209acd7dd443977a6454a1957fd0ba3ac718a8eeb50ddc80c461996731181042aa73d6815f4bc41b2d404a405423c88413e35209393802a44d759c1c79e42e5b447dba97a7dcdb54ec447293555ea2a056e676331e286c657c25c6335c2ff19c25b2f3823e9683d842ee53d2eecd60ef548b5328768d2f7e76d122ce1fd2496c1f6f9d0aa399c250eb178e589c3fd5a67cd1255859dcf500b7b2ef7626ce135e658e64d9edfc7fdde96cf772e15cc1bc77445e48733b38d5cf9eadd731da4367746b8e6c7e81ed725559f8641d5e48aa03753b3196433f6afae48039c3d1f1487218af4e9de610031cbe3497475e0916564b91278248816ceec47b6926aebc6df0cdcefe014f49bb4164218ca223185fe8d8026b006b38bda57f73a00e3870562dd474f0f46e11059fefff74373c3d626739452fcf452d815e1bcb971b4bd668a0aa5b0d5d1c349a7cb3cf76b213c908bd86509ba354c82984574af32fc504d3dc35e929ddbdffe2f7793e7b6bc37e09fd840ce772eefeea998c97c4065b6bc5bf406553d90f5525f6ca7b8a0133e8608aecaa3a4e85addb1b148a2a003b6b5bb46586b432eff11b7920a9afcb551ad7d220fb8ad0c50d78db2150a56ae334ebd06563dcf173b8bb5559c31ad363e0b14a41d183a58e05b18a2c1685a1a404a10fe9e9fd1b54e395ecbced9df983dbdd924f0a44a33216f54f44c55c279c672e8e31a641b5f9b457752e84700443408e3c68b82f79e90fa53647230bcf738d735d202ec286dde545425223d1b90cf79c6a210559f86177e9de15a5ae12174bbcdac7cd7e8e79158a5476b9283194dcbb7993c4ee6bbc9f8c8c6617da9b6330eaa28b0425df3acf2d7e25edcac4eaffcbeb85249e37ba3dc44491e070947c06297cd3066b33370a2c2ae3cdebe7cee07ea9124a9f8bdcb3a29a92e7f56e2f8e2dde448351172ada99208da7e088a2dbc2412b98a4dc9e546e413f5406debcf14089c5a33921539d50672ff43f73cad38877238dda6921f12e8c7828e3ed1dcf0020e84c751c68def0c91885b3c4764b8073354242d911549a48db33146b0de1406bf729f7402310006146b7a7b8e858de72ed79197dedce84f62305b64b48aab5f9cbd537b0675b64ff2eab416a181e91e99852c506c647df2ac28ce7a2ab556ab41a70a340096593a712aced0c1c2da2086bef4fc70fe6034ecfe0dfd6ed02cd894892c63db578e0f1adf2bafeb4c319c3a5f6049017f874acf1c5fb0335412da05f75180c48c0ddb4430518acd1df6e63c102d5b160b86847f67be937bd3780280520a7bbc07730566a099a0938374cb42ee026a6df535ef16b81d7a58c75b8f82a547661dc804ce880bbbfca5dc6efc496ad15281f3e36ddfef3fa9bde9093c9dd7766e9bf46e8f908022916d67e5aeccb239bfaca43f904534286ee30d100e5fae97431ca2ccdbaf28afe6986e4b4616681f9bc4e9bec22b2ec218bedd42943d6c96b8c35a824ddba3dd9192cf9f5f6cb4e7bc5b518e59115b44ce56eba2e7ad2956d19e95b349b175f856a7e88e7b9be5e13d656feb4d86d6ed48a744abcd4aeada4497b675c31d340e423177b3e3541770caf4d5aae2815b9c22d8c28203af2677de1765d3ac6cfc37f08fad1ab4ea5b96e7a84319ef35af1182ff78eb9353140904ec6eb0ddf001ead7d1379b014edf38c635b4c03966d45a5fd3923dad8b953bf61750cd283de3546c1a458603e1cc98b319fa1c4dec9f04f3cd08642c2cb01e04d324c681aaae9dbc97b5d39a5137c03439d62e17be1fd7159a5035c9f701c3ac5d4636487ac34cb28caf3132b7e9ec61286386d0d0ef869bb5bc66e7a04a0a24d5a9e031b16f260ec5e754b4dd0b0338c7d64349d059d2af6e92c1add43406be3a4a6e2fe17c879c331ef2d63bc156f7f6e84a40fcf2cca924cbff3dee3b69e36e65660fb901427bce352bda94dc82a9117ff5d7f37898c2dcdcc750a0a7928730ab259ddd35624da4c1d11b98cb76d43295688fc52b7652b5d6486c5bf49f977df18d9b1a047fd345d9a96242480079f35c93addbfe0f59a7fe002f9a7b33041db3c3eb188274359c153e67fcebde4d75aeab8c449da387b02d2f8c0b435d6d4f17d5507e4e19c211b3eea04c5a0b341069b935f9693219900fc863ec5ba38c3baceb84b847b06aa90f1b78b7f97c319193255cf0983d9579d83eb3e80f500a393d220eec8cec2c6814a8b05271ac8c28b907b010f118e3e7cf23e29c4379af3d2665e3da02fb301744319e500de3a35279eab35419db7a99531d4274c304639ab3c3e9699cd95517700205a60dc73ecd2d27912e8b19f14910c969473b854603a3cdd18bc10a3b826c3c34159853edd8cf0436f91203c92947a97e44ffad1579e5ef2a05cd822e4b3451e4524d21f507694f1462074d1717f196e45d1c8ca820791fb0d1ea4030c16be164470b3637e9c8a64536b4b55cf81e28dd9e74b9f5b3495b08887c9e2334dae219e7a23b05b059070aff9fc1094afd4741b4455ef792c137a947e43113412b1117331511e930fbd642691297940cd6bc970df3ff93926ecb633054f447eb0fec108080c26a04457b1eade170a924dc40c56070768fa0ef4ab26ebeadb099cb59752a5c77a3855b3e13f3a11885904d1e389023ba40f998b25576a0cc6819ca85d53c61343cd7219494d8e0288f017e67a25fa0329cd8bd5ee8f05489dfe8add5a6744a745d2c56fd9e3b5e7078ce441a10781c569e3846eee5b370ae36d82c2dd54f9be793fdb426dc1cc266b6ea3a62401fbc20905a7d68f815a4731b5c43cc3bc0dfc5ae28265103297aad1d1d98cc820be99276d30f56738a98f25a2ed939b1a90558ec9b1bd91033fedf44098d374e0e7749b9073de4111f7f7316d2e46f9999c4bf5244367f1397573de901515aab8276293fad04d6eed4dd4833b93b4eb982ec3165423dfb0000d3eca4750a9bf763ddee0181e9a5f95cb7a3926d137c9d1f6ba496e95a25341ba0c83dc0622f45d0ddd8a34060dff65bb41bb194abc5c6221c654bd41ee5a2eda4464640588e7dd48c7b6d69f9307111b51c90a3aa2eba240c3c6b45d07d7fea193871af0c9061e9edf9a173823ac791369e97cd0fd26a2e5bcfa90812fa42ff9eeb4789f57ea2a8440f8257b1ad9078f6178e36fc40184de6eafdcd820e97732fa5cc2c25bd03775625d941e607dcd433b62f8949dcd22a6fc76b35d7464f858e522ba1c8477eb1561ac2d27a35deddc61d1a785b61998b206c4112464256185c969b0879c8bcb6266cefcb53f750fdd7980f54f2b5a1b6c8ae02f8435a1d938a3a4051d218dd2e4ce1f4be9d46738c9f07117f571473999ee3ae5a88f495891db0ee9fa46530d27e53475821037d185cb41968d179626af2b719af26a33908f34828885142d3ba11aff7ba9f822607e1fc31462c790efe96f68fb2e507de52926e417cf47f8f2aaa8bed5a9092dc3e97c9c23d0881babe51917efca1a63e78b9bc2ed4db38729dd89cb941ca7860e3cbf705121fcaab13ec80d6a3fc567680a18528fc9eae9fc88073b3ab2c7b0eebfd0f8e79f1cc215dfba342303f84432b54ac7463935a44fe70fe0fb224ccf9c033b53a47dfad871a98fa188709565291447d0754ea9b8145abc0c6ce7b3e57fa9b77e2dec4b5899c8bc485161c6720cbaaf4a5981184c18b493f81124ec6d4a685e459198b93c1d277398d0087ad8a726be3009eb69522ead347eadc4e9a04150c2493c2ff3dfef591d0a78dd7349ac45635b56ab38d0bd89422641e861588165136f163c70ad5bffb86e235a5af8309e486614be223dcecec98786958de54860624cb54f9819efadf3175477fd4ae7cf6d58a345c4e62988704e1dfdc97f1e2846b50caaa916a8ef32470d8377d66153a02376d908d9f378f49eadfe46d682b9d4228d32b58c2abf4ebc994189c5518146ebe9b0a53a61f47ad16d47b071579b9ec7984460d7890be2a0612ac67cc98bb7b4f3fb67255db2a1b51da24a9cf48b8c2a3f394f2e96830a99e58cd12a187a06794089bd82cdfb255167b1df93b5471ca7def64f3af3152b47558589e4c6308b19621610a4527fd4a1bf746568b409f865b6c0040104357245a212e94b260ab972d1d8bbbf42552819c0b752832725c559aa820653", @typed={0x8, 0xf, 0x0, 0x0, @uid}, @generic="36d37e2365a26f4dafce1e69bb72cc51207b0c699c87aa97fdf35d8c144ccb8ab413d677bc08b0d5b888fc09d5efa5186325bf0cf4e209b2a70cdd1cf429234cb69ebe454bac3dbfeae972ed195c4bd262873049555ff51149000f63e1149a9e2203f52669a25526e801842f965def824ee2205c1155d98e7dfbd96db46079195cc141de2d55f869f4dd88e75f1c315487ff9e797b86295f3dd6701fdac2ce1e07d03f7b9696e4d4"]}, @nested={0x18, 0xd, 0x0, 0x1, [@typed={0x14, 0x38, 0x0, 0x0, @ipv6=@loopback}]}, @typed={0x8, 0x82, 0x0, 0x0, @fd}, @typed={0x8, 0x18, 0x0, 0x0, @ipv4=@multicast1}, @typed={0x8, 0x50, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="e72a73a87a37c68de966855ae4c58d62f5543a8aee1a5529ead29b62ed561c1c27c1af7f58f5da91c929676507c9bf43a86a37be62747ae65be3fa33de112958ac72e2ddc9999158c46c0b3bb88c6c7b2e6a4eaab64d0c055a5887d5728f4130d45c9dbf97adc7dc589e9005d14dade7c7a8a742ec24a904a35650301e1eb1a0b5772afe824d34f0973dff5bf1cd1a0a2619a7048f109c675a276bfe", @generic="fa57c9701c9ffe50ad50052a5b1adfa75a7d4f162afdc13333189500207baa052e09cdb1c2ebc7663fa58264703b8472b1e508da51c7dd6a7b50dcc85d64db2aefac3f8436fa1de727779f119891d582da8cb9eab572c8e1de4926b27ddc72d6c83b50f8d6ed5f5e03738a0bc9dec0f784fd43b0780450f4cf3c197c65405be9fcae3c50dc302fef379284374b31bd092e1f0e7c8a6aee4ad49c0ab297bf171c6a13e28b0ea31a3769944be8a00a33923f0e32af4cd58cfb7248916a8767b8350a66203f7952ed218a29c0fbf622215d5f9a8fce6911b728d446f4263a9dce400a74dc", @typed={0x8, 0x2a, 0x0, 0x0, @u32=0xff}]}, 0x128c}, {&(0x7f0000006000)=ANY=[@ANYBLOB="800100001200020027bd7000ffdbdf250c018f80206c63dfb6bd5e63b1c81fc528598138554664ac895e9f2ba14439a9879cb7d73dffb9804c1f9a69536a249eac597e32c1c659b9b3d60b5cb58b811d85a1f3263bf7ceabf2f9677cb8d37998215ae0bda35280634164ed966dbe576420f37e5ddc32974089006400b0323185779557a729772c6e2f8dcf91d991e5a746f11796ce2c0824dfc6c61090ac93497e3ae02b208d5942888a6a7d9b97e6777fd0796a81db29849b1ae5d9ceec4e4cf51b2b5ea1aa2d93a8170c5dc422e84c3f3d8521490f265feb48f1fdad5a2d045c12e875ab9a56e74687936376943e132f2f531f8c683069a83d376008c6d8957a00000008000900", @ANYRES16, @ANYBLOB='\b\x00O\x00', @ANYRES32, @ANYBLOB="08008f005b3a2500078cf9d3c57cb2d2aa54117d4728fbb4dc2f6e8acc4e401a9e2928420f92797a07acb1b75a00384157af6c0f15af813425970aa257ef9960a5492652789bd1661789ab0b4e0e970db06741972c60714a5557056fa37123ba29207ed080849ed005be10ec976347d44ffdb6e7bc8a8b015e8ad9a2dd380cf98e798be7b13227558d719bb8e985d3885ea4b17e89b79e2c9f3a4040437c9ac73ab75c8e62e01556cc65785c1a26b61bc60e08556d7114f58afe618e702ff536ef97738e7e69bf1f81ac4e30b8c54f857478364614031f63296e06eceafd0f125ad7e041888874f3b411963e83481351a0cbf6def4"], 0x180}, {&(0x7f0000002880)={0x64, 0x1a, 0xf04, 0x70bd2d, 0x25dfdbfb, "", [@typed={0x49, 0x82, 0x0, 0x0, @binary="21c725ca00ba3d711fb01bdf4c179f71a66f3d85cfd93ebd641b86c9cb8f2e91cb857b28a1ef18e639e774c8af299d68965f365f80ef4275918b24d445c14903ae25bf8353"}, @typed={0x6, 0x35, 0x0, 0x0, @str=']\x00'}]}, 0x64}, {&(0x7f0000002900)=ANY=[@ANYBLOB="580700003300000129bd7000fcdbdf2508002e00", @ANYRES32, @ANYBLOB="86001c80080012e5", @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB='\b\x00C\x00', @ANYRES32=0x0, @ANYBLOB="6b8506f6f14bbae8164193511205fef3b8cd02fd1e07bbbd14f0f21d29fd8ce103fb9065398faa93fa0b643a3afb5e8225d38724868127386899215ec5cd737085b1ef35272b09c91c5f9238c99e6386e693f0522f8ae457d3535336b15522a13f14bf50029e4ed8a89f00000c00080069736f39363630004c6ddcb9fa93526ab8c80eb71c9a48bc190832266b0f3f084f9b8422b108009000", @ANYRES32, @ANYBLOB="36f6eae69414905171e2395c06739537d43c09001f2e6017804a0c5de17e3b291f89dd39ae4f23631d8ca09cf988c344ba57176468a2929713dfbea20d465709a8a90f5ae85204035e4f1ae9aa9190eb923499398254bfce2f05aa83ab771e44bdcbecdd136330390dbe73f87a07db19c744acb35218a85995980ec70f646084affe3ab6115c13431780461792ecbcfc720ceb9e5d1f886f84d0eb30a04da8c2058960ed213c221948826b5866cd689cd6a35a74b59933de6f22464ff65f4eb21c4742a5e0e93acfbe447990d0e7536c01218008001b00", @ANYRES32=0xee01, @ANYBLOB="b3008e006824a06ba269fb0f7a6313ef45c1c01cdc11eef7ce8736fc0df23121a20b65826d3a4b00d89facd13b2f6482105ab46c6f504cecb1c62817851e49f832f52eb67398ace07af52553eba66881974e7d9492c7c0f9dc88a6b67be4813ed1ac318e0237456b748cf9766d7d932cf4ea1ccfdef55fb26832aca45298e34577552ad056d437006e47fb57e2157f3972578bf15ded4aa5c769c0a1b81b09d7d8b31e5f8269adb71ebfb1c4e702429631eeeb00ab000400095263ad999470575985369ed3c1612f72ad23d18d4b44dbd7634a438281d25074e44633f97f74ee530d260487938e0648b57a401fdcc1278e582c22b84de00c8446c9635bd8adbf2053c8503c31dca3463a4d7c74bef69fac659d0452040411c2bb2aea969611e4ee4a0e5ba96030fda898332296de52f7ca1ea80c1e7da3ac1f24385f04084b0ee5308d507063423437060f1ccf91e98620e6fa38df6a18a7f1d442b1d075d90050037080b99d2c13197ce75e3f6b104ab0e8cd7222c07e26a44d347360d89c67d0be9c9d6d969edafa1d8971cc0847d4b017ab60c51932c1052262e1b8c8a1c85041af793642aa04e04e63703cd2882476f9b5d98f0fd842602220910f7732724c7a4a861479d8cb43bbe0555aa93b5c12487d38922e64b7fbc67a101161ab4f7f32ef26f0ad8fb73a4a2b507d0ed0515db682a56e1c2e9e8e4cceb43e7a28bc2a6caab0e776d625a96fc2c4b456ee5f81e547f8e4ed4b92796f632667f9376bad1a67886f7eddc7594b164afc101ec15243fcf5dabf6cb864b07a8b5f0073ae862c3cc17af19d5ba77abf388df80083fae97da02a358303c2abd6ec43b7d37d778be92efc2b74f31e744c3bbe13c3c9f7e18088cd344bf03238613607166a55b5addc18e6e053dacdc2bbbc64051e04e41b6e8ce44a6ba991ed8a2bfc2c9f97c66450085aa74c2d559a3fbdbf43a62a219f6492b7951de1252108bc710b045f65ad7a6191688c675a47f186eda21106d7c516e8824915fc615766ea213056f1b1cd65b3e439c2d648ad921564de11265ed96f27dc86b95dc8ff1a59312e4d776f914c27e13e0b98ff5e5bfd2e0ce05a23f9f636bb06a08cb938a20366194858d292c672eed715ba065e6f35adf58fb7345807728a684ae30a91dc015f05361bbf89274b7f543cffc35e1964c12bebd71b39b6d8395d9d884dee81b1edf0aeed59d0913c9a20fb9e6034ae753382621fc25345163e6be4ca31416da300a4c02c38543c401d92c45887cd97eae4e22802b0e5c453e2a2b69de4881d8c0d43cf951be082713e10ddd798c5fd8726307c752714a85529eefe78e0d33edf696a7fdfd0a2024605ae9743c93b98b05293d90d52fef8394b03f7b58725c79c2f9049921f3057f92ca7c21c7f1ce236795392862e54ad8a0386c2e46fe51820bc2b3e28d398195941813ff8cf33bacfb36db9f0b63e0a4cd9a5844386b92667b5d68c15b0dce9cb811f3cf848ac10ce584083ff08002e00", @ANYRES32=0x0, @ANYBLOB="770019003c7ea9a974458f3be6d55b9adfee0cc699df83cf45d26ffd7f6a1d517f378a7305ce1506e9a42c53fadbad360d4f553400bd28c6261b2c0fb80871a6c4b43cb4cc19f09548488988408aa2c2e972bc54659ca01a84b3521011060915728c595e81c8b1541050e6b5235cf1684588f591e701c200f400508074c838742de81fc0b4f6af0916b96c41362913dbb53cb01de22528d361b34580333ed4fbdfb483efed47c2c9690f36d19c425c8fd1e068b5fa7e628afb6ada3720a4d3343044d545581186fcd3c74896495e7f3c503720a11211334fb5a25093eafa7a76813d7a45d6826e9c9bf63d6dc501f8df967fb98202af42f61f3295fe7768c04abc6428805fa1d2977cd7b5549fb335dd0c16a1807bc6ff3be3e9e98e2b428f45dd0b2995f290d27404c3fb795b60ab0254d50e7fdabd7fe4c8b9a3277a3245d4c8face0f3390f1cbdd4eaead09b47318a5dc78c1ac1af2eee98e9c36a043beff5fd9a6ae08002700ffffffff080067000a010102"], 0x758}, {&(0x7f0000006240)={0x10, 0x29, 0x8, 0x70bd25, 0x25dfdbfb}, 0x10}, {&(0x7f0000004440)={0xf8, 0x13, 0x0, 0x70bd29, 0x25dfdbfb, "", [@generic="c2d69c8439ad618b9e57c50b9a02898247994635ff5686d3428e6b0fd347b4a14d83d9d85f62a3f728bccf02039c0b3f41663d90da007c435656318071eb7ed8525ab6dbe169e5066bb7d92041e0465215e032b9c1adcd3193a6c36dcfb5e93e10e48acd7f6c74af9bdeb4f5fab3f05e6c25ebfe0a90bf293d1d4aa76404254ae2cc359d2e6047c80e81d54cb1518a26b0fac4e444c4f4754e841b422605b121c0b370d180932e6087db2471a9eb9c1fe020c7a895a68a5de93bc4777edcdcf878653aa7db9d81be1532777ac50d8131cb9291f336514aa8148bf8258a2b9b6cfa5707632d012e"]}, 0xf8}, {&(0x7f0000004540)={0x17c, 0x1b, 0x10, 0x70bd28, 0x25dfdbff, "", [@nested={0x16a, 0x27, 0x0, 0x1, [@generic="b58ab62ae66091683ac70b01411b99bb689be2b913cf2371eec67033506f613b3c4910cbd9", @typed={0x4}, @generic="30a32cbf46205109413388b126b2d0f7215cbad2865c72699d3a621e38d3ee9e4fd170f98f59016f805254c0250a3422a0147fcb3957582a92323f64dfc7ac3e0665b7eff29945aeae0bccb1921c994be786", @generic="f6d893fc8bbd86ea60ef7187de50db65a1fd05d3b8543d0629aa292419eb62a456078fa68a819b92f5f42bc8cbfe119da3653f5ed5239bee9992dc8be192bcc66bb10315e104c0af2d7d6dae5376b377f00dbdcc5ab5b006e8236d4b7aa0052498383c22076bf87f4c44c9a8b5931532493bd397cbcf28b1ae52387f6b557cbe27919a6e4e8f2e2153c8435187a7f5b49232769ce36e85", @generic="63a412e8e8510d588dad88e7f5ea9ffb5b4c5be2207bdd5f14ced1acbde48dd314671f7a14821dbdd643ee9414507d78dc9223e6", @generic="a2a768f3c13661c73ffe71978512461233d9cee2f54ce8e1d936263d1fbf0da0"]}]}, 0x17c}, {&(0x7f00000046c0)=ANY=[@ANYBLOB="040300001b0000042cbd7000fddbdf25040023002d04d8e4dda023d80a4acfca41069a3749abd8b03f9b90cdf149f469d9036dbe1ceba9706edf8ddc6cb86dc1309647dad6790f3349c094b30598742a61de3d606b00058008000b00ff0f0000f85b4a779fb2caae78068d0dd92ce79b8c9327ae834d9d9fd34ae6d02be3474e69861366d34108b854f58a868f242d61be5867d0dac92adc5d2e393e6ff399b668702a77c67b9b4c7ae2b2f0a0bbd7b96165a36b2a6e755c0602512a2543fc000800510020000000612bf0736a3b562b6d0b98b054cd4527a4ccedb435859cfadc9abf987d3d84d5946999514706a9cc2193372a0292bdfe1c70e6cb99c80e5135680f7e0620e7e13ae07d3742944fa23c5ef62f4ee259322fe9a0d91f82ffcf41fe80df02a10c0c7d92953475543df67e9e27f7724f9e1a8c8b2ec4acf685d83444341edd959a07e9917f3519c30165d675bf1d8af96d7af4415a31db1ce0dde9711070a9afbe2e7a1b57f38da3dbd8dff5a539f9e50cd5637d42e73a946815750212142eb300968008003600ac14141a0c00090000000000000000000766402941f7cf06e70532c5544b3715a4d913d6ae9507588d8364b790881256b96b2b773c7cd095d5b35b820958b80e56635ee71e3ae5097cfe7d32fdf195f8756e84c1ee4a6e4dc90e2454aaced8dfa24a4dfe40820fcb2b8b21138116ee0d35b3746e164c1f1e695e60a23d8586914fdc2edb1b24926eab2318867a6b9d88adc634d2bcbe9206456ae6eed3a8b3fee75081ac598b2b9b878af300246f5dd49149992b0018e8d1a5e4e018335b034bc0f0dc1b4f8d276061bbe5bcff90ee954307bbc670cb181ca7f9fa578bc25e45211e3b37759302e80d1db487dda2362008e801e43ddda6bef2a7235e28193e190ce4481a98115e2fe597e1a4ad465311680be7d02436c46e8d98bcd600cf0c724b53f0d4659ddda8e654be20e1843060a79ba1ece1609e3f7e384dc7e8bb69d199eef97841dee47e6306eeb3fe2fd40ed16cc3552997674eee7f51d934bb47be1557ea4246441e449ecd2c567c00"], 0x304}], 0x9, &(0x7f0000005f00)=[@cred={{0x1c, 0x1, 0x2, {r3, 0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0]}}, @rights={{0x30, 0x1, 0x1, [r0, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0, r0, r4]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, r0, r1, r2, 0xffffffffffffffff, r4, 0xffffffffffffffff, r5, r6, r7]}}], 0xa8, 0x40}, 0x40000) semctl$IPC_RMID(0x0, 0x0, 0x0) ioctl$SG_GET_TIMEOUT(0xffffffffffffffff, 0x2202, 0x0) semop(0xffffffffffffffff, &(0x7f0000001340)=[{0x0, 0x8, 0x1800}, {0x4, 0x4, 0x1000}], 0x0) 03:59:40 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000000900e2ff000000080000006d"], 0x78) 03:59:40 executing program 1: r0 = semget(0x2, 0x1, 0xd1) semop(r0, &(0x7f0000000040)=[{0x0, 0xb2d}, {}], 0x2) r1 = semget(0x2, 0x2, 0x0) semctl$IPC_RMID(r1, 0x0, 0x0) 03:59:40 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1, 0x0, 0x4000000}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) r6 = mmap$IORING_OFF_SQES(&(0x7f0000ee6000/0x4000)=nil, 0x4000, 0x1000008, 0x10010, r0, 0x10000000) syz_io_uring_submit(r3, r6, &(0x7f0000000100)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0x1, 0x1}, 0xfffffffa) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1400.619376][T11154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1400.638978][T11154] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1400.647391][T11154] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1400.655368][T11154] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1400.663339][T11154] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1400.671312][T11154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1400.679279][T11154] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:40 executing program 4: request_key(&(0x7f0000000100)='pkcs7_test\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0) r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x7481, 0xb3af, 0x1, &(0x7f0000000280)={[0x800]}, 0x8) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:41 executing program 0 (fault-call:7 fault-nth:63): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1400.893029][T11202] FAULT_INJECTION: forcing a failure. [ 1400.893029][T11202] name failslab, interval 1, probability 0, space 0, times 0 [ 1400.905693][T11202] CPU: 0 PID: 11202 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1400.914460][T11202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1400.924616][T11202] Call Trace: [ 1400.927896][T11202] dump_stack+0x137/0x19d [ 1400.932252][T11202] should_fail+0x23c/0x250 [ 1400.936729][T11202] __should_failslab+0x81/0x90 [ 1400.941561][T11202] ? io_arm_poll_handler+0x15e/0x420 [ 1400.946914][T11202] should_failslab+0x5/0x20 [ 1400.951432][T11202] kmem_cache_alloc_trace+0x49/0x320 [ 1400.956729][T11202] io_arm_poll_handler+0x15e/0x420 [ 1400.961825][T11202] ? io_wq_enqueue+0x3a/0x40 [ 1400.966402][T11202] ? io_queue_async_work+0x18d/0x230 [ 1400.971682][T11202] __io_queue_sqe+0x133/0x3a0 [ 1400.976356][T11202] io_queue_sqe+0x6d/0x160 [ 1400.980796][T11202] io_submit_sqe+0x15c7/0x30c0 [ 1400.985630][T11202] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:41 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000078000000000000000000000800000043"], 0x78) [ 1400.991091][T11202] io_submit_sqes+0x61f/0xaf0 [ 1400.995832][T11202] __se_sys_io_uring_enter+0x217/0xb20 [ 1400.995901][T11202] ? fput+0x2d/0x130 [ 1400.995923][T11202] __x64_sys_io_uring_enter+0x74/0x80 [ 1400.995941][T11202] do_syscall_64+0x34/0x50 [ 1400.995962][T11202] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1401.020919][T11202] RIP: 0033:0x4665f9 [ 1401.024809][T11202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1401.044412][T11202] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1401.052827][T11202] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1401.061040][T11202] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1401.069127][T11202] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1401.077100][T11202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1401.085109][T11202] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:41 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0x3, 0x0) 03:59:41 executing program 0 (fault-call:7 fault-nth:64): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1401.423193][T11225] FAULT_INJECTION: forcing a failure. [ 1401.423193][T11225] name failslab, interval 1, probability 0, space 0, times 0 [ 1401.435881][T11225] CPU: 0 PID: 11225 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1401.444637][T11225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1401.454684][T11225] Call Trace: [ 1401.458123][T11225] dump_stack+0x137/0x19d [ 1401.462464][T11225] should_fail+0x23c/0x250 [ 1401.466918][T11225] __should_failslab+0x81/0x90 03:59:41 executing program 1: r0 = semget(0x3, 0x3, 0x64) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {0x0, 0x0, 0x2800}], 0x2) r1 = semget$private(0x0, 0x4, 0x0) semtimedop(r1, &(0x7f0000000000)=[{0x0, 0x69}, {0x4, 0x5f9d, 0x1800}, {0x2, 0xf801}, {0x2, 0x5, 0x800}], 0x4, &(0x7f0000000080)) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1401.471679][T11225] ? io_issue_sqe+0x418f/0x6080 [ 1401.476513][T11225] should_failslab+0x5/0x20 [ 1401.481181][T11225] __kmalloc+0x66/0x360 [ 1401.485317][T11225] ? rw_verify_area+0x136/0x250 [ 1401.490191][T11225] io_issue_sqe+0x418f/0x6080 [ 1401.494871][T11225] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1401.500326][T11225] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1401.506167][T11225] ? __io_queue_proc+0x99/0x260 [ 1401.511027][T11225] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1401.516599][T11225] ? vga_arb_write+0x17d0/0x17d0 03:59:41 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) semget$private(0x0, 0x1, 0x0) [ 1401.521533][T11225] ? io_async_queue_proc+0x3f/0x50 [ 1401.526646][T11225] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1401.532031][T11225] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1401.537844][T11225] ? try_to_wake_up+0x353/0x470 [ 1401.542780][T11225] ? io_wqe_enqueue+0x457/0x4d0 [ 1401.547632][T11225] ? io_wq_enqueue+0x3a/0x40 [ 1401.552216][T11225] ? io_queue_async_work+0x18d/0x230 [ 1401.557564][T11225] __io_queue_sqe+0xe9/0x3a0 [ 1401.562177][T11225] io_queue_sqe+0x6d/0x160 [ 1401.566582][T11225] io_submit_sqe+0x15c7/0x30c0 03:59:41 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x6000, @fd_index=0x4, 0x10001, 0xfffffffffffffff9, 0x10001, 0x12, 0x1, {0x1, r6}}, 0x800000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x6, 0x10, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(r4, r8, &(0x7f0000000ac0)=@IORING_OP_WRITEV={0x2, 0x3, 0x4004, @fd_index=0x1, 0x4, &(0x7f0000000a80)=[{&(0x7f00000007c0)="bfa5cb67e5ac9d073d99d5e19527b40bbba4336ff866e7e0800f266bf062b3d476a4045912deda26983ac25d1aa212abd8321bb4af3c7310a47d604c2e936e1585a518", 0x43}, {&(0x7f0000000840)="c77d69e7a9300024fce7c49e01a7c326c8e25345c6acc54b5070ce08a4c10146ef38ea3d839d9a193658ea3a45f3c08a330bd17890222c2fda669b6087c04a681d8083bce9c28bd714e5ddefc1959863c7761e52055f7f8c585b16599804f20a19492943b60db0eb15aed83b7cb5d8eb040ee4cf5783abef00a5b77af72c", 0x7e}, {&(0x7f00000008c0)="4cf32b7017cf3383b7271c2e769d73dd6e09c172d09a454a387abaf4a846d8b0e751cc9eb032df4ce2a85f053ec9a2481e6bc56bce632b8aeb7eb7e894f636097e0dc80c4e1de1ae8eead94c0e04357ae4c0b26130822a770fa02e715a913ba8795a7bd7d6599768bfcdbab2f71214041a343ee21f8af685665d89a8e3812aa0655fa38472678007b55e3b5ef1fa39e173a5af60949e136ef719720d52c65f22ff6500000ea45d6617", 0xa9}, {&(0x7f0000000980)="bc669527a09600607eb7a6a96216fdb89c64db4a8e09511b0a18bd18896d7158011356e4e173f74b39c16d7f35fa41edc4046d3399b31c7efb8d1b24cf3751843356024b3e3c96b799cbdb388da64c715c4f724a458981d5d49c3426548e8a17eed7d369de29e7f84f856ae68ae7c06cb143e793db89e73367cb3ba9a01bf188e752e40c2afbca6f56cef3e20d70cf06c5e4227a1771083fd6d696eda28f1bd17e8c02947de99eefb9c7de9e0a955425e701d0f7d7372826c5013bc9110dec2262fc949f7c56aba39a3d4b7e47d93258d58c8a417f56eb656a415ddcfdf74f4c776bb814511f8dde46", 0xe9}], 0x4, 0x10, 0x1, {0x3}}, 0x5) syz_io_uring_submit(r4, r2, &(0x7f0000000780)=@IORING_OP_SENDMSG={0x9, 0x6de31d0314f6ad20, 0x0, r7, 0x0, &(0x7f0000000740)={&(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x4, 0x3, 0x0, {0xa, 0x4e20, 0x9, @local, 0x4c889c53}}}, 0x80, &(0x7f0000000540)=[{&(0x7f00000002c0)="0ec2deb6c98a41a564d422b6ce48bfec23fb81e29ad9ad047914149c00242460", 0x20}, {&(0x7f0000000300)="3576f00c2e71ec50bee83031cbd05e097cef1ef8e5e43c5c12686f6a2c4a7ef05919e3ae4ec75acec319c1c88a1e5e37b6585536b0a176ff2b91f264ddd6d7dd762a48bf49fec5a46e364f4e1fbd3613356c0a6aeae55ab39174bc08f19014bf8c0d6964706935ed2970eada665e0a50d66307443123af7aca3a1471728cf0d711ffd60cac8e0218208926e6c3e92ab44778ac40281e18800a9dbbf00b6834e1c58f06773356b25b75de39a31a0c11819d5f15d8e7f22dfd392d8f5bc1f9481378970dd6917983dc649a", 0xca}, {&(0x7f0000000400)="4a4c6b318baaf5bdb5e6dc9d6625d4cb2e581cac5d2e3bf1f71eae8c03da3e54d9f6f1226c105b59df9d23bcc232f5b02d728f0baefe9c75180949a2b681227ae120904ad72cfbb7043fd70d", 0x4c}, {&(0x7f0000000480)="a1bf2a54fca981e0c5a609943c3f1258bf696d4dc7de", 0x16}, {&(0x7f00000004c0)="28f04b5e82b12cd3c5d6daedad9c1b3b47f871a802c18815c74484d7a2be3519bb3b5cddc1ed31c73591b6896447f7a7f79f48065da031e502f5e52362cc8b1978849cf7104d12047471ed23b5bd71d4fc051c7dec42c523590c827388ae995422d43591", 0x64}], 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="b0000000000000001301000081000000c14d7f8aaa9a717238168526b3c1dd640c9fec9171721c10870bcdbef8a64a29e891fc48e0fa2cfe55e9810d965ebab203b58e251670abf4c8a2940c33f7edd67aef8e312a5fb40cff04e63284f872f56353905660b24094b70686a88509f66bc0280c50d7eaa247641f6827e1797edb21f65d53e70ee3edf8c15f0a1be4f0c181ebd92b7fb3a657a23267824723165220e11f380000d000000000000000010100000300000075c75ba095505b9572cd262243429279fbc8afeda6060cf90df2b8022ddce354b2b075c8cd7b63f24ffe07111b52734748b5b9d9d73062ab284579eb6d134afb31ae6f501f9cfb3783adbb48f7981ac7436ce117a594e1b15e1523fa1a0b902cbe137e56711abf5afe7fa27af590e9ae07d5f77a530b7cc3f3738e50ffe1a8211464fd026fd5d0d13dfe2bf62d9b9876db3b2a9b520f4024f26d74e2bd2b4c78f77336609a995f407a9c067c19883754e8d300"/377], 0x180}, 0x0, 0x40000, 0x0, {0x0, r6}}, 0x3) 03:59:41 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/106, 0x6a}], 0x1, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) [ 1401.571375][T11225] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1401.576829][T11225] io_submit_sqes+0x61f/0xaf0 [ 1401.581513][T11225] __se_sys_io_uring_enter+0x217/0xb20 [ 1401.586994][T11225] ? fput+0x2d/0x130 [ 1401.590888][T11225] __x64_sys_io_uring_enter+0x74/0x80 [ 1401.590915][T11225] do_syscall_64+0x34/0x50 03:59:41 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {0x0, 0x2}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) [ 1401.590986][T11225] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1401.591007][T11225] RIP: 0033:0x4665f9 [ 1401.591021][T11225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:59:41 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0x8]) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r0, &(0x7f0000000000)=[{0x2, 0x1, 0x1800}, {0x2, 0x101, 0x1000}, {0x1, 0x40, 0x1000}], 0x3) [ 1401.591039][T11225] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1401.591057][T11225] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1401.591073][T11225] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1401.591090][T11225] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:42 executing program 0 (fault-call:7 fault-nth:65): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:42 executing program 4: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x17ba, &(0x7f0000000240)={0x0, 0x6c49, 0x20, 0x0, 0x288, 0x0, r0}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000000100), &(0x7f00000001c0)=0x0) r4 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)='3', 0x1, 0x0, 0x1, {0x0, r7}}, 0x7) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1401.591145][T11225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1401.591167][T11225] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1401.879356][T11266] FAULT_INJECTION: forcing a failure. [ 1401.879356][T11266] name failslab, interval 1, probability 0, space 0, times 0 [ 1401.892024][T11266] CPU: 0 PID: 11266 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1401.900786][T11266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1401.910859][T11266] Call Trace: [ 1401.914135][T11266] dump_stack+0x137/0x19d [ 1401.918447][T11266] should_fail+0x23c/0x250 [ 1401.922900][T11266] __should_failslab+0x81/0x90 [ 1401.927773][T11266] ? io_arm_poll_handler+0x15e/0x420 [ 1401.933047][T11266] should_failslab+0x5/0x20 [ 1401.937550][T11266] kmem_cache_alloc_trace+0x49/0x320 [ 1401.942875][T11266] io_arm_poll_handler+0x15e/0x420 [ 1401.947989][T11266] ? io_wq_enqueue+0x3a/0x40 [ 1401.952574][T11266] ? io_queue_async_work+0x18d/0x230 [ 1401.957861][T11266] __io_queue_sqe+0x133/0x3a0 [ 1401.962541][T11266] io_queue_sqe+0x6d/0x160 [ 1401.967009][T11266] io_submit_sqe+0x15c7/0x30c0 [ 1401.971829][T11266] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1401.977281][T11266] io_submit_sqes+0x61f/0xaf0 [ 1401.981998][T11266] __se_sys_io_uring_enter+0x217/0xb20 [ 1401.987471][T11266] ? fput+0x2d/0x130 [ 1401.991408][T11266] __x64_sys_io_uring_enter+0x74/0x80 [ 1401.996812][T11266] do_syscall_64+0x34/0x50 [ 1402.001222][T11266] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1402.007144][T11266] RIP: 0033:0x4665f9 03:59:42 executing program 4: r0 = syz_io_uring_setup(0x265f, &(0x7f0000000080)={0x0, 0xc955, 0x0, 0x2}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$vga_arbiter(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000000000000000009e3e76d1fa5d7c41b1b68525102be49d5a8c7af2a98e1eb486239157700d70a6e6507598a938105a278b225816471fec7806893e99566594fb1d254625d51f18a413e9ae091653a24025ae6f9ca895c969d5fc4109107af66336d17865c60038c69d486c64d85d6aeee24ccec37d1af37ecd13865cd58483e9a56cd3276a625efcfa93f85f8bcc1ef27833a2859047ab47960239"], 0xf) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:42 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800780000000000000000000000000800000043"], 0x78) [ 1402.011036][T11266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1402.011082][T11266] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1402.011099][T11266] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 03:59:42 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0x5, 0x0) [ 1402.011113][T11266] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 03:59:42 executing program 4 (fault-call:1 fault-nth:0): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000800000048"], 0x78) [ 1402.011124][T11266] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1402.011134][T11266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:42 executing program 0 (fault-call:7 fault-nth:66): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1402.011143][T11266] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1402.260971][T11302] FAULT_INJECTION: forcing a failure. [ 1402.260971][T11302] name failslab, interval 1, probability 0, space 0, times 0 [ 1402.273690][T11302] CPU: 1 PID: 11302 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1402.282544][T11302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1402.292590][T11302] Call Trace: [ 1402.295853][T11302] dump_stack+0x137/0x19d [ 1402.300166][T11302] should_fail+0x23c/0x250 [ 1402.304566][T11302] __should_failslab+0x81/0x90 [ 1402.309528][T11302] ? io_issue_sqe+0x418f/0x6080 [ 1402.314583][T11302] should_failslab+0x5/0x20 [ 1402.319082][T11302] __kmalloc+0x66/0x360 [ 1402.323236][T11302] ? rw_verify_area+0x136/0x250 [ 1402.328078][T11302] io_issue_sqe+0x418f/0x6080 [ 1402.332762][T11302] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1402.338180][T11302] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1402.343997][T11302] ? __io_queue_proc+0x99/0x260 [ 1402.348856][T11302] ? vga_arb_write+0x17d0/0x17d0 [ 1402.353831][T11302] ? io_async_queue_proc+0x3f/0x50 [ 1402.358965][T11302] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1402.364330][T11302] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1402.370143][T11302] ? try_to_wake_up+0x353/0x470 [ 1402.374990][T11302] ? io_wqe_enqueue+0x457/0x4d0 [ 1402.379831][T11302] ? io_wq_enqueue+0x3a/0x40 [ 1402.384411][T11302] ? io_queue_async_work+0x18d/0x230 [ 1402.389752][T11302] __io_queue_sqe+0xe9/0x3a0 [ 1402.394344][T11302] io_queue_sqe+0x6d/0x160 [ 1402.398751][T11302] io_submit_sqe+0x15c7/0x30c0 [ 1402.403523][T11302] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1402.408978][T11302] io_submit_sqes+0x61f/0xaf0 [ 1402.413653][T11302] __se_sys_io_uring_enter+0x217/0xb20 [ 1402.419115][T11302] ? fput+0x2d/0x130 [ 1402.422999][T11302] __x64_sys_io_uring_enter+0x74/0x80 [ 1402.428379][T11302] do_syscall_64+0x34/0x50 [ 1402.432836][T11302] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1402.438730][T11302] RIP: 0033:0x4665f9 [ 1402.442615][T11302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1402.462254][T11302] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1402.470663][T11302] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1402.478631][T11302] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1402.486603][T11302] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1402.494573][T11302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1402.502537][T11302] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:42 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) write$binfmt_elf64(r2, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0xfc, 0x81, 0x2, 0x7, 0x8, 0x3, 0x6, 0x67, 0xb5, 0x40, 0x233, 0x5, 0x8600, 0x38, 0x1, 0x3, 0x6, 0x1}, [{0x60000000, 0x101, 0x8, 0x4, 0x3f, 0x7, 0x20}, {0x7, 0x47, 0x9, 0xf1, 0x7, 0x6, 0x8, 0x81}], "77cfaafd499eb514c09cb5d9d3ec2dc155df6946be69e300b16ed1919c51b3e924758a1efacf1baa531633cc053b4839296da96bea59d218b580192f9511a82546e2bfe1f6bdea764e680417babb3bae13ecc579dab338b061347c14cfd25d9d342feb51f3116e9cde62071971fd1f4b3ad919e142831ffe2e764aafee0b16b5", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x830) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x402, 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r4 = fcntl$dupfd(r1, 0x0, r0) r5 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r5, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r7 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @remote}, 0x6f, r6}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000b00)={'ip6_vti0\x00', &(0x7f0000000a80)={'syztnl0\x00', r6, 0x2f, 0x9, 0x6, 0x7, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, 0x7800, 0x8000, 0x8000, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000a00)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl1\x00', r3, 0x2f, 0x40, 0x9, 0x0, 0x1, @private2, @empty, 0x10, 0x20, 0x5, 0x3400}}) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) mmap(&(0x7f0000111000/0x3000)=nil, 0x3000, 0x200000a, 0x10010, r8, 0x94373000) 03:59:42 executing program 1: semop(0x0, &(0x7f0000000040)=[{0x2, 0x80}, {}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) 03:59:42 executing program 1: r0 = semget(0x2, 0x0, 0x201) semop(r0, &(0x7f0000000040)=[{0x0, 0x80, 0x1800}, {0x4, 0x3}], 0x2) semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = semget(0x0, 0x1, 0x100) semctl$GETZCNT(r1, 0x4, 0xf, &(0x7f00000000c0)=""/195) r2 = semget(0x2, 0x0, 0x200) r3 = semget(0x3, 0x2, 0x249) semop(r3, &(0x7f0000000080)=[{0x3, 0x7, 0x1000}, {0x2, 0x1, 0x800}, {0x1, 0x9, 0x1000}, {0x4, 0x7}, {0x3, 0x9, 0x1800}], 0x5) semop(r2, &(0x7f0000000000)=[{0x0, 0x2, 0x1800}, {0x1, 0x3, 0x1800}, {0x1, 0x1}, {0x1, 0x4, 0x1000}, {0x3, 0x5, 0x800}], 0x5) 03:59:42 executing program 0 (fault-call:7 fault-nth:67): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1402.686097][T11322] FAULT_INJECTION: forcing a failure. [ 1402.686097][T11322] name failslab, interval 1, probability 0, space 0, times 0 [ 1402.698855][T11322] CPU: 0 PID: 11322 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1402.707609][T11322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1402.717660][T11322] Call Trace: [ 1402.720934][T11322] dump_stack+0x137/0x19d [ 1402.725264][T11322] should_fail+0x23c/0x250 [ 1402.729661][T11322] __should_failslab+0x81/0x90 [ 1402.734472][T11322] ? io_arm_poll_handler+0x15e/0x420 [ 1402.739765][T11322] should_failslab+0x5/0x20 [ 1402.744278][T11322] kmem_cache_alloc_trace+0x49/0x320 [ 1402.749625][T11322] io_arm_poll_handler+0x15e/0x420 [ 1402.754743][T11322] ? io_wq_enqueue+0x3a/0x40 [ 1402.759312][T11322] ? io_queue_async_work+0x18d/0x230 [ 1402.764649][T11322] __io_queue_sqe+0x133/0x3a0 [ 1402.769328][T11322] io_queue_sqe+0x6d/0x160 [ 1402.773740][T11322] io_submit_sqe+0x15c7/0x30c0 [ 1402.778492][T11322] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1402.784042][T11322] io_submit_sqes+0x61f/0xaf0 [ 1402.788779][T11322] __se_sys_io_uring_enter+0x217/0xb20 [ 1402.794238][T11322] ? fput+0x2d/0x130 [ 1402.798134][T11322] __x64_sys_io_uring_enter+0x74/0x80 [ 1402.803534][T11322] do_syscall_64+0x34/0x50 [ 1402.807935][T11322] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1402.813822][T11322] RIP: 0033:0x4665f9 03:59:42 executing program 1 (fault-call:4 fault-nth:0): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000800000048"], 0x78) [ 1402.817724][T11322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1402.837357][T11322] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1402.845753][T11322] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1402.853770][T11322] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1402.861723][T11322] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1402.869678][T11322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1402.877641][T11322] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1402.972143][T11296] FAULT_INJECTION: forcing a failure. [ 1402.972143][T11296] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1402.985311][T11296] CPU: 1 PID: 11296 Comm: syz-executor.4 Not tainted 5.12.0-rc8-syzkaller #0 [ 1402.994080][T11296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.004135][T11296] Call Trace: [ 1403.007410][T11296] dump_stack+0x137/0x19d [ 1403.011735][T11296] should_fail+0x23c/0x250 [ 1403.016148][T11296] should_fail_usercopy+0x16/0x20 03:59:43 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800020800000000000000000000000800000043"], 0x78) 03:59:43 executing program 0 (fault-call:7 fault-nth:68): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1403.021177][T11296] _copy_from_iter+0x15a/0x7b0 [ 1403.025951][T11296] ? __virt_addr_valid+0x15a/0x1a0 [ 1403.031068][T11296] file_tty_write+0x3d1/0x660 [ 1403.035749][T11296] ? n_tty_read+0x10c0/0x10c0 [ 1403.040424][T11296] tty_write+0x24/0x30 [ 1403.044495][T11296] vfs_write+0x69d/0x770 [ 1403.048747][T11296] ksys_write+0xce/0x180 [ 1403.052997][T11296] __x64_sys_write+0x3e/0x50 [ 1403.057596][T11296] do_syscall_64+0x34/0x50 [ 1403.062019][T11296] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1403.067919][T11296] RIP: 0033:0x4665f9 03:59:43 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xc, 0x0) [ 1403.071807][T11296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1403.091485][T11296] RSP: 002b:00007fa12737b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1403.099899][T11296] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1403.107874][T11296] RDX: 0000000000000078 RSI: 0000000020000180 RDI: 0000000000000003 [ 1403.115871][T11296] RBP: 00007fa12737b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.123963][T11296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1403.131937][T11296] R13: 00007ffffef2b69f R14: 00007fa12737b300 R15: 0000000000022000 [ 1403.138471][T11343] FAULT_INJECTION: forcing a failure. [ 1403.138471][T11343] name failslab, interval 1, probability 0, space 0, times 0 [ 1403.152547][T11343] CPU: 0 PID: 11343 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1403.161323][T11343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 03:59:43 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000800000048"], 0x78) [ 1403.171383][T11343] Call Trace: [ 1403.174663][T11343] dump_stack+0x137/0x19d [ 1403.178988][T11343] should_fail+0x23c/0x250 [ 1403.183448][T11343] __should_failslab+0x81/0x90 [ 1403.188214][T11343] should_failslab+0x5/0x20 [ 1403.192724][T11343] kmem_cache_alloc_bulk+0x40/0x380 [ 1403.197925][T11343] io_submit_sqes+0x515/0xaf0 [ 1403.202606][T11343] __se_sys_io_uring_enter+0x217/0xb20 [ 1403.208091][T11343] ? fput+0x2d/0x130 [ 1403.212074][T11343] __x64_sys_io_uring_enter+0x74/0x80 [ 1403.217484][T11343] do_syscall_64+0x34/0x50 [ 1403.221886][T11343] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1403.227766][T11343] RIP: 0033:0x4665f9 [ 1403.231737][T11343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1403.251342][T11343] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1403.259761][T11343] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1403.267810][T11343] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1403.275767][T11343] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.283802][T11343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1403.291764][T11343] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:43 executing program 0 (fault-call:7 fault-nth:69): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1403.418321][T11360] FAULT_INJECTION: forcing a failure. [ 1403.418321][T11360] name failslab, interval 1, probability 0, space 0, times 0 [ 1403.430973][T11360] CPU: 1 PID: 11360 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1403.439739][T11360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.449975][T11360] Call Trace: [ 1403.453240][T11360] dump_stack+0x137/0x19d [ 1403.457568][T11360] should_fail+0x23c/0x250 [ 1403.462052][T11360] __should_failslab+0x81/0x90 [ 1403.466817][T11360] ? io_issue_sqe+0x418f/0x6080 [ 1403.471673][T11360] should_failslab+0x5/0x20 [ 1403.476180][T11360] __kmalloc+0x66/0x360 [ 1403.480328][T11360] ? rw_verify_area+0x136/0x250 [ 1403.485275][T11360] io_issue_sqe+0x418f/0x6080 [ 1403.489962][T11360] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1403.495331][T11360] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1403.501157][T11360] ? __io_queue_proc+0x99/0x260 [ 1403.506019][T11360] ? vga_arb_write+0x17d0/0x17d0 [ 1403.510942][T11360] ? io_async_queue_proc+0x3f/0x50 [ 1403.516041][T11360] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1403.521463][T11360] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1403.527333][T11360] ? try_to_wake_up+0x353/0x470 [ 1403.532217][T11360] ? io_wqe_enqueue+0x457/0x4d0 [ 1403.537055][T11360] ? io_wq_enqueue+0x3a/0x40 [ 1403.541646][T11360] ? io_queue_async_work+0x18d/0x230 [ 1403.546936][T11360] __io_queue_sqe+0xe9/0x3a0 [ 1403.551589][T11360] io_queue_sqe+0x6d/0x160 [ 1403.555999][T11360] io_submit_sqe+0x15c7/0x30c0 [ 1403.560775][T11360] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1403.566241][T11360] io_submit_sqes+0x61f/0xaf0 [ 1403.570926][T11360] __se_sys_io_uring_enter+0x217/0xb20 [ 1403.576388][T11360] ? fput+0x2d/0x130 [ 1403.580365][T11360] __x64_sys_io_uring_enter+0x74/0x80 [ 1403.585739][T11360] do_syscall_64+0x34/0x50 [ 1403.590270][T11360] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1403.596208][T11360] RIP: 0033:0x4665f9 [ 1403.600163][T11360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1403.602207][T11330] FAULT_INJECTION: forcing a failure. [ 1403.602207][T11330] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1403.619809][T11360] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1403.619831][T11360] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1403.619842][T11360] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1403.619853][T11360] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.665265][T11360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1403.673237][T11360] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1403.681295][T11330] CPU: 0 PID: 11330 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0 [ 1403.690058][T11330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.700205][T11330] Call Trace: [ 1403.703502][T11330] dump_stack+0x137/0x19d [ 1403.707832][T11330] should_fail+0x23c/0x250 [ 1403.712246][T11330] __alloc_pages_nodemask+0xe7/0x310 [ 1403.717558][T11330] alloc_pages_current+0x21d/0x310 [ 1403.722677][T11330] __get_free_pages+0x8/0x30 [ 1403.727300][T11330] __tlb_remove_page_size+0xf6/0x180 [ 1403.732613][T11330] zap_pte_range+0x626/0xe20 [ 1403.737243][T11330] unmap_page_range+0x2dc/0x3d0 [ 1403.742150][T11330] unmap_single_vma+0x157/0x210 [ 1403.747043][T11330] unmap_vmas+0xc0/0x170 [ 1403.751353][T11330] exit_mmap+0x1be/0x400 [ 1403.755588][T11330] __mmput+0x27/0x1c0 [ 1403.759650][T11330] mmput+0x3d/0x50 [ 1403.763426][T11330] exit_mm+0x360/0x450 [ 1403.767515][T11330] ? taskstats_exit+0x357/0x750 [ 1403.772447][T11330] ? acct_collect+0x3bc/0x420 [ 1403.777120][T11330] do_exit+0x3ff/0x1560 [ 1403.781264][T11330] do_group_exit+0xce/0x1a0 [ 1403.785835][T11330] get_signal+0xf83/0x15d0 [ 1403.790315][T11330] ? tty_write+0x24/0x30 [ 1403.794547][T11330] ? vfs_write+0x51d/0x770 [ 1403.798956][T11330] arch_do_signal_or_restart+0x2a/0x220 [ 1403.804493][T11330] ? task_work_add+0x11e/0x140 [ 1403.809248][T11330] ? fput+0x108/0x130 [ 1403.813288][T11330] exit_to_user_mode_prepare+0x104/0x170 [ 1403.818909][T11330] syscall_exit_to_user_mode+0x20/0x40 [ 1403.824361][T11330] do_syscall_64+0x40/0x50 [ 1403.828875][T11330] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1403.834767][T11330] RIP: 0033:0x4665f9 [ 1403.838657][T11330] Code: Unable to access opcode bytes at RIP 0x4665cf. [ 1403.845504][T11330] RSP: 002b:00007efef15b8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1403.853910][T11330] RAX: fffffffffffffe00 RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1403.861875][T11330] RDX: 0000000000000078 RSI: 0000000020000180 RDI: 0000000000000003 03:59:44 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r2, &(0x7f0000000280), 0x0, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00m\x00\x00\x00'], 0x78) [ 1403.869841][T11330] RBP: 00007efef15b81d0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.877802][T11330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1403.885764][T11330] R13: 00007ffe01af4e5f R14: 00007efef15b8300 R15: 0000000000022000 03:59:44 executing program 0 (fault-call:7 fault-nth:70): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:44 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000800000048"], 0x78) 03:59:44 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000078000000000000000000000800000043"], 0x78) [ 1403.984097][T11378] FAULT_INJECTION: forcing a failure. [ 1403.984097][T11378] name failslab, interval 1, probability 0, space 0, times 0 [ 1403.996760][T11378] CPU: 1 PID: 11378 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1404.005527][T11378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1404.015641][T11378] Call Trace: [ 1404.018932][T11378] dump_stack+0x137/0x19d [ 1404.023258][T11378] should_fail+0x23c/0x250 [ 1404.027671][T11378] __should_failslab+0x81/0x90 03:59:44 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xd, 0x0) 03:59:44 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393808000800000000000000000000000800000048"], 0x78) [ 1404.032441][T11378] ? io_arm_poll_handler+0x15e/0x420 [ 1404.037730][T11378] should_failslab+0x5/0x20 [ 1404.042268][T11378] kmem_cache_alloc_trace+0x49/0x320 [ 1404.047565][T11378] io_arm_poll_handler+0x15e/0x420 [ 1404.052688][T11378] ? io_wq_enqueue+0x3a/0x40 [ 1404.057292][T11378] ? io_queue_async_work+0x18d/0x230 [ 1404.062648][T11378] __io_queue_sqe+0x133/0x3a0 [ 1404.067327][T11378] io_queue_sqe+0x6d/0x160 [ 1404.071784][T11378] io_submit_sqe+0x15c7/0x30c0 [ 1404.076615][T11378] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1404.082127][T11378] io_submit_sqes+0x61f/0xaf0 [ 1404.086817][T11378] __se_sys_io_uring_enter+0x217/0xb20 [ 1404.092277][T11378] ? fput+0x2d/0x130 [ 1404.096172][T11378] __x64_sys_io_uring_enter+0x74/0x80 [ 1404.101574][T11378] do_syscall_64+0x34/0x50 [ 1404.105998][T11378] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1404.112050][T11378] RIP: 0033:0x4665f9 [ 1404.116074][T11378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.135709][T11378] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1404.144110][T11378] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1404.152104][T11378] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1404.160196][T11378] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1404.168165][T11378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1404.176121][T11378] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:44 executing program 0 (fault-call:7 fault-nth:71): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1404.303057][T11400] FAULT_INJECTION: forcing a failure. [ 1404.303057][T11400] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.315999][T11400] CPU: 1 PID: 11400 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1404.324781][T11400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1404.334831][T11400] Call Trace: [ 1404.338180][T11400] dump_stack+0x137/0x19d [ 1404.342495][T11400] should_fail+0x23c/0x250 [ 1404.346894][T11400] __should_failslab+0x81/0x90 [ 1404.351670][T11400] ? io_issue_sqe+0x418f/0x6080 [ 1404.356522][T11400] should_failslab+0x5/0x20 [ 1404.361113][T11400] __kmalloc+0x66/0x360 [ 1404.365265][T11400] ? rw_verify_area+0x136/0x250 [ 1404.370107][T11400] io_issue_sqe+0x418f/0x6080 [ 1404.374798][T11400] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1404.380158][T11400] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1404.385979][T11400] ? __io_queue_proc+0x99/0x260 [ 1404.390892][T11400] ? vga_arb_write+0x17d0/0x17d0 [ 1404.395865][T11400] ? io_async_queue_proc+0x3f/0x50 [ 1404.400971][T11400] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1404.406418][T11400] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1404.412323][T11400] ? try_to_wake_up+0x353/0x470 [ 1404.417200][T11400] ? io_wqe_enqueue+0x457/0x4d0 [ 1404.422057][T11400] ? io_wq_enqueue+0x3a/0x40 [ 1404.426644][T11400] ? io_queue_async_work+0x18d/0x230 [ 1404.431947][T11400] __io_queue_sqe+0xe9/0x3a0 [ 1404.436591][T11400] io_queue_sqe+0x6d/0x160 [ 1404.441003][T11400] io_submit_sqe+0x15c7/0x30c0 [ 1404.445775][T11400] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1404.451251][T11400] io_submit_sqes+0x61f/0xaf0 [ 1404.455932][T11400] __se_sys_io_uring_enter+0x217/0xb20 [ 1404.461376][T11400] ? fput+0x2d/0x130 [ 1404.465299][T11400] __x64_sys_io_uring_enter+0x74/0x80 [ 1404.470757][T11400] do_syscall_64+0x34/0x50 [ 1404.475171][T11400] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1404.481077][T11400] RIP: 0033:0x4665f9 [ 1404.484975][T11400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.504576][T11400] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1404.512970][T11400] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1404.520939][T11400] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1404.528902][T11400] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1404.536863][T11400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1404.544931][T11400] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:44 executing program 0 (fault-call:7 fault-nth:72): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1404.676851][T11407] FAULT_INJECTION: forcing a failure. [ 1404.676851][T11407] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.689514][T11407] CPU: 1 PID: 11407 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1404.698270][T11407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1404.708341][T11407] Call Trace: [ 1404.711659][T11407] dump_stack+0x137/0x19d [ 1404.715992][T11407] should_fail+0x23c/0x250 [ 1404.720406][T11407] __should_failslab+0x81/0x90 [ 1404.725173][T11407] ? io_arm_poll_handler+0x15e/0x420 [ 1404.730453][T11407] should_failslab+0x5/0x20 [ 1404.734947][T11407] kmem_cache_alloc_trace+0x49/0x320 [ 1404.740292][T11407] io_arm_poll_handler+0x15e/0x420 [ 1404.745422][T11407] ? io_wq_enqueue+0x3a/0x40 [ 1404.750024][T11407] ? io_queue_async_work+0x18d/0x230 [ 1404.755312][T11407] __io_queue_sqe+0x133/0x3a0 [ 1404.760014][T11407] io_queue_sqe+0x6d/0x160 [ 1404.764513][T11407] io_submit_sqe+0x15c7/0x30c0 [ 1404.769279][T11407] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:45 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393802000800000000000000000000000800000048"], 0x78) [ 1404.774807][T11407] io_submit_sqes+0x61f/0xaf0 [ 1404.779467][T11407] __se_sys_io_uring_enter+0x217/0xb20 [ 1404.784912][T11407] ? fput+0x2d/0x130 [ 1404.788806][T11407] __x64_sys_io_uring_enter+0x74/0x80 [ 1404.794163][T11407] do_syscall_64+0x34/0x50 [ 1404.798646][T11407] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1404.804534][T11407] RIP: 0033:0x4665f9 [ 1404.808435][T11407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.828053][T11407] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1404.828076][T11407] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1404.828087][T11407] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1404.828098][T11407] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1404.828107][T11407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:45 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000802000000000000000000000800000043"], 0x78) 03:59:45 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xe, 0x0) [ 1404.828117][T11407] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:45 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{}, {}, {}, {}]}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(r3, &(0x7f00000000c0)='./file0\x00', 0x402001, 0x21) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b070000006d"], 0x78) 03:59:45 executing program 0 (fault-call:7 fault-nth:73): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:45 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800080800000000000000000000000800000048"], 0x78) [ 1405.046731][T11437] FAULT_INJECTION: forcing a failure. [ 1405.046731][T11437] name failslab, interval 1, probability 0, space 0, times 0 [ 1405.059527][T11437] CPU: 0 PID: 11437 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1405.068322][T11437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.078414][T11437] Call Trace: [ 1405.081744][T11437] dump_stack+0x137/0x19d [ 1405.086077][T11437] should_fail+0x23c/0x250 [ 1405.090503][T11437] __should_failslab+0x81/0x90 [ 1405.095269][T11437] ? io_issue_sqe+0x418f/0x6080 [ 1405.100153][T11437] should_failslab+0x5/0x20 [ 1405.104811][T11437] __kmalloc+0x66/0x360 [ 1405.108957][T11437] ? rw_verify_area+0x136/0x250 [ 1405.113853][T11437] io_issue_sqe+0x418f/0x6080 [ 1405.118565][T11437] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1405.123936][T11437] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1405.129740][T11437] ? __io_queue_proc+0x99/0x260 [ 1405.134579][T11437] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1405.140122][T11437] ? vga_arb_write+0x17d0/0x17d0 [ 1405.145114][T11437] ? io_async_queue_proc+0x3f/0x50 [ 1405.150213][T11437] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1405.155661][T11437] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1405.161473][T11437] ? try_to_wake_up+0x353/0x470 [ 1405.166326][T11437] ? io_wqe_enqueue+0x457/0x4d0 [ 1405.171235][T11437] ? io_wq_enqueue+0x3a/0x40 [ 1405.175821][T11437] ? io_queue_async_work+0x18d/0x230 [ 1405.181087][T11437] __io_queue_sqe+0xe9/0x3a0 [ 1405.185661][T11437] io_queue_sqe+0x6d/0x160 [ 1405.190084][T11437] io_submit_sqe+0x15c7/0x30c0 [ 1405.194929][T11437] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1405.200373][T11437] io_submit_sqes+0x61f/0xaf0 [ 1405.205043][T11437] __se_sys_io_uring_enter+0x217/0xb20 [ 1405.210555][T11437] ? fput+0x2d/0x130 [ 1405.214445][T11437] __x64_sys_io_uring_enter+0x74/0x80 [ 1405.219887][T11437] do_syscall_64+0x34/0x50 [ 1405.224305][T11437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1405.230194][T11437] RIP: 0033:0x4665f9 [ 1405.234098][T11437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.253719][T11437] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1405.262130][T11437] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1405.270108][T11437] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1405.278066][T11437] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.286165][T11437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.294168][T11437] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:45 executing program 0 (fault-call:7 fault-nth:74): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1405.422032][T11453] FAULT_INJECTION: forcing a failure. [ 1405.422032][T11453] name failslab, interval 1, probability 0, space 0, times 0 [ 1405.434681][T11453] CPU: 1 PID: 11453 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1405.443477][T11453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.453523][T11453] Call Trace: [ 1405.456831][T11453] dump_stack+0x137/0x19d [ 1405.461164][T11453] should_fail+0x23c/0x250 [ 1405.465568][T11453] __should_failslab+0x81/0x90 [ 1405.470359][T11453] ? io_arm_poll_handler+0x15e/0x420 [ 1405.475698][T11453] should_failslab+0x5/0x20 [ 1405.480275][T11453] kmem_cache_alloc_trace+0x49/0x320 [ 1405.485547][T11453] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1405.491341][T11453] io_arm_poll_handler+0x15e/0x420 [ 1405.496517][T11453] ? io_wq_enqueue+0x3a/0x40 [ 1405.501090][T11453] ? io_queue_async_work+0x18d/0x230 [ 1405.506392][T11453] __io_queue_sqe+0x133/0x3a0 [ 1405.511134][T11453] io_queue_sqe+0x6d/0x160 [ 1405.515651][T11453] io_submit_sqe+0x15c7/0x30c0 [ 1405.520418][T11453] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1405.525908][T11453] io_submit_sqes+0x61f/0xaf0 [ 1405.530647][T11453] __se_sys_io_uring_enter+0x217/0xb20 [ 1405.536221][T11453] ? fput+0x2d/0x130 [ 1405.540109][T11453] __x64_sys_io_uring_enter+0x74/0x80 [ 1405.545546][T11453] do_syscall_64+0x34/0x50 [ 1405.549994][T11453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1405.555880][T11453] RIP: 0033:0x4665f9 [ 1405.559754][T11453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.579384][T11453] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1405.587871][T11453] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1405.595895][T11453] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1405.603860][T11453] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.611870][T11453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1405.619840][T11453] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:45 executing program 0 (fault-call:7 fault-nth:75): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:46 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393808000800000000000000000000000800000048"], 0x78) [ 1405.748594][T11463] FAULT_INJECTION: forcing a failure. [ 1405.748594][T11463] name failslab, interval 1, probability 0, space 0, times 0 [ 1405.761258][T11463] CPU: 1 PID: 11463 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1405.770023][T11463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.780079][T11463] Call Trace: [ 1405.783357][T11463] dump_stack+0x137/0x19d [ 1405.787669][T11463] should_fail+0x23c/0x250 [ 1405.792078][T11463] __should_failslab+0x81/0x90 [ 1405.796869][T11463] ? io_issue_sqe+0x418f/0x6080 [ 1405.801713][T11463] should_failslab+0x5/0x20 [ 1405.806202][T11463] __kmalloc+0x66/0x360 [ 1405.810390][T11463] ? rw_verify_area+0x136/0x250 [ 1405.815241][T11463] io_issue_sqe+0x418f/0x6080 [ 1405.819933][T11463] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1405.825377][T11463] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1405.831192][T11463] ? __io_queue_proc+0x99/0x260 [ 1405.836065][T11463] ? vga_arb_write+0x17d0/0x17d0 [ 1405.841069][T11463] ? io_async_queue_proc+0x3f/0x50 [ 1405.846168][T11463] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1405.851534][T11463] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1405.857510][T11463] ? try_to_wake_up+0x353/0x470 [ 1405.862366][T11463] ? io_wqe_enqueue+0x457/0x4d0 [ 1405.867199][T11463] ? io_wq_enqueue+0x3a/0x40 [ 1405.871857][T11463] ? io_queue_async_work+0x18d/0x230 [ 1405.877136][T11463] __io_queue_sqe+0xe9/0x3a0 [ 1405.881787][T11463] io_queue_sqe+0x6d/0x160 [ 1405.886244][T11463] io_submit_sqe+0x15c7/0x30c0 [ 1405.891072][T11463] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:46 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xf, 0x0) [ 1405.896568][T11463] io_submit_sqes+0x61f/0xaf0 [ 1405.901357][T11463] __se_sys_io_uring_enter+0x217/0xb20 [ 1405.906883][T11463] ? fput+0x2d/0x130 [ 1405.910777][T11463] __x64_sys_io_uring_enter+0x74/0x80 [ 1405.916200][T11463] do_syscall_64+0x34/0x50 [ 1405.920636][T11463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1405.926530][T11463] RIP: 0033:0x4665f9 [ 1405.930417][T11463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.950027][T11463] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1405.958446][T11463] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1405.966437][T11463] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1405.974508][T11463] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.974523][T11463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:46 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000040)={r0, 0x80, 0x3f, 0x1}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000400)={0x1c0, 0x0, 0x300, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x401, 0x4f}}}}, [@NL80211_ATTR_REKEY_DATA={0x58, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="1a2e5396ddc1f3290e6d0bef9d9ce79866e4b36ae4bacd06"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x800}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="a6e1efd732bbe8a03f011e92402c58a0"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x401}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="6c1739783aa0acf631d883f10cbf1f89"}]}, @NL80211_ATTR_REKEY_DATA={0x30, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x7fffffff}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="d29c1255c3a2e2dd2d9d02ed301c3a5f63fb1417430df792"}]}, @NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "543386676fd2ad8a"}]}, @NL80211_ATTR_REKEY_DATA={0xc, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}]}, @NL80211_ATTR_REKEY_DATA={0x90, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="909e40890bdf440b3e70c20085a0999f"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xce72}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="e61c07e775bb59a20f3014ec6576100c2d28c63a08a3864246503168979eb966"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="ae7cff4808c33d65d4a9167eb932ac7bf35ec8752917453a"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="5da3114f942b3b043bd07ea4316a59392c8b62e615fecdfc"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "b20dd5ee8826263c"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}]}, @NL80211_ATTR_REKEY_DATA={0x64, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x7b7f}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x6}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="972cc803832a90ddd713f8d877d52e42"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "6062f57dd8653e2a"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2cbc57402d272f0b"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="23977a434aa56e8392d00655ea418968759998be7d80b9ef6776e07d5f7acfb4"}]}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x20008001}, 0x44040) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) ioctl$VT_RELDISP(r3, 0x5605) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000380)={{0x5c, @dev={0xac, 0x14, 0x14, 0x10}, 0x4e23, 0x2, 'nq\x00', 0x4, 0x4, 0x74}, {@empty, 0x4e21, 0x4, 0x5, 0x8, 0x4}}, 0x44) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:46 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800004000000000000000000000000800000048"], 0x78) 03:59:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000001000000000000000800000043"], 0x78) [ 1405.974533][T11463] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:46 executing program 0 (fault-call:7 fault-nth:76): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1406.165136][T11498] FAULT_INJECTION: forcing a failure. [ 1406.165136][T11498] name failslab, interval 1, probability 0, space 0, times 0 [ 1406.177847][T11498] CPU: 0 PID: 11498 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1406.186603][T11498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.196651][T11498] Call Trace: [ 1406.199944][T11498] dump_stack+0x137/0x19d [ 1406.204266][T11498] should_fail+0x23c/0x250 [ 1406.208665][T11498] __should_failslab+0x81/0x90 [ 1406.213488][T11498] ? io_arm_poll_handler+0x15e/0x420 [ 1406.218852][T11498] should_failslab+0x5/0x20 [ 1406.223402][T11498] kmem_cache_alloc_trace+0x49/0x320 [ 1406.228743][T11498] io_arm_poll_handler+0x15e/0x420 [ 1406.233841][T11498] ? io_wq_enqueue+0x3a/0x40 [ 1406.238407][T11498] ? io_queue_async_work+0x18d/0x230 [ 1406.243725][T11498] __io_queue_sqe+0x133/0x3a0 [ 1406.250125][T11498] io_queue_sqe+0x6d/0x160 [ 1406.254568][T11498] io_submit_sqe+0x15c7/0x30c0 [ 1406.259353][T11498] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1406.264797][T11498] io_submit_sqes+0x61f/0xaf0 [ 1406.269479][T11498] __se_sys_io_uring_enter+0x217/0xb20 [ 1406.274941][T11498] ? fput+0x2d/0x130 [ 1406.278892][T11498] __x64_sys_io_uring_enter+0x74/0x80 [ 1406.284253][T11498] do_syscall_64+0x34/0x50 [ 1406.288688][T11498] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1406.294731][T11498] RIP: 0033:0x4665f9 [ 1406.298703][T11498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1406.318388][T11498] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1406.326902][T11498] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1406.334866][T11498] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1406.342831][T11498] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1406.350812][T11498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1406.358783][T11498] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:46 executing program 0 (fault-call:7 fault-nth:77): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1406.484519][T11506] FAULT_INJECTION: forcing a failure. [ 1406.484519][T11506] name failslab, interval 1, probability 0, space 0, times 0 [ 1406.497209][T11506] CPU: 1 PID: 11506 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1406.505967][T11506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.516016][T11506] Call Trace: [ 1406.519321][T11506] dump_stack+0x137/0x19d [ 1406.523653][T11506] should_fail+0x23c/0x250 [ 1406.528179][T11506] __should_failslab+0x81/0x90 [ 1406.533027][T11506] ? io_issue_sqe+0x418f/0x6080 [ 1406.537874][T11506] should_failslab+0x5/0x20 [ 1406.542380][T11506] __kmalloc+0x66/0x360 [ 1406.546531][T11506] ? rw_verify_area+0x136/0x250 [ 1406.551419][T11506] io_issue_sqe+0x418f/0x6080 [ 1406.556096][T11506] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1406.561492][T11506] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1406.567284][T11506] ? __io_queue_proc+0x99/0x260 [ 1406.572127][T11506] ? vga_arb_write+0x17d0/0x17d0 [ 1406.577068][T11506] ? io_async_queue_proc+0x3f/0x50 [ 1406.582179][T11506] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1406.587562][T11506] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1406.593371][T11506] ? try_to_wake_up+0x353/0x470 [ 1406.598305][T11506] ? io_wqe_enqueue+0x457/0x4d0 [ 1406.603149][T11506] ? io_wq_enqueue+0x3a/0x40 [ 1406.607725][T11506] ? io_queue_async_work+0x18d/0x230 [ 1406.613027][T11506] __io_queue_sqe+0xe9/0x3a0 [ 1406.617636][T11506] io_queue_sqe+0x6d/0x160 [ 1406.622048][T11506] io_submit_sqe+0x15c7/0x30c0 [ 1406.626852][T11506] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1406.632296][T11506] io_submit_sqes+0x61f/0xaf0 [ 1406.636981][T11506] __se_sys_io_uring_enter+0x217/0xb20 [ 1406.642491][T11506] ? fput+0x2d/0x130 [ 1406.646390][T11506] __x64_sys_io_uring_enter+0x74/0x80 [ 1406.651757][T11506] do_syscall_64+0x34/0x50 [ 1406.656158][T11506] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1406.662065][T11506] RIP: 0033:0x4665f9 [ 1406.665974][T11506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1406.685637][T11506] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1406.694033][T11506] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1406.702036][T11506] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1406.709995][T11506] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1406.717957][T11506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1406.725927][T11506] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:47 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000078000000000000000000000800000048"], 0x78) 03:59:47 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0x10, 0x0) 03:59:47 executing program 0 (fault-call:7 fault-nth:78): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:47 executing program 3: seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000080)) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) lseek(r2, 0x3, 0x3) [ 1406.886825][T11527] FAULT_INJECTION: forcing a failure. [ 1406.886825][T11527] name failslab, interval 1, probability 0, space 0, times 0 [ 1406.899470][T11527] CPU: 1 PID: 11527 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1406.908231][T11527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.918285][T11527] Call Trace: [ 1406.921558][T11527] dump_stack+0x137/0x19d [ 1406.925882][T11527] should_fail+0x23c/0x250 [ 1406.930292][T11527] __should_failslab+0x81/0x90 [ 1406.935047][T11527] ? io_arm_poll_handler+0x15e/0x420 [ 1406.940332][T11527] should_failslab+0x5/0x20 [ 1406.944838][T11527] kmem_cache_alloc_trace+0x49/0x320 [ 1406.950107][T11527] io_arm_poll_handler+0x15e/0x420 [ 1406.955204][T11527] ? io_wq_enqueue+0x3a/0x40 [ 1406.959787][T11527] ? io_queue_async_work+0x18d/0x230 [ 1406.965076][T11527] __io_queue_sqe+0x133/0x3a0 [ 1406.969756][T11527] io_queue_sqe+0x6d/0x160 [ 1406.974191][T11527] io_submit_sqe+0x15c7/0x30c0 [ 1406.974217][T11527] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1406.984404][T11527] io_submit_sqes+0x61f/0xaf0 [ 1406.989148][T11527] __se_sys_io_uring_enter+0x217/0xb20 [ 1406.994612][T11527] ? fput+0x2d/0x130 [ 1406.998515][T11527] __x64_sys_io_uring_enter+0x74/0x80 [ 1407.003922][T11527] do_syscall_64+0x34/0x50 [ 1407.008353][T11527] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1407.014261][T11527] RIP: 0033:0x4665f9 [ 1407.018145][T11527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:59:47 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000200000000000000000000000800000048"], 0x78) 03:59:47 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000002000000000000000800000043"], 0x78) [ 1407.037748][T11527] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1407.046152][T11527] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1407.054159][T11527] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1407.062169][T11527] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1407.070140][T11527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1407.078106][T11527] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:47 executing program 0 (fault-call:7 fault-nth:79): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1407.235027][T11554] FAULT_INJECTION: forcing a failure. [ 1407.235027][T11554] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.247672][T11554] CPU: 1 PID: 11554 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1407.256427][T11554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1407.266479][T11554] Call Trace: [ 1407.269759][T11554] dump_stack+0x137/0x19d [ 1407.274077][T11554] should_fail+0x23c/0x250 [ 1407.278485][T11554] __should_failslab+0x81/0x90 [ 1407.283278][T11554] ? io_issue_sqe+0x418f/0x6080 [ 1407.288192][T11554] should_failslab+0x5/0x20 [ 1407.292748][T11554] __kmalloc+0x66/0x360 [ 1407.296927][T11554] ? rw_verify_area+0x136/0x250 [ 1407.301869][T11554] io_issue_sqe+0x418f/0x6080 [ 1407.306550][T11554] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1407.311934][T11554] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1407.317778][T11554] ? __io_queue_proc+0x99/0x260 [ 1407.322752][T11554] ? vga_arb_write+0x17d0/0x17d0 [ 1407.327691][T11554] ? io_async_queue_proc+0x3f/0x50 [ 1407.332796][T11554] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1407.338197][T11554] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1407.344171][T11554] ? try_to_wake_up+0x353/0x470 [ 1407.349019][T11554] ? io_wqe_enqueue+0x457/0x4d0 [ 1407.353865][T11554] ? io_wq_enqueue+0x3a/0x40 [ 1407.359252][T11554] ? io_queue_async_work+0x18d/0x230 [ 1407.364532][T11554] __io_queue_sqe+0xe9/0x3a0 [ 1407.369177][T11554] io_queue_sqe+0x6d/0x160 [ 1407.373650][T11554] io_submit_sqe+0x15c7/0x30c0 [ 1407.378416][T11554] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1407.383878][T11554] io_submit_sqes+0x61f/0xaf0 [ 1407.388558][T11554] __se_sys_io_uring_enter+0x217/0xb20 [ 1407.394021][T11554] ? fput+0x2d/0x130 [ 1407.397920][T11554] __x64_sys_io_uring_enter+0x74/0x80 [ 1407.403384][T11554] do_syscall_64+0x34/0x50 [ 1407.407857][T11554] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1407.413751][T11554] RIP: 0033:0x4665f9 [ 1407.417636][T11554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1407.437350][T11554] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1407.445780][T11554] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1407.453745][T11554] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1407.461782][T11554] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1407.469750][T11554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1407.477721][T11554] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:47 executing program 0 (fault-call:7 fault-nth:80): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1407.605755][T11565] FAULT_INJECTION: forcing a failure. [ 1407.605755][T11565] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.618411][T11565] CPU: 1 PID: 11565 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1407.627235][T11565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1407.637426][T11565] Call Trace: [ 1407.640694][T11565] dump_stack+0x137/0x19d [ 1407.645009][T11565] should_fail+0x23c/0x250 [ 1407.649421][T11565] __should_failslab+0x81/0x90 [ 1407.654170][T11565] ? io_arm_poll_handler+0x15e/0x420 [ 1407.659455][T11565] should_failslab+0x5/0x20 [ 1407.663985][T11565] kmem_cache_alloc_trace+0x49/0x320 [ 1407.669268][T11565] io_arm_poll_handler+0x15e/0x420 [ 1407.674369][T11565] ? io_wq_enqueue+0x3a/0x40 [ 1407.678958][T11565] ? io_queue_async_work+0x18d/0x230 [ 1407.684287][T11565] __io_queue_sqe+0x133/0x3a0 [ 1407.688962][T11565] io_queue_sqe+0x6d/0x160 [ 1407.693367][T11565] io_submit_sqe+0x15c7/0x30c0 [ 1407.698152][T11565] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:47 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0x11, 0x0) 03:59:47 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800780000000000000000000000000800000048"], 0x78) [ 1407.703628][T11565] io_submit_sqes+0x61f/0xaf0 [ 1407.708293][T11565] __se_sys_io_uring_enter+0x217/0xb20 [ 1407.713842][T11565] ? fput+0x2d/0x130 [ 1407.717749][T11565] __x64_sys_io_uring_enter+0x74/0x80 [ 1407.723221][T11565] do_syscall_64+0x34/0x50 [ 1407.723248][T11565] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1407.723344][T11565] RIP: 0033:0x4665f9 [ 1407.723357][T11565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1407.723371][T11565] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1407.723402][T11565] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 03:59:48 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000808000000000000000000000800000048"], 0x78) [ 1407.723413][T11565] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1407.723425][T11565] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1407.723435][T11565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1407.723444][T11565] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:48 executing program 0 (fault-call:7 fault-nth:81): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:48 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4300, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) mmap(&(0x7f0000653000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x54cd8000) [ 1407.941615][T11590] FAULT_INJECTION: forcing a failure. [ 1407.941615][T11590] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.954276][T11590] CPU: 1 PID: 11590 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1407.963034][T11590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1407.973103][T11590] Call Trace: [ 1407.976380][T11590] dump_stack+0x137/0x19d [ 1407.980777][T11590] should_fail+0x23c/0x250 [ 1407.985192][T11590] __should_failslab+0x81/0x90 [ 1407.990015][T11590] ? io_issue_sqe+0x418f/0x6080 [ 1407.994861][T11590] should_failslab+0x5/0x20 [ 1407.999363][T11590] __kmalloc+0x66/0x360 [ 1408.003505][T11590] ? rw_verify_area+0x136/0x250 [ 1408.008376][T11590] io_issue_sqe+0x418f/0x6080 [ 1408.013055][T11590] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1408.018434][T11590] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1408.024241][T11590] ? __io_queue_proc+0x99/0x260 [ 1408.029173][T11590] ? vga_arb_write+0x17d0/0x17d0 [ 1408.034133][T11590] ? io_async_queue_proc+0x3f/0x50 [ 1408.039252][T11590] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1408.044757][T11590] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1408.050559][T11590] ? try_to_wake_up+0x353/0x470 [ 1408.055402][T11590] ? io_wqe_enqueue+0x457/0x4d0 [ 1408.060251][T11590] ? io_wq_enqueue+0x3a/0x40 [ 1408.064854][T11590] ? io_queue_async_work+0x18d/0x230 [ 1408.070148][T11590] __io_queue_sqe+0xe9/0x3a0 [ 1408.074767][T11590] io_queue_sqe+0x6d/0x160 [ 1408.079237][T11590] io_submit_sqe+0x15c7/0x30c0 [ 1408.084003][T11590] ? kmem_cache_alloc_bulk+0x239/0x380 03:59:48 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000100000000000800000043"], 0x78) [ 1408.089465][T11590] io_submit_sqes+0x61f/0xaf0 [ 1408.094144][T11590] __se_sys_io_uring_enter+0x217/0xb20 [ 1408.099698][T11590] ? fput+0x2d/0x130 [ 1408.103582][T11590] __x64_sys_io_uring_enter+0x74/0x80 [ 1408.109034][T11590] do_syscall_64+0x34/0x50 [ 1408.113450][T11590] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1408.119402][T11590] RIP: 0033:0x4665f9 [ 1408.123290][T11590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1408.142909][T11590] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1408.142933][T11590] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1408.142943][T11590] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1408.142956][T11590] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1408.142983][T11590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1408.142995][T11590] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:48 executing program 0 (fault-call:7 fault-nth:82): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1408.306503][T11609] FAULT_INJECTION: forcing a failure. [ 1408.306503][T11609] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.319194][T11609] CPU: 0 PID: 11609 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1408.328026][T11609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1408.338155][T11609] Call Trace: [ 1408.341419][T11609] dump_stack+0x137/0x19d [ 1408.345731][T11609] should_fail+0x23c/0x250 [ 1408.350126][T11609] __should_failslab+0x81/0x90 [ 1408.354872][T11609] ? io_arm_poll_handler+0x15e/0x420 [ 1408.360315][T11609] should_failslab+0x5/0x20 [ 1408.364831][T11609] kmem_cache_alloc_trace+0x49/0x320 [ 1408.370122][T11609] io_arm_poll_handler+0x15e/0x420 [ 1408.375229][T11609] ? io_wq_enqueue+0x3a/0x40 [ 1408.379800][T11609] ? io_queue_async_work+0x18d/0x230 [ 1408.385085][T11609] __io_queue_sqe+0x133/0x3a0 [ 1408.389747][T11609] io_queue_sqe+0x6d/0x160 [ 1408.394158][T11609] io_submit_sqe+0x15c7/0x30c0 [ 1408.398922][T11609] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1408.404380][T11609] io_submit_sqes+0x61f/0xaf0 [ 1408.409041][T11609] __se_sys_io_uring_enter+0x217/0xb20 [ 1408.414569][T11609] ? fput+0x2d/0x130 [ 1408.418508][T11609] __x64_sys_io_uring_enter+0x74/0x80 [ 1408.423882][T11609] do_syscall_64+0x34/0x50 [ 1408.428364][T11609] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1408.434331][T11609] RIP: 0033:0x4665f9 [ 1408.438214][T11609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1408.457811][T11609] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1408.466206][T11609] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1408.474158][T11609] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1408.482133][T11609] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1408.490088][T11609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1408.498120][T11609] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:48 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0x12, 0x0) 03:59:48 executing program 0 (fault-call:7 fault-nth:83): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1408.642193][T11628] FAULT_INJECTION: forcing a failure. [ 1408.642193][T11628] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.654850][T11628] CPU: 1 PID: 11628 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1408.663611][T11628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1408.673652][T11628] Call Trace: [ 1408.676924][T11628] dump_stack+0x137/0x19d [ 1408.681322][T11628] should_fail+0x23c/0x250 [ 1408.685735][T11628] __should_failslab+0x81/0x90 03:59:48 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800020800000000000000000000000800000048"], 0x78) 03:59:48 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000008000000000000000800000048"], 0x78) [ 1408.690504][T11628] ? io_issue_sqe+0x418f/0x6080 [ 1408.695348][T11628] should_failslab+0x5/0x20 [ 1408.699893][T11628] __kmalloc+0x66/0x360 [ 1408.704030][T11628] ? rw_verify_area+0x136/0x250 [ 1408.708872][T11628] io_issue_sqe+0x418f/0x6080 [ 1408.713580][T11628] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1408.718958][T11628] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1408.724898][T11628] ? __io_queue_proc+0x99/0x260 [ 1408.729831][T11628] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1408.735375][T11628] ? vga_arb_write+0x17d0/0x17d0 [ 1408.740319][T11628] ? io_async_queue_proc+0x3f/0x50 [ 1408.745442][T11628] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1408.745511][T11628] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1408.745558][T11628] ? try_to_wake_up+0x353/0x470 [ 1408.745649][T11628] ? io_wqe_enqueue+0x457/0x4d0 [ 1408.745667][T11628] ? io_wq_enqueue+0x3a/0x40 [ 1408.745683][T11628] ? io_queue_async_work+0x18d/0x230 [ 1408.745706][T11628] __io_queue_sqe+0xe9/0x3a0 [ 1408.745728][T11628] io_queue_sqe+0x6d/0x160 [ 1408.745764][T11628] io_submit_sqe+0x15c7/0x30c0 [ 1408.745898][T11628] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1408.745916][T11628] io_submit_sqes+0x61f/0xaf0 [ 1408.745935][T11628] __se_sys_io_uring_enter+0x217/0xb20 [ 1408.745953][T11628] ? fput+0x2d/0x130 [ 1408.746047][T11628] __x64_sys_io_uring_enter+0x74/0x80 [ 1408.746070][T11628] do_syscall_64+0x34/0x50 [ 1408.746091][T11628] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1408.746110][T11628] RIP: 0033:0x4665f9 [ 1408.746121][T11628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1408.746196][T11628] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1408.746216][T11628] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1408.746229][T11628] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 03:59:49 executing program 0 (fault-call:7 fault-nth:84): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:49 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39388e9821ffe33954044258a9dbff190000080000"], 0x78) [ 1408.746240][T11628] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1408.746248][T11628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1408.746257][T11628] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 [ 1408.970462][T11646] FAULT_INJECTION: forcing a failure. [ 1408.970462][T11646] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.983115][T11646] CPU: 1 PID: 11646 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1408.991950][T11646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1409.002018][T11646] Call Trace: [ 1409.005286][T11646] dump_stack+0x137/0x19d [ 1409.009612][T11646] should_fail+0x23c/0x250 [ 1409.014101][T11646] __should_failslab+0x81/0x90 [ 1409.018867][T11646] ? io_arm_poll_handler+0x15e/0x420 [ 1409.024137][T11646] should_failslab+0x5/0x20 [ 1409.028642][T11646] kmem_cache_alloc_trace+0x49/0x320 [ 1409.033927][T11646] io_arm_poll_handler+0x15e/0x420 [ 1409.039033][T11646] ? io_wq_enqueue+0x3a/0x40 [ 1409.043609][T11646] ? io_queue_async_work+0x18d/0x230 [ 1409.048900][T11646] __io_queue_sqe+0x133/0x3a0 [ 1409.053588][T11646] io_queue_sqe+0x6d/0x160 [ 1409.058017][T11646] io_submit_sqe+0x15c7/0x30c0 [ 1409.062796][T11646] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1409.068251][T11646] io_submit_sqes+0x61f/0xaf0 [ 1409.072981][T11646] __se_sys_io_uring_enter+0x217/0xb20 [ 1409.078449][T11646] ? fput+0x2d/0x130 [ 1409.082483][T11646] __x64_sys_io_uring_enter+0x74/0x80 [ 1409.087843][T11646] do_syscall_64+0x34/0x50 [ 1409.092301][T11646] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1409.098262][T11646] RIP: 0033:0x4665f9 [ 1409.102140][T11646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1409.121743][T11646] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:59:49 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000010000000800000043"], 0x78) [ 1409.130144][T11646] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1409.138110][T11646] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1409.138127][T11646] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1409.138137][T11646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1409.138147][T11646] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:49 executing program 0 (fault-call:7 fault-nth:85): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1409.293032][T11665] FAULT_INJECTION: forcing a failure. [ 1409.293032][T11665] name failslab, interval 1, probability 0, space 0, times 0 [ 1409.305689][T11665] CPU: 0 PID: 11665 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1409.314453][T11665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1409.324494][T11665] Call Trace: [ 1409.327856][T11665] dump_stack+0x137/0x19d [ 1409.332219][T11665] should_fail+0x23c/0x250 [ 1409.336618][T11665] __should_failslab+0x81/0x90 [ 1409.341372][T11665] should_failslab+0x5/0x20 [ 1409.345867][T11665] kmem_cache_alloc_bulk+0x40/0x380 [ 1409.351051][T11665] io_submit_sqes+0x515/0xaf0 [ 1409.355714][T11665] __se_sys_io_uring_enter+0x217/0xb20 [ 1409.361161][T11665] ? fput+0x2d/0x130 [ 1409.365050][T11665] __x64_sys_io_uring_enter+0x74/0x80 [ 1409.370405][T11665] do_syscall_64+0x34/0x50 [ 1409.374849][T11665] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1409.380764][T11665] RIP: 0033:0x4665f9 [ 1409.384636][T11665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1409.404252][T11665] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1409.412645][T11665] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1409.420614][T11665] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1409.428570][T11665] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:49 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0x13, 0x0) [ 1409.436523][T11665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1409.444476][T11665] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:49 executing program 0 (fault-call:7 fault-nth:86): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1409.594106][T11679] FAULT_INJECTION: forcing a failure. [ 1409.594106][T11679] name failslab, interval 1, probability 0, space 0, times 0 [ 1409.606768][T11679] CPU: 0 PID: 11679 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1409.615531][T11679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1409.625577][T11679] Call Trace: [ 1409.628841][T11679] dump_stack+0x137/0x19d [ 1409.633208][T11679] should_fail+0x23c/0x250 [ 1409.637658][T11679] __should_failslab+0x81/0x90 [ 1409.642415][T11679] ? io_issue_sqe+0x418f/0x6080 [ 1409.647285][T11679] should_failslab+0x5/0x20 [ 1409.651785][T11679] __kmalloc+0x66/0x360 [ 1409.655940][T11679] ? rw_verify_area+0x136/0x250 [ 1409.660790][T11679] io_issue_sqe+0x418f/0x6080 [ 1409.665506][T11679] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1409.671659][T11679] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1409.677053][T11679] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1409.682844][T11679] ? __io_queue_proc+0x99/0x260 [ 1409.687780][T11679] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1409.693590][T11679] ? vga_arb_write+0x17d0/0x17d0 [ 1409.698607][T11679] ? io_async_queue_proc+0x3f/0x50 [ 1409.703710][T11679] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1409.709074][T11679] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1409.714887][T11679] ? try_to_wake_up+0x353/0x470 [ 1409.719724][T11679] ? io_wqe_enqueue+0x457/0x4d0 [ 1409.724558][T11679] ? io_wq_enqueue+0x3a/0x40 [ 1409.729140][T11679] ? io_queue_async_work+0x18d/0x230 [ 1409.734491][T11679] __io_queue_sqe+0xe9/0x3a0 [ 1409.739068][T11679] io_queue_sqe+0x6d/0x160 [ 1409.743466][T11679] io_submit_sqe+0x15c7/0x30c0 [ 1409.748395][T11679] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1409.753933][T11679] io_submit_sqes+0x61f/0xaf0 [ 1409.758716][T11679] __se_sys_io_uring_enter+0x217/0xb20 [ 1409.764244][T11679] ? fput+0x2d/0x130 [ 1409.768178][T11679] __x64_sys_io_uring_enter+0x74/0x80 [ 1409.773578][T11679] do_syscall_64+0x34/0x50 [ 1409.777979][T11679] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1409.783877][T11679] RIP: 0033:0x4665f9 03:59:50 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800080800000000000000000000000800000048"], 0x78) [ 1409.787751][T11679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1409.807347][T11679] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1409.815813][T11679] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1409.823790][T11679] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 03:59:50 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000100000000000800000048"], 0x78) [ 1409.823818][T11679] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:50 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$SCSI_IOCTL_SYNC(r2, 0x4) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) [ 1409.823831][T11679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1409.823844][T11679] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:50 executing program 0 (fault-call:7 fault-nth:87): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1410.012346][T11706] FAULT_INJECTION: forcing a failure. [ 1410.012346][T11706] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.024998][T11706] CPU: 0 PID: 11706 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1410.033754][T11706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.043795][T11706] Call Trace: [ 1410.047070][T11706] dump_stack+0x137/0x19d [ 1410.051394][T11706] should_fail+0x23c/0x250 [ 1410.055797][T11706] __should_failslab+0x81/0x90 [ 1410.060626][T11706] ? io_arm_poll_handler+0x15e/0x420 [ 1410.065919][T11706] should_failslab+0x5/0x20 [ 1410.070451][T11706] kmem_cache_alloc_trace+0x49/0x320 [ 1410.075769][T11706] io_arm_poll_handler+0x15e/0x420 [ 1410.080878][T11706] ? io_wq_enqueue+0x3a/0x40 [ 1410.085503][T11706] ? io_queue_async_work+0x18d/0x230 [ 1410.090846][T11706] __io_queue_sqe+0x133/0x3a0 [ 1410.095511][T11706] io_queue_sqe+0x6d/0x160 [ 1410.099931][T11706] io_submit_sqe+0x15c7/0x30c0 [ 1410.104766][T11706] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1410.110221][T11706] io_submit_sqes+0x61f/0xaf0 [ 1410.114896][T11706] __se_sys_io_uring_enter+0x217/0xb20 [ 1410.120379][T11706] ? fput+0x2d/0x130 [ 1410.124272][T11706] __x64_sys_io_uring_enter+0x74/0x80 [ 1410.129633][T11706] do_syscall_64+0x34/0x50 [ 1410.134079][T11706] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1410.139976][T11706] RIP: 0033:0x4665f9 03:59:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000020000000800000043"], 0x78) [ 1410.143853][T11706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1410.163490][T11706] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1410.171950][T11706] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1410.179915][T11706] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1410.187887][T11706] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1410.195853][T11706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1410.203828][T11706] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:50 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0x14, 0x0) 03:59:50 executing program 0 (fault-call:7 fault-nth:88): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1410.382463][T11724] FAULT_INJECTION: forcing a failure. [ 1410.382463][T11724] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.395198][T11724] CPU: 1 PID: 11724 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1410.403954][T11724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.414050][T11724] Call Trace: [ 1410.417395][T11724] dump_stack+0x137/0x19d [ 1410.421747][T11724] should_fail+0x23c/0x250 [ 1410.426160][T11724] __should_failslab+0x81/0x90 [ 1410.430918][T11724] ? io_issue_sqe+0x418f/0x6080 [ 1410.435754][T11724] should_failslab+0x5/0x20 [ 1410.440327][T11724] __kmalloc+0x66/0x360 [ 1410.444526][T11724] ? rw_verify_area+0x136/0x250 [ 1410.449369][T11724] io_issue_sqe+0x418f/0x6080 [ 1410.454902][T11724] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1410.461312][T11724] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1410.467119][T11724] ? __io_queue_proc+0x99/0x260 [ 1410.471968][T11724] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1410.477572][T11724] ? vga_arb_write+0x17d0/0x17d0 [ 1410.482504][T11724] ? io_async_queue_proc+0x3f/0x50 [ 1410.487600][T11724] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1410.492964][T11724] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1410.498918][T11724] ? try_to_wake_up+0x353/0x470 [ 1410.503767][T11724] ? io_wqe_enqueue+0x485/0x4d0 [ 1410.508602][T11724] ? io_wq_enqueue+0x3a/0x40 [ 1410.513177][T11724] ? io_queue_async_work+0x18d/0x230 [ 1410.518469][T11724] __io_queue_sqe+0xe9/0x3a0 [ 1410.523083][T11724] io_queue_sqe+0x6d/0x160 [ 1410.527602][T11724] io_submit_sqe+0x15c7/0x30c0 [ 1410.532457][T11724] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1410.537916][T11724] io_submit_sqes+0x61f/0xaf0 [ 1410.542595][T11724] __se_sys_io_uring_enter+0x217/0xb20 [ 1410.548039][T11724] ? fput+0x2d/0x130 [ 1410.552023][T11724] __x64_sys_io_uring_enter+0x74/0x80 [ 1410.557387][T11724] do_syscall_64+0x34/0x50 [ 1410.561972][T11724] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1410.567878][T11724] RIP: 0033:0x4665f9 [ 1410.571773][T11724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1410.591416][T11724] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1410.599845][T11724] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1410.607815][T11724] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1410.615786][T11724] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1410.623765][T11724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1410.631729][T11724] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:50 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000080000000800000048"], 0x78) 03:59:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800004000000000000000000000000800000048"], 0x78) 03:59:51 executing program 0 (fault-call:7 fault-nth:89): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1410.792172][T11742] FAULT_INJECTION: forcing a failure. [ 1410.792172][T11742] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.804825][T11742] CPU: 1 PID: 11742 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1410.813585][T11742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.823717][T11742] Call Trace: [ 1410.827052][T11742] dump_stack+0x137/0x19d [ 1410.831371][T11742] should_fail+0x23c/0x250 [ 1410.835780][T11742] __should_failslab+0x81/0x90 [ 1410.840553][T11742] ? io_arm_poll_handler+0x15e/0x420 [ 1410.840577][T11742] should_failslab+0x5/0x20 [ 1410.840597][T11742] kmem_cache_alloc_trace+0x49/0x320 [ 1410.855626][T11742] io_arm_poll_handler+0x15e/0x420 [ 1410.860737][T11742] ? io_wq_enqueue+0x3a/0x40 [ 1410.865325][T11742] ? io_queue_async_work+0x18d/0x230 [ 1410.870616][T11742] __io_queue_sqe+0x133/0x3a0 [ 1410.875300][T11742] io_queue_sqe+0x6d/0x160 [ 1410.879725][T11742] io_submit_sqe+0x15c7/0x30c0 [ 1410.884610][T11742] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1410.890177][T11742] io_submit_sqes+0x61f/0xaf0 [ 1410.894868][T11742] __se_sys_io_uring_enter+0x217/0xb20 [ 1410.900340][T11742] ? fput+0x2d/0x130 [ 1410.904244][T11742] __x64_sys_io_uring_enter+0x74/0x80 [ 1410.909634][T11742] do_syscall_64+0x34/0x50 [ 1410.914189][T11742] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1410.920089][T11742] RIP: 0033:0x4665f9 [ 1410.923986][T11742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1410.943600][T11742] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1410.952022][T11742] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1410.960004][T11742] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1410.967980][T11742] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1410.975956][T11742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1410.983933][T11742] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:51 executing program 0 (fault-call:7 fault-nth:90): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008ffffffffffffffff0000000800000043"], 0x78) [ 1411.136253][T11756] FAULT_INJECTION: forcing a failure. [ 1411.136253][T11756] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.149150][T11756] CPU: 0 PID: 11756 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1411.157912][T11756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.168058][T11756] Call Trace: [ 1411.171321][T11756] dump_stack+0x137/0x19d [ 1411.175640][T11756] should_fail+0x23c/0x250 [ 1411.180067][T11756] __should_failslab+0x81/0x90 [ 1411.184837][T11756] ? io_issue_sqe+0x418f/0x6080 [ 1411.189763][T11756] should_failslab+0x5/0x20 [ 1411.194277][T11756] __kmalloc+0x66/0x360 [ 1411.198439][T11756] ? rw_verify_area+0x136/0x250 [ 1411.203385][T11756] io_issue_sqe+0x418f/0x6080 [ 1411.208075][T11756] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1411.213526][T11756] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1411.219345][T11756] ? __io_queue_proc+0x99/0x260 [ 1411.224207][T11756] ? kcsan_setup_watchpoint+0x26e/0x470 [ 1411.229761][T11756] ? vga_arb_write+0x17d0/0x17d0 [ 1411.234820][T11756] ? io_async_queue_proc+0x3f/0x50 [ 1411.239996][T11756] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1411.245439][T11756] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1411.251377][T11756] ? try_to_wake_up+0x353/0x470 [ 1411.256232][T11756] ? io_wqe_enqueue+0x457/0x4d0 [ 1411.261130][T11756] ? io_wq_enqueue+0x3a/0x40 [ 1411.265725][T11756] ? io_queue_async_work+0x18d/0x230 [ 1411.271275][T11756] __io_queue_sqe+0xe9/0x3a0 [ 1411.275874][T11756] io_queue_sqe+0x6d/0x160 [ 1411.280350][T11756] io_submit_sqe+0x15c7/0x30c0 [ 1411.285120][T11756] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1411.290596][T11756] io_submit_sqes+0x61f/0xaf0 [ 1411.295418][T11756] __se_sys_io_uring_enter+0x217/0xb20 [ 1411.300885][T11756] ? fput+0x2d/0x130 [ 1411.304817][T11756] __x64_sys_io_uring_enter+0x74/0x80 [ 1411.310196][T11756] do_syscall_64+0x34/0x50 [ 1411.314622][T11756] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1411.320579][T11756] RIP: 0033:0x4665f9 [ 1411.324623][T11756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1411.344237][T11756] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1411.352662][T11756] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1411.360636][T11756] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1411.368608][T11756] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1411.376582][T11756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1411.384559][T11756] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:51 executing program 0 (fault-call:7 fault-nth:91): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1411.608471][T11774] FAULT_INJECTION: forcing a failure. [ 1411.608471][T11774] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.621320][T11774] CPU: 0 PID: 11774 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1411.630082][T11774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.640184][T11774] Call Trace: [ 1411.643506][T11774] dump_stack+0x137/0x19d [ 1411.647868][T11774] should_fail+0x23c/0x250 [ 1411.652392][T11774] __should_failslab+0x81/0x90 [ 1411.657219][T11774] ? io_arm_poll_handler+0x15e/0x420 [ 1411.662508][T11774] should_failslab+0x5/0x20 [ 1411.667037][T11774] kmem_cache_alloc_trace+0x49/0x320 [ 1411.672323][T11774] io_arm_poll_handler+0x15e/0x420 [ 1411.677439][T11774] __io_queue_sqe+0x133/0x3a0 [ 1411.682118][T11774] io_queue_sqe+0x6d/0x160 [ 1411.686591][T11774] io_submit_sqe+0x15c7/0x30c0 [ 1411.691363][T11774] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1411.696878][T11774] io_submit_sqes+0x61f/0xaf0 [ 1411.696905][T11774] __se_sys_io_uring_enter+0x217/0xb20 03:59:51 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008ffffffffffffffff0000000800000048"], 0x78) 03:59:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000200000000000000000000000800000048"], 0x78) [ 1411.707007][T11774] ? fput+0x2d/0x130 [ 1411.710930][T11774] __x64_sys_io_uring_enter+0x74/0x80 [ 1411.716311][T11774] do_syscall_64+0x34/0x50 [ 1411.720732][T11774] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1411.726683][T11774] RIP: 0033:0x4665f9 [ 1411.730579][T11774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1411.750197][T11774] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 03:59:52 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r1, &(0x7f0000000000)=[{0x0, 0x7}], 0x1, &(0x7f00000000c0)={0x77359400}) semctl$GETPID(r0, 0x3, 0xb, 0x0) [ 1411.758610][T11774] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1411.766590][T11774] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1411.774594][T11774] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1411.782567][T11774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1411.790538][T11774] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:52 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000062c40)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x0, "8bebeb894f74c3"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000062c40)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x0, "8bebeb894f74c3"}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f00000001c0)={r4, 0x8001}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000086486c91000000000c0000006d"], 0x78) 03:59:52 executing program 0 (fault-call:7 fault-nth:92): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1411.960002][T11797] FAULT_INJECTION: forcing a failure. [ 1411.960002][T11797] name failslab, interval 1, probability 0, space 0, times 0 [ 1411.972665][T11797] CPU: 1 PID: 11797 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1411.981421][T11797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.991471][T11797] Call Trace: [ 1411.994825][T11797] dump_stack+0x137/0x19d [ 1411.999156][T11797] should_fail+0x23c/0x250 [ 1412.003601][T11797] __should_failslab+0x81/0x90 [ 1412.008382][T11797] ? io_issue_sqe+0x418f/0x6080 [ 1412.013242][T11797] should_failslab+0x5/0x20 [ 1412.017826][T11797] __kmalloc+0x66/0x360 [ 1412.021973][T11797] ? rw_verify_area+0x136/0x250 [ 1412.026824][T11797] io_issue_sqe+0x418f/0x6080 [ 1412.031503][T11797] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1412.036900][T11797] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1412.042701][T11797] ? __io_queue_proc+0x99/0x260 [ 1412.047587][T11797] ? vga_arb_write+0x17d0/0x17d0 [ 1412.052541][T11797] ? io_async_queue_proc+0x3f/0x50 [ 1412.057658][T11797] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1412.063018][T11797] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1412.068833][T11797] ? try_to_wake_up+0x353/0x470 [ 1412.073752][T11797] ? io_wqe_enqueue+0x457/0x4d0 [ 1412.078599][T11797] ? io_wq_enqueue+0x3a/0x40 [ 1412.083231][T11797] ? io_queue_async_work+0x18d/0x230 [ 1412.088507][T11797] __io_queue_sqe+0xe9/0x3a0 [ 1412.093094][T11797] io_queue_sqe+0x6d/0x160 [ 1412.097504][T11797] io_submit_sqe+0x15c7/0x30c0 [ 1412.102274][T11797] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1412.107780][T11797] io_submit_sqes+0x61f/0xaf0 [ 1412.112466][T11797] __se_sys_io_uring_enter+0x217/0xb20 [ 1412.117948][T11797] ? fput+0x2d/0x130 [ 1412.121837][T11797] __x64_sys_io_uring_enter+0x74/0x80 [ 1412.127197][T11797] do_syscall_64+0x34/0x50 [ 1412.131615][T11797] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1412.137495][T11797] RIP: 0033:0x4665f9 [ 1412.141379][T11797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1412.160994][T11797] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1412.169438][T11797] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1412.177407][T11797] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1412.185369][T11797] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1412.193340][T11797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1412.201300][T11797] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800020000000000000000000800000043"], 0x78) 03:59:52 executing program 0 (fault-call:7 fault-nth:93): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1412.355585][T11818] FAULT_INJECTION: forcing a failure. [ 1412.355585][T11818] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.368242][T11818] CPU: 1 PID: 11818 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1412.376997][T11818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.387037][T11818] Call Trace: [ 1412.390316][T11818] dump_stack+0x137/0x19d [ 1412.394643][T11818] should_fail+0x23c/0x250 [ 1412.399062][T11818] __should_failslab+0x81/0x90 [ 1412.403978][T11818] ? io_arm_poll_handler+0x15e/0x420 [ 1412.409289][T11818] should_failslab+0x5/0x20 [ 1412.413779][T11818] kmem_cache_alloc_trace+0x49/0x320 [ 1412.419058][T11818] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1412.424863][T11818] io_arm_poll_handler+0x15e/0x420 [ 1412.430010][T11818] ? io_wq_enqueue+0x3a/0x40 [ 1412.434595][T11818] ? io_queue_async_work+0x18d/0x230 [ 1412.439879][T11818] __io_queue_sqe+0x133/0x3a0 [ 1412.444542][T11818] io_queue_sqe+0x6d/0x160 [ 1412.448949][T11818] io_submit_sqe+0x15c7/0x30c0 [ 1412.453715][T11818] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1412.459168][T11818] io_submit_sqes+0x61f/0xaf0 [ 1412.463874][T11818] __se_sys_io_uring_enter+0x217/0xb20 [ 1412.469364][T11818] ? fput+0x2d/0x130 [ 1412.473301][T11818] __x64_sys_io_uring_enter+0x74/0x80 [ 1412.478664][T11818] do_syscall_64+0x34/0x50 [ 1412.483122][T11818] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1412.489020][T11818] RIP: 0033:0x4665f9 [ 1412.492902][T11818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1412.512513][T11818] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1412.521022][T11818] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1412.528991][T11818] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1412.536960][T11818] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1412.544995][T11818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1412.552964][T11818] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:52 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800080000000000000000000800000048"], 0x78) 03:59:52 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x4, 0xdf1, 0x1000}, {0x4, 0x4, 0x1000}, {0x0, 0xfffa, 0x1800}, {0x1, 0x1f, 0x1800}, {0x3, 0x1000, 0x800}, {0x4, 0x6}], 0x6) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semget(0x0, 0x4, 0x202) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semop(0x0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(0x0, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) 03:59:52 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000078000000000000000000000800000048"], 0x78) 03:59:52 executing program 0 (fault-call:7 fault-nth:94): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1412.740357][T11840] FAULT_INJECTION: forcing a failure. [ 1412.740357][T11840] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.753022][T11840] CPU: 1 PID: 11840 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1412.761781][T11840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.771823][T11840] Call Trace: [ 1412.775095][T11840] dump_stack+0x137/0x19d [ 1412.779425][T11840] should_fail+0x23c/0x250 [ 1412.783847][T11840] __should_failslab+0x81/0x90 03:59:53 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCL_GETSHIFTSTATE(r2, 0x541c, &(0x7f0000000040)={0x6, 0x2c}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x20, 0x9, 0x80, 0x9, 0x2, 0x6, 0x3f, 0x2b4, 0x40, 0x13c, 0x6, 0x6f, 0x38, 0x1, 0x0, 0x7, 0x5}, [{0x7, 0x3, 0x5, 0x100000000, 0x9, 0x6, 0x9, 0x3ff}, {0x1, 0x3, 0x1000, 0x4, 0x4, 0x1, 0xfffffffffffffffd, 0x2}], "22551ada19d45a071c6baaf3d8248b61cf09e42f8cbc9eb8bc9ceff99b2c125695e6fbfde63d3fc725a4400d8a74a58b35ee28f138e4d0d3ba39d68c8e1c29e5c058b7328af06a88a72ae458c0a7885e7ce579007ca303b39d13dab8f5bde2", ['\x00']}, 0x20f) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) [ 1412.788610][T11840] ? io_issue_sqe+0x418f/0x6080 [ 1412.793462][T11840] should_failslab+0x5/0x20 [ 1412.797965][T11840] __kmalloc+0x66/0x360 [ 1412.802141][T11840] ? rw_verify_area+0x136/0x250 [ 1412.806995][T11840] io_issue_sqe+0x418f/0x6080 [ 1412.811692][T11840] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1412.817157][T11840] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1412.822971][T11840] ? __io_queue_proc+0x99/0x260 [ 1412.827902][T11840] ? vga_arb_write+0x17d0/0x17d0 [ 1412.832839][T11840] ? io_async_queue_proc+0x3f/0x50 [ 1412.832882][T11840] ? ___cache_free+0x3c/0x300 [ 1412.842627][T11840] ? __io_arm_poll_handler+0x2af/0x420 [ 1412.848125][T11840] ? io_wq_fork_manager+0x2a/0x170 [ 1412.853255][T11840] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1412.858610][T11840] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1412.864494][T11840] ? io_wqe_enqueue+0x2c8/0x4d0 [ 1412.869382][T11840] ? io_wq_enqueue+0x3a/0x40 [ 1412.873970][T11840] ? io_queue_async_work+0x18d/0x230 [ 1412.879254][T11840] __io_queue_sqe+0xe9/0x3a0 [ 1412.883878][T11840] io_queue_sqe+0x6d/0x160 [ 1412.888298][T11840] io_submit_sqe+0x15c7/0x30c0 [ 1412.893063][T11840] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1412.898574][T11840] io_submit_sqes+0x61f/0xaf0 [ 1412.903267][T11840] __se_sys_io_uring_enter+0x217/0xb20 [ 1412.908737][T11840] ? fput+0x2d/0x130 [ 1412.912711][T11840] __x64_sys_io_uring_enter+0x74/0x80 [ 1412.918087][T11840] do_syscall_64+0x34/0x50 [ 1412.922582][T11840] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1412.928504][T11840] RIP: 0033:0x4665f9 [ 1412.932393][T11840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1412.952123][T11840] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1412.960522][T11840] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1412.968493][T11840] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1412.976447][T11840] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1412.984420][T11840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1412.992387][T11840] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:53 executing program 0 (fault-call:7 fault-nth:95): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1413.121390][T11857] FAULT_INJECTION: forcing a failure. [ 1413.121390][T11857] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.134229][T11857] CPU: 0 PID: 11857 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1413.143169][T11857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.153283][T11857] Call Trace: [ 1413.156570][T11857] dump_stack+0x137/0x19d [ 1413.161013][T11857] should_fail+0x23c/0x250 [ 1413.165460][T11857] __should_failslab+0x81/0x90 [ 1413.170259][T11857] ? io_arm_poll_handler+0x15e/0x420 [ 1413.175553][T11857] should_failslab+0x5/0x20 [ 1413.180059][T11857] kmem_cache_alloc_trace+0x49/0x320 [ 1413.185344][T11857] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1413.191336][T11857] io_arm_poll_handler+0x15e/0x420 [ 1413.196576][T11857] ? io_wq_enqueue+0x3a/0x40 [ 1413.201163][T11857] ? io_queue_async_work+0x18d/0x230 [ 1413.206497][T11857] __io_queue_sqe+0x133/0x3a0 [ 1413.211195][T11857] io_queue_sqe+0x6d/0x160 [ 1413.215867][T11857] io_submit_sqe+0x15c7/0x30c0 [ 1413.220647][T11857] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1413.226120][T11857] io_submit_sqes+0x61f/0xaf0 [ 1413.230813][T11857] __se_sys_io_uring_enter+0x217/0xb20 [ 1413.236325][T11857] ? fput+0x2d/0x130 [ 1413.240221][T11857] __x64_sys_io_uring_enter+0x74/0x80 [ 1413.245589][T11857] do_syscall_64+0x34/0x50 [ 1413.250079][T11857] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1413.255969][T11857] RIP: 0033:0x4665f9 [ 1413.260192][T11857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1413.279803][T11857] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1413.288206][T11857] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1413.296191][T11857] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1413.304170][T11857] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1413.312217][T11857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:59:53 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000010000000000000800000043"], 0x78) [ 1413.320179][T11857] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:53 executing program 0 (fault-call:7 fault-nth:96): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1413.476295][T11878] FAULT_INJECTION: forcing a failure. [ 1413.476295][T11878] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.489011][T11878] CPU: 1 PID: 11878 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1413.497939][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.508000][T11878] Call Trace: [ 1413.511280][T11878] dump_stack+0x137/0x19d [ 1413.515618][T11878] should_fail+0x23c/0x250 [ 1413.520070][T11878] __should_failslab+0x81/0x90 [ 1413.524844][T11878] ? io_issue_sqe+0x418f/0x6080 [ 1413.529701][T11878] should_failslab+0x5/0x20 [ 1413.534204][T11878] __kmalloc+0x66/0x360 [ 1413.538406][T11878] ? rw_verify_area+0x136/0x250 [ 1413.543269][T11878] io_issue_sqe+0x418f/0x6080 [ 1413.547947][T11878] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1413.553392][T11878] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1413.559207][T11878] ? __io_queue_proc+0x99/0x260 [ 1413.564072][T11878] ? flat_send_IPI_mask+0x42/0x70 [ 1413.569164][T11878] ? vga_arb_write+0x17d0/0x17d0 03:59:53 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000080000000000000800000048"], 0x78) [ 1413.574099][T11878] ? io_async_queue_proc+0x3f/0x50 [ 1413.579225][T11878] ? ___cache_free+0x3c/0x300 [ 1413.583906][T11878] ? __io_arm_poll_handler+0x2af/0x420 [ 1413.589369][T11878] ? io_wq_fork_manager+0x2a/0x170 [ 1413.594487][T11878] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1413.599873][T11878] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1413.605763][T11878] ? io_wqe_enqueue+0x2c8/0x4d0 [ 1413.610624][T11878] ? io_wq_enqueue+0x3a/0x40 [ 1413.615221][T11878] ? io_queue_async_work+0x18d/0x230 [ 1413.620536][T11878] __io_queue_sqe+0xe9/0x3a0 03:59:53 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000802000000000000000000000800000048"], 0x78) [ 1413.625139][T11878] io_queue_sqe+0x6d/0x160 [ 1413.625160][T11878] io_submit_sqe+0x15c7/0x30c0 [ 1413.634495][T11878] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1413.639955][T11878] io_submit_sqes+0x61f/0xaf0 [ 1413.644653][T11878] __se_sys_io_uring_enter+0x217/0xb20 [ 1413.650125][T11878] ? fput+0x2d/0x130 [ 1413.654268][T11878] __x64_sys_io_uring_enter+0x74/0x80 [ 1413.659650][T11878] do_syscall_64+0x34/0x50 [ 1413.664189][T11878] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1413.670081][T11878] RIP: 0033:0x4665f9 03:59:53 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semget$private(0x0, 0x3, 0x503) r1 = semget$private(0x0, 0x1, 0x204) semop(r1, &(0x7f0000000000)=[{0x0, 0xfff, 0x800}, {0x4, 0x5}, {0x3, 0x527e, 0x1000}, {0x4, 0xfffb, 0x800}, {0x3, 0xcb, 0x3c00}, {0x1, 0x80}], 0x25) semop(0x0, &(0x7f0000000040)=[{0x2, 0x9, 0x1000}, {0x2, 0x9}, {0x0, 0x7, 0x3000}], 0x3) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) [ 1413.673975][T11878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1413.693586][T11878] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1413.702045][T11878] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1413.710020][T11878] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1413.718169][T11878] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 03:59:54 executing program 5: r0 = semget$private(0x0, 0x3, 0x2a0) semop(r0, &(0x7f0000000040)=[{0x4, 0x80}, {0x0, 0x2}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000000)=[{0x3, 0x7, 0x1800}, {0x0, 0x0, 0x1800}, {0x0, 0x3, 0x2800}, {0x2, 0x8, 0x1000}, {0x0, 0x24f6}], 0x5) semctl$IPC_RMID(r1, 0x0, 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) [ 1413.726128][T11878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1413.734140][T11878] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:54 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/ip6_mr_cache\x00') r3 = memfd_create(&(0x7f0000000140)='&\\\x00', 0x5) dup2(r3, r0) symlinkat(&(0x7f0000000040)='./file0\x00', r2, &(0x7f00000000c0)='./file0\x00') preadv(r1, &(0x7f00000023c0)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f0000000100)=""/4, 0x4}, {&(0x7f00000011c0)=""/229, 0xe5}, {&(0x7f00000012c0)=""/4096, 0x1000}, {&(0x7f00000022c0)=""/229, 0xe5}], 0x5, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) recvmsg(r4, &(0x7f0000003980)={&(0x7f0000002440)=@alg, 0x80, &(0x7f0000003900)=[{&(0x7f00000024c0)=""/194, 0xc2}, {&(0x7f00000025c0)=""/214, 0xd6}, {&(0x7f00000026c0)}, {&(0x7f0000002700)=""/7, 0x7}, {&(0x7f0000002740)=""/217, 0xd9}, {&(0x7f0000002840)=""/4096, 0x1000}, {&(0x7f0000003840)=""/161, 0xa1}], 0x7}, 0x0) 03:59:54 executing program 5: r0 = semget$private(0x0, 0x3, 0x31) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 03:59:54 executing program 0 (fault-call:7 fault-nth:97): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1413.963446][T11923] FAULT_INJECTION: forcing a failure. [ 1413.963446][T11923] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.976238][T11923] CPU: 0 PID: 11923 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1413.985002][T11923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.995060][T11923] Call Trace: [ 1413.998332][T11923] dump_stack+0x137/0x19d [ 1414.002751][T11923] should_fail+0x23c/0x250 [ 1414.007170][T11923] __should_failslab+0x81/0x90 [ 1414.011963][T11923] ? io_arm_poll_handler+0x15e/0x420 [ 1414.017368][T11923] should_failslab+0x5/0x20 [ 1414.021866][T11923] kmem_cache_alloc_trace+0x49/0x320 [ 1414.027240][T11923] io_arm_poll_handler+0x15e/0x420 [ 1414.032364][T11923] ? io_wq_enqueue+0x3a/0x40 [ 1414.036955][T11923] ? io_queue_async_work+0x18d/0x230 [ 1414.042247][T11923] __io_queue_sqe+0x133/0x3a0 [ 1414.046938][T11923] io_queue_sqe+0x6d/0x160 [ 1414.051373][T11923] io_submit_sqe+0x15c7/0x30c0 [ 1414.056222][T11923] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1414.061693][T11923] io_submit_sqes+0x61f/0xaf0 [ 1414.066481][T11923] __se_sys_io_uring_enter+0x217/0xb20 [ 1414.072052][T11923] ? fput+0x2d/0x130 [ 1414.076162][T11923] __x64_sys_io_uring_enter+0x74/0x80 [ 1414.081538][T11923] do_syscall_64+0x34/0x50 [ 1414.086039][T11923] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1414.091953][T11923] RIP: 0033:0x4665f9 [ 1414.095852][T11923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1414.115573][T11923] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1414.124059][T11923] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1414.132026][T11923] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1414.140019][T11923] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1414.148143][T11923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1414.156347][T11923] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:54 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000020000000000000800000043"], 0x78) 03:59:54 executing program 0 (fault-call:7 fault-nth:98): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1414.302044][T11947] FAULT_INJECTION: forcing a failure. [ 1414.302044][T11947] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.315066][T11947] CPU: 1 PID: 11947 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1414.324077][T11947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1414.334136][T11947] Call Trace: [ 1414.337423][T11947] dump_stack+0x137/0x19d [ 1414.341770][T11947] should_fail+0x23c/0x250 [ 1414.346187][T11947] __should_failslab+0x81/0x90 [ 1414.351031][T11947] ? io_issue_sqe+0x418f/0x6080 [ 1414.355920][T11947] should_failslab+0x5/0x20 [ 1414.360440][T11947] __kmalloc+0x66/0x360 [ 1414.364612][T11947] ? rw_verify_area+0x136/0x250 [ 1414.369503][T11947] io_issue_sqe+0x418f/0x6080 [ 1414.374200][T11947] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1414.379583][T11947] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1414.385384][T11947] ? __io_queue_proc+0x99/0x260 [ 1414.390236][T11947] ? vga_arb_write+0x17d0/0x17d0 [ 1414.395171][T11947] ? io_async_queue_proc+0x3f/0x50 [ 1414.400338][T11947] ? _raw_spin_lock_irqsave+0x25/0x80 [ 1414.405770][T11947] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 1414.411570][T11947] ? try_to_wake_up+0x353/0x470 [ 1414.416423][T11947] ? io_wqe_enqueue+0x457/0x4d0 [ 1414.421353][T11947] ? io_wq_enqueue+0x3a/0x40 [ 1414.425947][T11947] ? io_queue_async_work+0x18d/0x230 [ 1414.431297][T11947] __io_queue_sqe+0xe9/0x3a0 [ 1414.435894][T11947] io_queue_sqe+0x6d/0x160 [ 1414.440365][T11947] io_submit_sqe+0x15c7/0x30c0 [ 1414.445143][T11947] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1414.450598][T11947] io_submit_sqes+0x61f/0xaf0 [ 1414.455330][T11947] __se_sys_io_uring_enter+0x217/0xb20 [ 1414.460845][T11947] ? fput+0x2d/0x130 [ 1414.464759][T11947] __x64_sys_io_uring_enter+0x74/0x80 [ 1414.470136][T11947] do_syscall_64+0x34/0x50 [ 1414.474558][T11947] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1414.480475][T11947] RIP: 0033:0x4665f9 03:59:54 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000808000000000000000000000800000048"], 0x78) 03:59:54 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000001000000000800000048"], 0x78) [ 1414.484375][T11947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1414.503985][T11947] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1414.512520][T11947] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1414.520491][T11947] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1414.528456][T11947] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1414.536541][T11947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1414.544514][T11947] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:54 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_mount_image$nfs4(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x65878fed, 0xa, &(0x7f0000000540)=[{&(0x7f00000000c0)="aa301be66a1befd5825b22b2cd0a5221ceebba50bba2d0a800f84bf9e800a7", 0x1f, 0x8001}, {&(0x7f0000000100)="343fb04615720666887f68", 0xb, 0xfffffffffffffffc}, {&(0x7f00000001c0)="f62243af982a2bfaee085257f3da9f2a89e29c44874e77691f11ad3da6ce529667db38e7a11b9721f5039fbae20bd61ba9183c8ba6164aead5386a6bf619f27848ec81b0dc42ddaf7273e4b50f1597ba1d8a42b91cd27cae682ce067b6f2152114fcec8f8627f7183c86271b3f13b965491001cfe60c7eac3f04335938206923a404114ec6910ab329ce2861ffa04e998033ad1f", 0x94}, {&(0x7f0000001740)="877f028c08b5cdbc", 0x8, 0x4}, {&(0x7f0000000280)="86e934256a6a2263ac", 0x9, 0x80000001}, {&(0x7f00000002c0)="23d726f1cbc625d66b04c6b0", 0xc, 0x4c3}, {&(0x7f0000000300), 0x0, 0x3ff}, {&(0x7f0000000340)="82ad677f5781df99c7f2d995f057936edd90d4f02a6f76ad574493684780386981a6a0650440def9b62e199e70aeaf68b1c1dd1d32057021a48ca28d560f9f7f478036b1aa0d0391380af6939d36c1ffb58a22d483b9abdea76ad81e30e53a69e835c31c591d0d23c9672ff1c2dd72e029b2be0a0a30377ea87be425bd2466cc87768101fc56a6d5613625a54af0c975136afec4f57a46d192e7092d1f6cd8", 0x9f, 0x1}, {&(0x7f0000000400)="947563ba14b26b50ec8fea2799008f08b4c844f15fdf66920fb644c870dac8828358f996124f9b8ebcb735dc526388f15fdd1bfb662c569e4708d1f7fdfbb3067482a7fffbd1e124a286abe293cc27b6abcdb3f444abc8d4cfba575f0aa9f623c4b7b4719d48d69e36e7d11f67f6e14f8ee16719009f2e4a35f1b639d65af8e21235ae19480dedf98f8fbf3b8695149c4e20386e975637c94192a752248c139bcfc9404fbdbd73c02b8e54c9dc5964781755b306f5b1e359d992a7b6836ecd6bba53", 0xc2, 0x8}, {&(0x7f0000000500)="08741c7574626e8f138a51e697e03db90e632c2b52012d73e716d2a6df14c577bec06116ac8adff3eb5cb0ae8fc55c9d071be1bd952bd1b2", 0x38, 0x356}], 0x110020, &(0x7f0000000640)={[{'}'}, {'.&\xc5]\'(#:'}, {}, {'}%#\xc5'}, {'!/'}, {'*@,&'}, {'^,'}], [{@euid_gt={'euid>', 0xee00}}, {@permit_directio}]}) r2 = openat(r1, &(0x7f0000000000)='./file0\x00', 0x22001, 0x18) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000437000/0x1000)=nil, 0x1000, 0x8, 0x100010, r2, 0x5652f000) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) getsockname(r2, &(0x7f00000006c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000300)=0x80) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$inet(0x2, 0x80803, 0x5) setsockopt$inet_msfilter(r5, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r7 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r6}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'ip6tnl0\x00', r6, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty, 0x80, 0x20}}) ioctl$EXT4_IOC_SWAP_BOOT(r4, 0x6611) ioctl$BTRFS_IOC_RM_DEV(r3, 0x5000940b, &(0x7f0000000740)={{r1}, "8e092789739eedf2219bb396617761dbc2248b3d34477fdf80cd2cab6c4291b0f8e6dc604e4d82d260ae3cbc4933da4311df478c9ce60976c8b7227ca6adde43191197c762bd36a9aeb9af158179b441684641a4ef564590a66ad041495e58714e1873b860fcefb444bf3ef612c0b98d702bf652434cc5875b53913eb6404fd7af5a994bcbaf0f5d8cf4c9a33a40d2d006c7874b6bc7dbfa85e40a440e254280fa32df89ad8c33b9a6ff3b475b5c819e2826749a725eb0823d838e6debe8efbf566fd76d7012eb41dad773e0fe7b24d9396bfd7c67eaf9fd75422457ccdcbf25f30debf324648ae44d40f929d17626ae81ca7aa5f3760fcaf8dc9ab93735610b8c27c406c59af42f40a11722d65647f1de3509235a54c29078cd7e4762882e0da87518d0e8fd1b4e99d72d365563655567ad587aa824ecb8ba32cda3b22a82692578f8482bcb303e677ef0f9d69f8ff079c72bdfd54fb7c5386df535ab96160261a0b4d9fa272087234ebdf4cd5dfa273b8f673076d4bd1b4399881a4f7639d0e22332eb0427a59f1a030914ad83ac092ae3540e013cf4476601103e189dae62e390196de24c059509e81036970f52b56711048669c151aa77666052f3e63b748a84d6232937ba4e8958644b0217b9a1edc91d56989435f7d4baf55996c15e23f956e5027bef8eb455fb463e691557498a9894ba02773e02a9139a5854c9c9ebebf6978d65ab3e7fee66038c2eafba3ffbf06ab6852e77b9928787c8841b1a4f3447ea88cb6a3a1a8c3799cbfed4b4f7073dba17c8bd95187f53cedcda7f8c3739fa5034fbb765937621057a145ed98f32c5113d9e1403015d8d59943a53fb1efaa1509e7ec242d961ec0456ad0d71d827eddde9207a07a0544ff92a375e0ef20e18efb67ef8a71ec97f55d14e2aba4aaf2ab0ced20d9d6e563c7fb0c28bc7c51bc2abb6cb38e5a201151792b8cddf17a8253409c428dcab00d92a5a95ef81a1cedbca65825876966ab65d7313ac73aca080d71a6fefbf16a21b971b8b51ee68fb8614e906a8f2c1eb9e5e309a689164eb80a151ca57ea13985f405563ac95527b6a2141463630e501e55af6b5d567f212609109eb162e7c027cd3ef741d6f10aed25edac9706f529106688544a9f554ba32c45172c567af5cb08e66a7bef9a805f330de7c52a1e258797ca052012d0e01b39f43aa0b815d7010da3daf766a65b6f6cbd7d8934343a374b030eb8245da5404c4abf34153bba6df3367dedc1a1a4d40bdc6e63cc9a17782864f8d9db4759f669298da6ab16150972308fcd193dfc3a873dc9a024c05ec47365650517b418d46a1810582fd1e10f64ac329cfcf40b85cfe2f31e4affff9bdcef7b78f17bc31360b40394073b92ff2d0acea4c7d56d0d26cdc41148ed919ac2f449f375b194c50941625faf058c3fcdd77cd48ca75f504ee849dcfecf3fca996d764b662fd6380f08a0398e1a84b62384edcf04af276e983bb41a664b8d467c7d6072dbe5cdacb29f66ffe68440d8760fe47a2cdefaa9f343f400179bdaba3eef87bff07834099ae3356ba544bf6f3d1d1691ced1905994105efe98b6fc4749d08ed6ab5665520ad50054f4dd6cb2a3d354c05d17a223e8c90152d5bdff240aa323b93d42257075885837b5449f4465e60ce19d4ed70f09a8e4f40fe288256113767d560c6a4d5e511f09d03a99346dc70a94c7076e2dde52044475b5f0a144df8d09ba7f72e95451ea93885044ff3e70556c68225d421ec8939e05e3d3985c41fd7a4972d8180a13ee9df82e516995cf1cf66fd76dbf806604e0b9df26dda8f9644ac60739a2a0eb2ac7a7beccd27042cc7e55730d82de573e3792f4b5ea9d54bfa509dea724e03f2aa00bc07d36c825227f696bae2efb5309f61c054e26bb7fa66d906b86f4cf0fe972b15121decf852a4115183ed62daf56a879f553051ea86a6d10eff7996a32d1b1e658deb976311265c7b6438b3fb76c175a2dedc33b081de415a8cace68fff557dddb88f81a651f0343bd91588e6d4d8245eadc271e6b162fc28d5a010344599d19d6e395d93c1aed23b17bc70acbda534e1a71e4376c7f3ef26c47aa688d8619702023e3e7b2cd4ebb5f438eb5c2c5b72d9fd87d54375a20a3b218b67bac7f4eb42afd45c8dc1f06a845ad5f55d3b4135e56f2d4cefad434ba88abd7d790be34c29ade9b89eb86514ed18d098593f975c7a74aa9c1ebcbbdea28966e46e1fb357335e3e2f55c09878a76dbddf2a450739dad5b302b0218a830fe20b7705da2b8fb98351c0e28443314efbbd5dd08ece831e12bcb3c45d08070eb403deecde8d4b2febb8689fc777f0c385e8fd51e4d380d63af5b26d6b3ee5b8553062aa6a7529b9af663c31f724ab30042ce126d000ce3b895b7e792150f8b87c72c4bb3c8f2d7054a1944250ce4f162e6fe215232f244061e2d666802b633890376ac0b10df20aacd15c78c3cdc469490207379e06bc76f443e970b7bfa90d0dfc9071dfa7afbbcd44e636128f76f7ac1226f50907f213c405e694f4975030282fbb074dd945df78b509bc99f9b3c18b68a39ebd533fab33c236b16f540c0b1bae16b703771c61c96892a275823d0476aa536da70012946ce4034e2c652fa529ee5e1e14258a1ff06f10f4808888faebda11d854e5c881275ee0562731a3a4e826cb107d094970ec39c0df8b436037e7e2e951d058bc968e948db4991715db36d4ecf0fce58f87a9a678059561d4a09b44e59249cb357d9c1b1d3698d12a64a0501de0bdfb16e1587554d11e33a27ba6de4db926c42f83a1a58b1be822dd4e90c4120f314294b22cf946e78cdca6c8704433e18127afd1e7df81de57052751152f92068c1ce3750675e93a60ecfb822395e2644a04065d7e3e2b97980eb74c98bd466b8fdba5614d2298a742c6d267ed99db78ac82baecfebb2cd0af881f773c31f17cff545542e9713e63865a090144070a421275511ae89fab07457fbe5f8fde641b629242c168c972c43e97e9897a1e4c9a5f490afa4c3c5ebd37cc3113b869541dbca00f766bdffc99bb3b1fbb74807f0ba7d983be1b88587c9b6ae5e99ecb500805278b1bd5bdea4e4d11bf829816ff31f735bf653aac579a901971b7ab134ac0bdd885b9ce5cfea279c91f2621fe21abae411a289d0b3ab2da2542577e84cb2b4771f41a3b09455292d9e663378d16f7e2b118cfa7de67b2267195fcf8d3ee9e56abe05f372411780202352c7df75662075b576cd184ef0b8b58a477f4e7511ff477745afe12817b66e724e5bc7ad26a9ab41b0744238819d3a6ff639f58598d869f8c67bd5a34f09e74f2687a43699082bccb4a85d3e2f5222f6816fdd479eaeac2311f5eced5bd97bc776a71b6d46e2254a607c64f5d675b8fc812b935259a74a52982af56f8f8b6eb8dbc7c5b071270fb4c4339a1916bedc8473a6a8a388282c43a4d26ae2bcdffd86e5c93f139f80817bbf800d80c17b37cb7e871f73413568255afd44ba1d72219135d92bceb9ea6865aac17afb325d31d6e084cec0e9eb4f8b206625debc6f63a5d293967d59b84040882afc9bedf6aa7b41d37237d13dd7238c27620e4fd13fb113140dd65386a8c297d7a555ba94a2d66d67d9ad7145e1e3cafe226560e3e2dd44a5642a177e423fa15008a2d699e4336b5aacf8903ac2f6647008b0b14f67a6e70a7d339dbb4367074473f398bf5c5c507980d4af5ad6631d1c06f0e43e11eb18cace039c4eef01faf5e89666dcc4e090f28b8216349c8b6f3295ff7a02e2ef7b6ab95aed11c2e92273edc27a881d663caee6ed70667c63d36b5770517c6f7c98b4275cd4af8d4de23ecd2b6704dbd38fe3bf80c9b8a4bd924c1729d4baf9d063107bd91945d617ca2eb3308d9a4532ccbc6e6daa73fb5fdc68c14486f60f2d9e389ccf7b57838b6ce8fbada8630dc24fbf5896fdac30f1fdd409a170bf1292a4c33365575499cd7736fcdba741685b2bd448b9e2311ef45f7d978f7d572695388d49e4686557846dabb1dd83034818452cf216ee8e8d83e361f45ddc04384a66e42c1c66bb5c4ff0e26683d31868b766743967190879595a89858b83b8e2bf243ffef6f515105d30256af7b999c8596a674fd002d3b634b1ec2df05cc55f134c589fa22bc1764d0fb17b178ca462d91960e05223470a8964f8273ccc51d733fde0d57ff5ac33211c309976c28462f0ec75fbc5fb70d2af33df1c1904d2cc428a9b40f662ff031529f741ed9f9da78b0bf672c57053986e42cf8e42cbfc43110a826cdf94ba38bf836671d803637a72d436ec14e7a7ab385dd7cbb88da5f9f38b8ed2e8278f27f081fb64cb2cb88a8129c436849acf89e4cacbe10a5dd8d29e24479302944aa6b9b5da68c9ecbf2e171a075e33dfa7e087fa938a6e3ce6a91aabebaa4bdf2ecf15beeffde244867f7a1de91c0d4a3dded87752e0a65512c98bdb744a9cedb1cb01210fdf3010268f4016fddd703ce6f8eb5b529acbdbac770d0ece81575e45036794ca9ef49a4108ca6df9413feceeb7eacd08622c66e45b59d386947e1d76be11ddd8fbbfec18ae37bd8eb574cacc0f404d13217da4e46f7bbbaa799804da82dd951c7582f5c9c36d45062d672aff8a6257cff6bbf0727d12e5c5415fe7434cbae23091f8dad9528fbfe17fed46012e1c1aeae6d34462d003370b83b0b464f59d671af322bd698979e73b0faca0dc3cba3c992549761698eda195ad5fca70d744038e0c6e94931baf4a82b54d769f9a7312872effbfebecbc5fb6c6d99b53335d60f64132d14aa8f8da0482a7f80020ccf9b8816e916729244d515e7361d40b561f642e97f7bd6de550142e3cddfca62a7eb89f4c8746bbc7dd60e235e5847b66871d301dcf13b4cc29f0e57fd5ebd8e6c999287af8c28b7fae9a15b7eb493ea8dd239c3534cfabb1ce0cedbd8686c008ab53547f78ced7d267ac75aa99eb293f75a81aeb176d4dc9d2fb8a8c6bcb1f34c9c30cd24854ed1fb5d4b84928a13c8a23c2d77350534b8683c61774a6f1cca1b3096d6e4ab20d50609551658979223a4cb451a957a753bc8922c17f319714297c8334080589bc0415283162aba3e166b17e86b4d72d9194e4145b2db362df1a1381d0c86ae7b41631b76249f7bf5f2de9945f22633a6ec0f33bcbbe81369b81252caeded8cb4e3477acecaa272000b2c85e83ae272be842f883d5e942ebc8d611f06e8c60da4b823cf316c27774a66bf4e7827c0bb55dd5df2b94b1edd61c760a018b6d04783e50a7c44cc49ea4f187c6b77b6cf1784ca958ca976ff5ca11a60bcdd9e1480e4b773618a9cb6f5187e1187a936496081eeec0452ca29192c684920073e6878e6a4c986442d8d17f22a40f58b79713411f4b090704a537e09bf99285ff3e67bbbd1f1d284434eb5503aa8aaec95986f8e9badf160a2c3198c97f5d7e22068db7231f6702bad659c464b945e20639c1c8e6f11a329f5c5226164936b83a77275430875a35744260f01db15aa58abba1bd7773f7a1a4b84b25cb7a08c067a395434d95cc86fc802376d3f2ac285f6c385245257f87499d7663ea3d4bed9809c4b00989d895e3906a1a2fcc641e6f032f7c799614f2309d5211f7c8f313e74267e861ad8ca5f5301521237d6c4b345cb7bd7108653a6c44d4cf61eb4058261cd41aac89faa74e09440120211a3a55c19ea5f39b9b544577b8157c06a9a7c72aab41cfec5fa28b02370d094d91c22e330a3c5a944d7dd428b4aa55fc4d27d"}) r8 = open_tree(r2, &(0x7f0000000140)='./file0/file0\x00', 0x0) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000001780)={@mcast1, 0x70}) 03:59:54 executing program 0 (fault-call:7 fault-nth:99): r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1414.740568][T11969] loop3: detected capacity change from 0 to 264192 [ 1414.748879][T11970] FAULT_INJECTION: forcing a failure. [ 1414.748879][T11970] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.761530][T11970] CPU: 0 PID: 11970 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1414.770305][T11970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1414.780356][T11970] Call Trace: [ 1414.783754][T11970] dump_stack+0x137/0x19d [ 1414.788093][T11970] should_fail+0x23c/0x250 [ 1414.792514][T11970] __should_failslab+0x81/0x90 [ 1414.797281][T11970] ? io_arm_poll_handler+0x15e/0x420 [ 1414.802577][T11970] should_failslab+0x5/0x20 [ 1414.807201][T11970] kmem_cache_alloc_trace+0x49/0x320 [ 1414.812571][T11970] io_arm_poll_handler+0x15e/0x420 [ 1414.817689][T11970] ? io_wq_enqueue+0x3a/0x40 [ 1414.822283][T11970] ? io_queue_async_work+0x18d/0x230 [ 1414.827583][T11970] __io_queue_sqe+0x133/0x3a0 [ 1414.832259][T11970] io_queue_sqe+0x6d/0x160 [ 1414.836688][T11970] io_submit_sqe+0x15c7/0x30c0 [ 1414.841615][T11970] ? kmem_cache_alloc_bulk+0x239/0x380 [ 1414.847165][T11970] io_submit_sqes+0x61f/0xaf0 [ 1414.851861][T11970] __se_sys_io_uring_enter+0x217/0xb20 [ 1414.857323][T11970] ? fput+0x2d/0x130 [ 1414.861338][T11970] __x64_sys_io_uring_enter+0x74/0x80 [ 1414.866731][T11970] do_syscall_64+0x34/0x50 [ 1414.871212][T11970] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1414.877206][T11970] RIP: 0033:0x4665f9 [ 1414.881098][T11970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1414.900816][T11970] RSP: 002b:00007f59e2435188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1414.909240][T11970] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 [ 1414.917210][T11970] RDX: 0000000000000000 RSI: 000000000400450a RDI: 0000000000000003 [ 1414.925295][T11970] RBP: 00007f59e24351d0 R08: 0000000000000000 R09: 0000000000000000 [ 1414.933276][T11970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 03:59:55 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semctl$GETALL(r0, 0x0, 0xd, &(0x7f00000000c0)=""/51) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semop(r0, &(0x7f0000000000)=[{0x1, 0x1643, 0x800}, {0x2, 0x6, 0x1000}], 0x2) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000100)=[{0x1, 0x8, 0x2800}, {0x1, 0x9, 0x1000}], 0x2) semctl$GETPID(r0, 0x3, 0xb, 0x0) [ 1414.941260][T11970] R13: 00007ffe4073a16f R14: 00007f59e2435300 R15: 0000000000022000 03:59:55 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:55 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000001000000000800000043"], 0x78) 03:59:55 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x2000, 0x0, 0x0, 0x0, 0x0) 03:59:55 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 03:59:55 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000800000800000048"], 0x78) 03:59:55 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000001000000000000000800000048"], 0x78) 03:59:55 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x8, 0x0, 0x0, 0x0) [ 1415.574761][T11969] loop3: detected capacity change from 0 to 264192 03:59:55 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x10, 0x0, 0x0, 0x0) 03:59:55 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b2838000008000000000900fdffffffffffffff006d5b33321bebbf3851bd47d4b26f60d2be033be10763c721ff2dab217c52bfe033fcad007bd301f11b63ca641309356550e440f5a1b6ea1f7201fdd74dda1fb473557b7691d89d575f5fd3e70227ed119b96508e65656884231de60c6593745e07c927f23be852ffbdf040983115"], 0x78) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10, r1, 0x2ec78000) 03:59:56 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x2000, 0x0, 0x0, 0x0) 03:59:56 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000100)=[{0x4, 0x0, 0x3000}, {0x1, 0x7}, {0x0, 0x800, 0x1000}, {0x1, 0x8001}, {0x4, 0x7, 0x1800}, {0x4, 0x0, 0x1000}], 0x6) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$IPC_RMID(r0, 0x0, 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x2}, {0x2, 0x6d0, 0x800}, {0x3, 0x2, 0x1000}, {0x4, 0x2, 0x1000}, {0x3, 0x9607}, {0x3, 0x401, 0x800}], 0x6, &(0x7f00000000c0)={0x0, 0x3938700}) 03:59:56 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x7bf1, 0x0, 0x0, 0x0) 03:59:56 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0xf17b, 0x0, 0x0, 0x0) 03:59:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000100000800000043"], 0x78) 03:59:56 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 03:59:56 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) semop(r0, &(0x7f0000000000)=[{0x4, 0x3f, 0x800}, {0x1, 0x8000, 0x800}, {0x3, 0xcabf, 0x800}, {0x0, 0x4, 0x1800}, {0x1, 0x1, 0x800}, {0x4, 0xffff}, {0x0, 0xfff8, 0x1800}, {0x2, 0x40, 0x1000}, {0x3, 0x1ff}], 0x9) r1 = semget$private(0x0, 0xc1a7c91220d72c8f, 0x100) semctl$GETVAL(r1, 0x1, 0xc, &(0x7f00000000c0)=""/129) 03:59:56 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800ffffffffffffffff00000800000048"], 0x78) 03:59:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000002000000000000000800000048"], 0x78) 03:59:56 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x200000, 0x0, 0x0, 0x0) 03:59:56 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0xf0ff7f, 0x0, 0x0, 0x0) 03:59:56 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000040)) 03:59:56 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b07119a000000080000006d00"/25], 0x78) 03:59:56 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x1000000, 0x0, 0x0, 0x0) 03:59:57 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x8000000, 0x0, 0x0, 0x0) 03:59:57 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x10000000, 0x0, 0x0, 0x0) 03:59:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000200000800000043"], 0x78) 03:59:57 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) r1 = semget$private(0x0, 0x4, 0x220) semtimedop(r1, &(0x7f0000000000)=[{0x4, 0x8}, {0x1, 0xdb4, 0x800}, {0x3, 0x5}, {0x3, 0x5, 0x3000}, {0x0, 0x27, 0x1000}, {0x4, 0x8, 0x1800}], 0x6, &(0x7f00000000c0)={0x0, 0x3938700}) semctl$GETPID(r0, 0x3, 0xb, 0x0) 03:59:57 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x20000000, 0x0, 0x0, 0x0) 03:59:57 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000800000000000000000800000048"], 0x78) 03:59:57 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x7ffff000, 0x0, 0x0, 0x0) 03:59:57 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000008000000000000000800000048"], 0x78) 03:59:57 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0xeffdffff, 0x0, 0x0, 0x0) 03:59:57 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000040)={0x0, 0x1, 0x20, 0x9, 0x189, &(0x7f00000001c0)="c2fbc19dfe4fbd46b4bb51137c25cb914a7ee6fe0c79c576489af219b67ec180617a036a63ff6d0a96a67afb78d0ae20d1aef02e01d45197394b05578236c3d0372ed2508bb332652cea40194d8e32a24ba8beab7541702f61a3b537523fb27f06e2fa36c49ab4f4dbc4e2a0d4da23445e1b0613598cf45fff2778708cfab595e5adb7e997be0ab7dea7ab6cdd792cd7b2e53ca1a9ff5bed389c234a4bd7f76df0e6249b3ad928b09b9512c7de233fa052c92f9879fda008389b27916b85182e34e2cbc4ba5541947f7cc69c521c9e36c543a4182b807796871d464ac1589ac184c33662d7257f1df03cde0880de1a0a3f3fff57dffd77f7a58cee87501e808ccf5687b1d10590bd1650064aeae7b24d9677b894fd0cc95f17c165b2237fdabba94bd61ce426cf2b82ba610d9a6f57c6466cff794f82cd19864971a610aefbdc774b1956d9003efcd52b414797f2ec04f80802656234777e195ac37b01f4f27c27397705fa187f181f83b0aed7c195a86442cbf25280014ae530b6b29b4d3656777907c54bab493c33b297d9434bfef077ec117e0b97ebb5d95afa6b4d1176dad72db83d93c46326514ca559af9bbb3862919d0ebaacda2587e870327c5179ba16e3a2ccefd85d74ef3ac215a3071c68bd9a473448de7228a0e50f3bfa59e6c529012cf718e871b82eb9323b28ceb6d4c3aae95f96947c7c2a07448cd4cbd545445b0f86b29261c07df8030f4c7dd932d26c75f0e9f533c45ad18f36d3bf23759dea8f26d3d3e0cafa99f2f334ca57adefaddb1c4ef90667d379c0b2a91531806cb79ebbc48a536c56d29cb333ed818fc82ec3317f4468337203f52c261baeae00b9a601b4207b2c396b6d3fa1cc853dfb0e38847fc08ec7b3119c672d9942f72368ac2ff2bf8b98f1602b2e834a6d070568a7089a9d42838738091a0f061c361f4a3d9c313efd18a01a7448f97fb3c18296d92e7f04f4c4c90783f899621bc21b5dc861a86fa1b5ea6a89440c9f96d7d61df6fc59e4375d9c68ab4f10589d01167484dff3529651d04c52edb5263198ab65a2d5f673d6aa5552047d121f3ba7bbe7462339bf4417123ccf23b0146b280f74f38883529a995ba58a6f9564ab0d159e3130452b89b240206de25272f5e9b94202bba64b6968e740e3b34cce8bdc70250fb242ce17f7a3b1814190c32071c06b0e7db83c82f9f84559ecd1b37a50e550df94360f017e84784de014d9684526b84da30e7e7f92ed9f1d91be7b882f88d12a1cab4eec1182141f36d7855f886322e1fbb1bfd911e162063bdd7e27e5531fbe8108d99918aec980a10cfc0b143f22afa0d1a9bc16726395753cecfcdafbfa9bd446fe1d13487ab55bba2e0b7f05e6501be2aab987e5a01c259142f60d51dde342a7a2206a0f3341ee9b0f4915ee27f38f77de086faccab89ffe2b0108"}) syz_open_dev$tty1(0xc, 0x4, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b5b073b3938000000006d000000049821197b0b8102a34f875a85a646be4b01fee83e560c65096554a669abe64cbd5b40c88a69d45c4f13ae219f374e066f00"/73], 0x78) 03:59:57 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0xf17b0000, 0x0, 0x0, 0x0) 03:59:57 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0xfffffdef, 0x0, 0x0, 0x0) 03:59:58 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0xffffffff, 0x0, 0x0, 0x0) 03:59:58 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3, 0x0, 0x1000}], 0x1) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000000)=""/25) semctl$GETPID(r0, 0x0, 0xb, 0x0) 03:59:58 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800ffffffffffffffff00000800000043"], 0x78) 03:59:58 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x8, 0x0, 0x0) 03:59:58 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000800000000000800000048"], 0x78) 03:59:58 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x10, 0x0, 0x0) 03:59:58 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x2000, 0x0, 0x0) 03:59:58 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000100000000000800000048"], 0x78) 03:59:58 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x7bf1, 0x0, 0x0) 03:59:58 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:58 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xf17b, 0x0, 0x0) 03:59:58 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$TIOCNXCL(r1, 0x540d) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b0700050000000800000000090000000000000800e7ff6d"], 0x78) 03:59:58 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x200000, 0x0, 0x0) 03:59:59 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x7ff, 0x1800}, {0x4, 0x8000, 0x1000}, {0x1, 0x3, 0x1800}], 0x3) r1 = semget$private(0x0, 0x3, 0x0) semop(r1, &(0x7f0000000040)=[{0x4, 0x2}, {0x1, 0x4}], 0x2) semop(r0, &(0x7f0000000080)=[{0x1, 0x3, 0x800}], 0x1) semctl$GETALL(r0, 0x0, 0xd, &(0x7f00000000c0)=""/77) 03:59:59 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000200000000000000000800000043"], 0x78) 03:59:59 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xf0ff7f, 0x0, 0x0) 03:59:59 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000010000000800000048"], 0x78) 03:59:59 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x1000000, 0x0, 0x0) 03:59:59 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x8000000, 0x0, 0x0) 03:59:59 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000010000000800000048"], 0x78) 03:59:59 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x10000000, 0x0, 0x0) 03:59:59 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x20000000, 0x0, 0x0) 03:59:59 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x7ffff000, 0x0, 0x0) 03:59:59 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x20) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 03:59:59 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xeffdffff, 0x0, 0x0) 03:59:59 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xf17b0000, 0x0, 0x0) 04:00:00 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000100000000000800000043"], 0x78) 04:00:00 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x80, 0x1000}, {0x1}, {0x1, 0x3ff}, {0x1, 0x7, 0x1800}, {0x1, 0xcf, 0x1800}, {0x1, 0x3, 0x800}, {0x2, 0x81, 0x3000}, {0x2, 0x5, 0x1000}], 0x8) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r2, &(0x7f0000000080)=[{0x2, 0x1e7, 0x1800}, {0x4, 0xad5, 0x1000}, {0x3}, {0x1, 0x6, 0x800}, {0x3, 0x9}, {0x2, 0x0, 0x800}, {0x3, 0x8000, 0x1c00}], 0x7) semop(r0, &(0x7f0000000080), 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 04:00:00 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xfffffdef, 0x0, 0x0) 04:00:00 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000008000800000048"], 0x78) 04:00:00 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x10000000000, 0x0, 0x0) 04:00:00 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000020000000800000048"], 0x78) 04:00:00 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {0x4}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semget(0x0, 0x0, 0x30) semctl$GETPID(0xffffffffffffffff, 0x0, 0xb, 0x0) 04:00:00 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x7ffffffff000, 0x0, 0x0) 04:00:00 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$IPC_RMID(r0, 0x0, 0x0) semop(r0, &(0x7f0000000000)=[{0x3, 0x0, 0x800}, {0x1, 0x6, 0x1400}, {0x0, 0x7, 0x1800}, {0x3, 0x0, 0x1000}, {0x1, 0x1, 0x1800}, {0x0, 0x5, 0x1800}, {0x0, 0x3, 0x1800}], 0x6) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:00 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0x80000, 0x40) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockname$unix(r2, &(0x7f0000000100), &(0x7f0000000180)=0x6e) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b39dfea26a7a3194d380000080000000009000000000000080000006d685f2bc425ce74f7a8892012b21eb1ec839f9f92223a8f1f632e7af24516349173fb02ba9e6f71c9cf3589c77ceb0b01a59f02ad9ac7983e63f27f6ecb8615b3e4de2c3cc5cda4092377ea3d118f6dd1e3848dbb308e7ac259ea26978e2bbdaa5f36cd7dbe658bd55d7ecd0bef6b788d"], 0x78) 04:00:00 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x20000000000000, 0x0, 0x0) 04:00:00 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3, 0x69}], 0x1) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r3 = semget$private(0x0, 0x0, 0x480) semop(r3, &(0x7f0000000200)=[{0x3, 0x5, 0x2000}, {0x1, 0x0, 0x1000}, {0x4, 0x2, 0x1000}, {0x4, 0x5, 0x800}], 0x4) semop(r1, &(0x7f00000001c0)=[{0x4, 0x1, 0x1000}, {0x0, 0x4}, {0x1, 0x7, 0x1400}, {0x3, 0x800, 0x3000}, {0x4, 0x8, 0x1800}, {0x4, 0x101}, {0x0, 0x8}, {0x1, 0xf90, 0x1000}, {0x0, 0x40}, {0x4, 0xa210, 0x1000}], 0xa) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r2, 0x2, 0xf, &(0x7f0000000140)=""/67) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000000)=[{0x3, 0x200, 0x1000}, {0x4, 0x7}, {0x0, 0x2}, {0x0, 0x400, 0x1800}, {0x3, 0x7f, 0x1800}, {0x0, 0x409}, {0x3, 0x6, 0x1000}, {0x2, 0x8, 0x1000}], 0x8, &(0x7f0000000100)={r4, r5+60000000}) semget$private(0x0, 0x4, 0x120) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:00 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000200000000000800000043"], 0x78) 04:00:00 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xf0ff7f00000000, 0x0, 0x0) 04:00:00 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000ffffffffffffffff000800000048"], 0x78) 04:00:01 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xf0ffffff7f0000, 0x0, 0x0) 04:00:01 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x100000000000000, 0x0, 0x0) 04:00:01 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000080000000800000048"], 0x78) 04:00:01 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x800000000000000, 0x0, 0x0) 04:00:01 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x1000000000000000, 0x0, 0x0) 04:00:01 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80, 0x2800}, {}], 0x2) semctl$SEM_STAT_ANY(r0, 0x3, 0x14, &(0x7f00000000c0)=""/206) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:01 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b39380000080000008fff090000000000000000006d2822b4205e9657dcdbcc479a85b4ad91611ef9c50b1ec2fb0e91bd6baf1f151d13b9dc965e4c09cca3552475c8d5b882e0dab4c57307000000dcbdb50abd96a485e2f61acc000000000000"], 0x78) 04:00:01 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x2000000000000000, 0x0, 0x0) 04:00:01 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xeffdffff00000000, 0x0, 0x0) 04:00:01 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xf17b000000000000, 0x0, 0x0) 04:00:01 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000010000000800000043"], 0x78) 04:00:01 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000008000000000000000800000048"], 0x78) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xffffffff00000000, 0x0, 0x0) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0xffffffffffffffff, 0x0, 0x0) 04:00:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008ffffffffffffffff0000000800000048"], 0x78) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x8) 04:00:02 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) r1 = semget(0x2, 0x1, 0x90) semop(r1, &(0x7f0000000000)=[{0x1, 0x2, 0x800}, {0x4, 0x8, 0x1800}, {0xa, 0x9, 0x1000}, {0x3, 0x3}, {0x1, 0x401, 0x800}, {0x3, 0x9, 0x800}], 0x6) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x10) 04:00:02 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) mmap(&(0x7f0000593000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0xf4176000) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x2000) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x7bf1) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xf17b) 04:00:02 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000008000000000800000048"], 0x78) 04:00:02 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000001000800000043"], 0x78) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x200000) 04:00:02 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xf0ff7f) 04:00:03 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800020000000000000000000800000048"], 0x78) 04:00:03 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x1000000) 04:00:03 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000000)=[{0x4, 0x0, 0x1000}], 0x1) semop(r0, &(0x7f0000000040)=[{0x0, 0xeebd}, {0x1}], 0x2) semop(r0, &(0x7f00000000c0)=[{0x3, 0x40}, {0x1, 0x1}], 0x2) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:03 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x8000000) 04:00:03 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r2, &(0x7f00000005c0)=[{&(0x7f0000000040)=""/96, 0x60}, {&(0x7f00000000c0)=""/44, 0x2c}, {&(0x7f00000001c0)=""/218, 0xda}, {&(0x7f00000006c0)=""/154, 0x9a}, {&(0x7f0000000100)=""/102, 0x66}, {&(0x7f0000000380)=""/229, 0xe5}, {&(0x7f0000000480)=""/139, 0x8b}, {&(0x7f0000000540)=""/41, 0xffffffffffffffb7}, {&(0x7f0000000680)=""/35, 0x23}], 0x9, 0x49, 0x1) preadv(r0, &(0x7f0000000340)=[{&(0x7f0000000780)=""/219, 0xdb}, {&(0x7f00000002c0)=""/98, 0x62}, {&(0x7f0000000880)=""/99, 0x63}, {&(0x7f0000000900)=""/239, 0xef}], 0x4, 0x3, 0x2) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) mmap(&(0x7f00001af000/0x2000)=nil, 0x2000, 0x1000006, 0x10, r3, 0x22682000) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b00004009000000000000080000226d"], 0x78) 04:00:03 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x10000000) 04:00:03 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x20000000) 04:00:03 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x7ffff000) 04:00:03 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000100000800000048"], 0x78) 04:00:03 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xeffdffff) 04:00:03 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000002000800000043"], 0x78) 04:00:03 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xf17b0000) 04:00:03 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800080000000000000000000800000048"], 0x78) 04:00:04 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xfffffdef) 04:00:04 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) r1 = semget(0x3, 0x0, 0x297) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget(0x1, 0x2, 0x80) semop(r2, &(0x7f0000000000)=[{0x3, 0xede}, {0x3, 0x7}], 0x2) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_RMID(r3, 0x0, 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:04 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x10000000000) 04:00:04 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0xa0000, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x2010, r2, 0x7417d000) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 04:00:04 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x7ffffffff000) 04:00:04 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x20000000000000) 04:00:04 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xf0ff7f00000000) 04:00:04 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000080800000048"], 0x78) 04:00:04 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xf0ffffff7f0000) 04:00:04 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000ffffffffffffffff000800000043"], 0x78) 04:00:04 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x100000000000000) 04:00:04 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000010000000000000800000048"], 0x78) 04:00:04 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000000)=[{0x2, 0x88c, 0x1000}, {0x0, 0x8}, {0x0, 0x9, 0x800}, {0x3, 0x3}, {0x2, 0x100}, {0x1, 0x100, 0x1000}, {0x0, 0x40}, {0x0, 0x6, 0x800}], 0x8) semtimedop(r0, &(0x7f0000000000), 0x0, &(0x7f00000000c0)={0x0, 0x3938700}) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:04 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x800000000000000) 04:00:05 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x1000000000000000) 04:00:05 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000040)="b47f3625bfbfc1469cf80092350b3acd06046e78ed08e37bcfffb755e9d53943bc1b827c72e4d17baf4a8131896b8547f772618286a6b42a80e4f8f616d4da4968b2b2d25ebf40c226b8b63809ea7c8a6a0f3c85887f7449d86045523a34005a4eec2f28f178ca97145b7507948821957e39e9d948d6ad9b651ee03f93a3a7bdb67c3f3ae825babea65d7a785244e3bfd508b611bda3700eb32389d57c594cd3c5000b3df047b28768b6b94085b2281cfbab2a5c4918b41ba227739f91b784e589665eae770d66da864f40c04b8577ab2a163328769a8b8be37c1fe6a72fb542c6ab20") mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 04:00:05 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x2000000000000000) 04:00:05 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xeffdffff00000000) 04:00:05 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000ffffffffffffffff0800000048"], 0x78) 04:00:05 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xf17b000000000000) 04:00:05 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000002000000000000000800000043"], 0x78) 04:00:05 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xffffffff00000000) 04:00:05 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0xffffffffffffffff) 04:00:05 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000020000000000000800000048"], 0x78) 04:00:05 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000280), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0x4}]}, 0x28}}, 0x0) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x85}, 0x1) r4 = semget$private(0x0, 0x7, 0x0) semop(r4, &(0x7f0000000040)=[{0x1, 0x80, 0x1800}, {0x0, 0x80}], 0x2) semop(r4, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r4, 0x3, 0xb, 0x0) semctl$IPC_STAT(r4, 0x0, 0x2, &(0x7f00000002c0)=""/229) 04:00:05 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000081000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f000023a000/0x3000)=nil, 0x3000, 0x1, 0x2010, r0, 0x8000000) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r7, 0x0, 0x0}, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r6, &(0x7f0000000240)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x200}, 0x1, {0x0, r8}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x222001, 0x0) write$vga_arbiter(r9, &(0x7f00000001c0)=@unlock_all, 0xb) 04:00:05 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) 04:00:06 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_io_uring_complete(0x0) ioctl$BTRFS_IOC_SCRUB_CANCEL(r2, 0x941c, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) writev(r3, &(0x7f0000000340)=[{&(0x7f0000000080)="adb6dfffb43c3043bde6171efc70701429e19561b81ca6170700fca61a2397a3", 0x20}, {&(0x7f00000000c0)="dde69877c7fecab7c7e8b8639787340dfffc3ec3c5f208f26b813c189c7309ca987c97092710559f0a8c4a891f2d00811552e5e5ca19672e72e29f78f3ef3e49a3e02d3afab49f7d0b1a1f3968d7e63877653a978e0c3404215abb5379ed9c61c7f1c7309b3ad8c99eaa5841f12c9eeb6a3c070e508dbffe2eebfb953b", 0x7d}, {&(0x7f0000000140)="6de2482dc5c1e521af699ee5dda822d4026e6bc0278de21e911fa84e9df4f25b5959f77f743efca2dba57cadc975d83e542fc145bd92", 0x36}, {&(0x7f0000000180)="fcfb796661e1c0fe5519dd", 0xb}, {&(0x7f00000001c0)="11c2ee0c9e4c1d81fe0cd8ee865d1c3612ddadfab269823ac215a18440758a1e47bfbc40b0787d06b0982da0d9f10e488b25c235de1665aef9f5909f46e966870153dd3f89051962c50df12dcd5c83aefb843581331ba90c3a564d1423c6dbe4ec2f71b6db755a4612105da72f3464219db7297a50d00d0ed1419d7c1efc5c9b6782bc596c477104f708c8919da4a7662c722dfbbd1d007dc68459d7cbd31d3591e5323f876b3042bed8386ad81df3090a17d595ea1b27a5f734924503ee64458229867c28bf", 0xc6}, {&(0x7f00000002c0)="d11c0ce72d264f1d2b9f24dbd1a63b629124b2a2943e3539659836d76e2a6c3b1f75b20c60e260243b3a486cbb7167b48c51cbcfa47bbdd361933b52af63c47e5cc9001479ae077b50318f27d0d58af9ec", 0x51}], 0x6) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b8e6f248d6defb67b5d771f2aec073b3938000008000000676f40dc9f32cd2317caa8bee33ade3609ffaba8cbd6000000000000"], 0x78) 04:00:06 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000358000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:06 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFADDR(r3, 0x8915, &(0x7f0000000100)={'dummy0\x00', {0x2, 0x0, @initdev}}) 04:00:06 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000100000048"], 0x78) 04:00:06 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x17ae, &(0x7f00000003c0)={0x0, 0x8be2, 0x8, 0x1, 0x2bb}, &(0x7f0000093000/0x4000)=nil, &(0x7f0000165000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000005c0)) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x700}}) r5 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000600)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x3, 0x0, 0xffffffffffffffff, 0x0, r4, 0x2, 0x0, 0x1, {0x0, r8}}, 0x3) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r9 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r9, 0x0) preadv(r9, &(0x7f0000000240)=[{&(0x7f0000000540)=""/75, 0x5b}, {&(0x7f00000002c0)=""/108, 0x6c}, {&(0x7f0000000340)=""/89, 0x59}, {&(0x7f0000000440)=""/197, 0xc6}, {&(0x7f00000001c0)=""/28, 0x1c}], 0x5, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)=ANY=[], 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000080)=0xc) r11 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r11, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f, r10}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r9, 0x89f8, &(0x7f00000006c0)={'ip6tnl0\x00', &(0x7f0000000640)={'syztnl2\x00', r10, 0x29, 0xff, 0x8, 0x80000001, 0x54, @remote, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10, 0x10, 0x0, 0x7fff}}) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:06 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000001000000000800000043"], 0x78) 04:00:06 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) write$vga_arbiter(r3, &(0x7f0000000100)=@unlock_all, 0xb) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:06 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x2, 0x8, 0x3}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_setup(0x5be7, &(0x7f0000000380)={0x0, 0x4e23, 0x0, 0x0, 0x28d, 0x0, r0}, &(0x7f000002d000/0x3000)=nil, &(0x7f00004a1000/0x3000)=nil, &(0x7f0000000300)=0x0, &(0x7f0000000400)) syz_io_uring_submit(r7, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7ffffffe) connect$unix(r3, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e23}, 0x6e) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r6, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x1b27, &(0x7f0000000240)={0x0, 0x984, 0x4, 0x0, 0x39e}, &(0x7f000075b000/0x4000)=nil, &(0x7f000045e000/0x1000)=nil, &(0x7f0000000000), &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r8, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:06 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000080000000000000800000048"], 0x78) 04:00:06 executing program 5: socketpair(0x10, 0x800, 0x8, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_FT_IES(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x130, r2, 0x329, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_IE={0x106, 0x2a, [@measure_req={0x26, 0x100, {0x0, 0x0, 0x0, "369eddbb15a30143481faccb067077d8054ade3b2750e35b561af9b1e3e91d0daf4174768fa8fda714806888755657e13ed4c1d7ca48783b59e4dc150c780e836497c88fe55eeb3c2c617e1d319f3206f0adaa6073ae4e05118a358f64deae3a833764e5c2f7fdefa446a5da1303b22c8374ce5ed250de7dd1e30d2a30d78b9da2681b2207be5074c82d2a10a67a8dd84187459eb54b8ed5a29e9cc9af1f80dd6eff21629cbfa23aaf9ce9e4c23a1bf20e1706ad6b898fa63f118833d71a59389976c91efeeebc1b9d2da95001d22c17dce05bea07a1d426d13b16de6aa540367a0fbfa97f49b85008a6fee37516d9759207ddd76d60d86d6a141b263b"}}]}]}, 0x130}}, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r2, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfff80000, 0x16}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x75}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x37}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x27}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80004}, 0x8011) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r3, &(0x7f0000000080)=[{0x3}], 0x1) r4 = semget$private(0x0, 0x1, 0x2) semop(r4, &(0x7f0000000000)=[{0x1, 0xff01, 0x1800}, {0x1, 0x408, 0x800}, {0x0, 0x6, 0x2000}, {0x2, 0x1, 0x1000}, {0x2, 0x3}, {0x0, 0x7f}, {0x3, 0x7f, 0x1000}], 0x7) semctl$GETPID(r3, 0x3, 0xb, 0x0) 04:00:06 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000240)={0x0, 0xca71, 0x4}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:06 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f0000001300)={0x0, 0x101, 0x1000}) r1 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/178, 0xb2}, {&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x3, 0xd9f, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITE_FIXED={0x5, 0x3, 0x4007, @fd_index, 0x7aab, 0xfff, 0xd8cc, 0x11, 0x0, {0x0, r5}}, 0x0) io_uring_enter(r1, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:06 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}]}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$GIO_CMAP(r2, 0x4b70, &(0x7f00000000c0)) 04:00:06 executing program 0: r0 = syz_io_uring_setup(0x15a2, &(0x7f0000000240)={0x0, 0x7c85}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f00000001c0)=0xc) r6 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x8400, 0x0) kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r0, &(0x7f0000000300)={r6, r0, 0x9}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:07 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x108, &(0x7f0000000140)=0x307f, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/19, 0x13}, {&(0x7f0000000240)=""/137, 0x89}, {&(0x7f0000000300)=""/132, 0x84}, {&(0x7f00000003c0)=""/82, 0x52}], 0x4) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000440)={0x0, 0x1, '\x00', [@pad1, @enc_lim={0x4, 0x1, 0x4}, @jumbo={0xc2, 0x4, 0x79}]}, 0x18) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:07 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000200000048"], 0x78) 04:00:07 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x11, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) r4 = mmap$IORING_OFF_SQES(&(0x7f00000d4000/0x1000)=nil, 0x1000, 0x4, 0x10010, r0, 0x10000000) r5 = openat$cgroup_subtree(r2, &(0x7f0000000400), 0x2, 0x0) preadv(r5, &(0x7f0000000800)=[{&(0x7f0000000440)=""/96, 0x60}, {&(0x7f00000004c0)=""/81, 0x51}, {&(0x7f0000000540)=""/200, 0xc8}, {&(0x7f0000000640)=""/208, 0xd0}, {&(0x7f0000000740)=""/158, 0x9e}], 0x5, 0x4, 0x6) syz_io_uring_submit(r1, r4, &(0x7f0000000200)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x2007, @fd_index=0x5, 0x150, 0x6, 0x4, 0x2a, 0x1, {0x0, r3}}, 0x2) r6 = syz_io_uring_setup(0x13b7, &(0x7f0000000240)={0x0, 0x13c5, 0x2, 0x2, 0x31d, 0x0, r0}, &(0x7f0000fff000/0x1000)=nil, &(0x7f00005d7000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) pwrite64(r6, &(0x7f0000000300)="489122bf189e623db011e57c4f765daa6f1c06e4684bc90fe590730f7574a05e69f2cfbd5d297c7c9de61f5d1d912fd866569fe4930441d016edf68f0cdd7c77b9e3491b0ab45bc73c8649d8e7a1cee05f8d7da52bcbf7da8350", 0x5a, 0x3) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000380)=@IORING_OP_SPLICE={0x1e, 0x4, 0x0, @fd=r2, 0x200000000, {0x0, r2}, 0x10001, 0x6, 0x1, {0x0, r9, r6}}, 0x0) syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x4000, @fd_index, 0x8000, 0x0, 0x0, 0x4, 0x1, {0x0, r9}}, 0xcd) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r8, &(0x7f00000003c0)=@IORING_OP_NOP={0x0, 0x2}, 0x5) 04:00:07 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000002000000000800000043"], 0x78) 04:00:07 executing program 0: r0 = syz_io_uring_setup(0x56c6, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000a14000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r7, 0x0, 0x0}, 0x0) r8 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r11}}, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x1, 0x2000, @fd=r0, 0x7, 0x0, 0x0, 0x11, 0x0, {0x0, r11}}, 0x5e) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_FILES_UPDATE={0x14, 0x4, 0x0, 0x0, 0x5, &(0x7f00000003c0)=[r7, 0xffffffffffffffff], 0x2}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r12 = syz_open_dev$rtc(&(0x7f0000000280), 0x7, 0x58080) r13 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r13, 0x89f2, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x0, 0x200000}}) ppoll(&(0x7f00000002c0)=[{r3, 0x4}, {r12, 0x2004}, {0xffffffffffffffff, 0x80c0}, {0xffffffffffffffff, 0x40a0}, {r7, 0x424}, {r13, 0x13520}, {r4, 0x222}], 0x7, &(0x7f0000000300), &(0x7f0000000380)={[0x9]}, 0x8) 04:00:07 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x2, 0x2000, @fd=r6, 0x1800000000, &(0x7f0000000240)="268b3016a371f0a193b300a34f1b4dc5b90d0d05ed4e1c88c0f2fa7954a86d12e75ac881dd21d4a507bc01d8b69b55293bd613d9faefd62f1255962b2851388bfa2afd9e662b7303f8c1197379c0a5187caa8f23de75642ab72929ae603a7281ddf0eb6a0d8e7ff8016b28fa993718704959bf448c9239cdd3f28b7a", 0x7c, 0x0, 0x1}, 0x1f) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r7, 0x0) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:07 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000001000000000800000048"], 0x78) 04:00:07 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x8000, 0x800}, {0x3, 0x3}, {0x5, 0x1d, 0x800}, {0x1, 0x3}, {0xeb9b3e9465ec8f2f, 0x5}], 0x5) semop(r0, &(0x7f00000000c0)=[{0x4, 0x926}, {0x3, 0x7}], 0x2) semop(r0, &(0x7f0000000100)=[{0x2, 0x80}, {}, {0x3, 0x7ff}], 0x3) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:07 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f000053b000/0x2000)=nil, 0x2000, 0x1000000, 0x4010, r0, 0x8000000) io_uring_enter(r0, 0x3421, 0x17b9, 0x2, &(0x7f0000000600)={[0x7]}, 0x8) r4 = syz_io_uring_setup(0x3442, &(0x7f0000000240)={0x0, 0xa07e, 0x10, 0x3, 0x35d, 0x0, r0}, &(0x7f00006d5000/0x3000)=nil, &(0x7f000005f000/0x3000)=nil, &(0x7f0000000100), &(0x7f00000001c0)=0x0) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r5, &(0x7f0000000400)=@IORING_OP_STATX={0x15, 0x1, 0x0, r6, &(0x7f00000002c0), &(0x7f00000003c0)='./file0\x00', 0x10, 0x400, 0x1, {0x0, r7}}, 0x437) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_io_uring_setup(0x57ef, &(0x7f0000000440)={0x0, 0xcbf6, 0x0, 0x1, 0x1da, 0x0, r4}, &(0x7f0000654000/0x3000)=nil, &(0x7f0000547000/0x3000)=nil, &(0x7f00000004c0)=0x0, &(0x7f0000000500)) r9 = mmap$IORING_OFF_SQES(&(0x7f000064f000/0x3000)=nil, 0x3000, 0x2000006, 0x810, 0xffffffffffffffff, 0x10000000) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f00000005c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000540)=@vsock={0x28, 0x0, 0x2711, @my=0x1}, 0x0, 0x0, 0x0, {0x0, r10}}, 0x1) r11 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r11, 0x0) preadv(r11, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:07 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) lgetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@random={'user.', '[\x00'}, &(0x7f0000000280)=""/135, 0x87) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/102, 0x66}, {&(0x7f00000000c0)=""/99, 0x63}], 0x2, 0xd9f, 0x3) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 04:00:07 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r3, 0x195b, 0x2d3a, 0x1, &(0x7f0000000100)={[0x8]}, 0x8) 04:00:08 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000100), 0x2, 0x0) preadv(r4, &(0x7f00000004c0)=[{&(0x7f0000000240)=""/242, 0xf2}, {&(0x7f00000001c0)=""/38, 0x26}, {&(0x7f0000000340)=""/27, 0x1b}, {&(0x7f0000000380)=""/226, 0xe2}, {&(0x7f0000000480)=""/13, 0xd}], 0x5, 0x2, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:08 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000080000000000000800000048"], 0x78) 04:00:08 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_STATX={0x15, 0x4, 0x0, 0xffffffffffffff9c, &(0x7f0000000240), &(0x7f0000000100)='./file0\x00', 0x4, 0x1000}, 0x1) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:08 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000100000800000043"], 0x78) 04:00:08 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080)={0x0, 0xffffffff, 0x0, 0x1, 0x2}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x8002, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f00000029c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="ba01000015e902e73ab82083271a850455e66e48f8ab6340ab7eb5be671d74010000000000000021964771a5da426d05674a7bc1bdf18c4ba98ff8199775863f84c471d71975672ce83830e109d40abfec1103cb9a1fdb1d41f552ecacdf08750866b8c8db05c01d17468f1c5702d54280d0cb1cbe631c4f47acc100a4918d11e189dd08d527ffcb2f6588d51a8e89ad3e61a114bd7bd354865812ad283fc8eee46cb7fd999c5bed57fa62b96c8ce7e87e01d6d8fe54b2269bffb6fd8ffa67c6cdb3674521bb7b878c88a057ed2ce84e44be0b8084291ce1508037d953339f93a1b4d455511b70647dd7e81471bdfc69552f0883880ff0dccd51b95504d22279135b3df122fefee05f71250da37d4f3f14f504e1c46cb6a2cbf6fc70aca58b97e76ed440000008000000bfee8023f99be68e767812479b9f7d26ddef0ea828e305b9aac8055180ccf555d429e58a7aba6df0291b88237fe41e711942095e8c02e26a22675bcc54300094a1af5ce11ffd1104db9f71eddad711c00c24e90f8f90866300f81ca06d66f4b17915fef24a7a6b8e7c1e80d3b8dffff2c96c77a578875c793445ffb3ec7ca8696d288552e6df1039c48e4ceb77f51b14127fcc001cc3248744d462b43d48cba20ccc3d40be923594a7b65b737fb9983a45164b8f701996c7d1d0886f604d179149c2deb908000000e3006173372860f0c500"/518, @ANYRES16=r6, @ANYRESDEC=r5], 0x1d4}, 0x1, 0x0, 0x0, 0x24048000}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(r4, 0x5000943a, &(0x7f0000000a40)={{}, 0x0, 0x1a, @unused=[0x7fff, 0x7f, 0x7ff, 0x9], @devid=r5}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000440)={{}, 0x0, 0x32, @inherit={0x78, &(0x7f00000000c0)={0x1, 0x6, 0xc3, 0x8, {0x0, 0x4, 0x10000, 0xfffffffffffffff9, 0x8}, [0xffff, 0x4, 0x80000001, 0x6, 0x5d8000, 0x1ff]}}, @devid=r5}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000540)={{}, 0x0, 0x4, @inherit={0x70, &(0x7f0000000100)={0x1, 0x5, 0x9, 0x0, {0x0, 0x7, 0x3ff, 0x27, 0x7be}, [0x2, 0x1, 0x80000001, 0x53c, 0x80000000]}}, @devid=r5}) ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f0000000480)={r5, "13144fac723c8b45b925ebd52917041b"}) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f00000015c0)={r5, "3ebc891fb67b5ae0822c358324df4a6e"}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000340)={r5, 0x3ff, 0xd7}) r7 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r7, 0x0) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) lsetxattr$security_ima(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)=@ng={0x4, 0x12, "fabbe65f524efd50"}, 0xa, 0x1) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:08 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000100), 0x0, 0x8, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x204400, 0x100) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:08 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000100000800000048"], 0x78) 04:00:08 executing program 5: r0 = semget$private(0x0, 0x7, 0x4e4) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {0x0, 0xb7ba}], 0x2) semget(0x1, 0x1, 0x88) semtimedop(r0, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}], 0x1, &(0x7f00000010c0)={0x77359400}) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) r1 = semget(0x0, 0x3, 0x6c4) semop(r1, &(0x7f0000001140)=[{0x2, 0xc2}, {0x1, 0x6, 0x1000}], 0x2) semctl$GETZCNT(r0, 0x4, 0xf, &(0x7f00000000c0)=""/4096) 04:00:08 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x101, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 04:00:08 executing program 0: pipe2(&(0x7f00000001c0), 0x4000) r0 = syz_io_uring_setup(0x15a4, &(0x7f0000000240)={0x0, 0x2}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$incfs(r4, &(0x7f0000000100)='.pending_reads\x00', 0x200100, 0x32) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:08 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f000039f000/0x3000)=nil, 0x3000, 0x2000000, 0x20010, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0xba, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r6 = openat(r3, &(0x7f0000000240)='./file0/file0\x00', 0x448520, 0x10) write$vga_arbiter(r6, &(0x7f0000000280)=ANY=[@ANYBLOB="7461726736424c6943493aa81a313a622e3200"], 0x13) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) close(r0) openat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)={0x0, 0x48}, 0x18) 04:00:08 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000080000000800000048"], 0x78) 04:00:09 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r4, r5, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r6, 0x0, 0x0}, 0x0) r7 = signalfd(r3, &(0x7f0000000100)={[0x6]}, 0x8) syz_io_uring_submit(r4, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r7, 0x80, &(0x7f0000000240)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}}}, 0x3) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:09 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00002f5000/0x9000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) mmap(&(0x7f00006d9000/0x3000)=nil, 0x3000, 0x2000005, 0x2010, r4, 0x5cf3c000) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:09 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r5 = syz_open_dev$vcsa(&(0x7f0000000100), 0x800, 0x444000) io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, &(0x7f00000001c0)=r5, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:09 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000010800000043"], 0x78) 04:00:09 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x20, 0x80000001, 0x0, @private2, @private1={0xfc, 0x1, '\x00', 0x1}}}) recvmsg(r0, &(0x7f0000000600)={&(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000100)=""/51, 0x33}, {&(0x7f00000001c0)=""/28, 0x1c}, {&(0x7f00000002c0)=""/111, 0x6f}, {&(0x7f0000000340)=""/42, 0x2a}, {&(0x7f0000000380)=""/223, 0xdf}, {&(0x7f0000000480)=""/109, 0x6d}, {&(0x7f0000000500)=""/46, 0x2e}, {&(0x7f0000000540)=""/13, 0xd}], 0x8}, 0x40000101) setpriority(0x1, 0x0, 0xffffffec) r1 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) mmap(&(0x7f0000127000/0x3000)=nil, 0x3000, 0x6, 0x810, r1, 0x2ee3000) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) dup(r5) r6 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @private}, 0x6f}) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000640)={@private1}, 0x14) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x4}, 0x10000) msync(&(0x7f0000682000/0x3000)=nil, 0x3000, 0x1) io_uring_enter(r1, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:09 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) r1 = semget(0x0, 0x3, 0x67d) semop(r1, &(0x7f0000000040), 0x0) semget(0x1, 0x2, 0xb8) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:09 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000200000800000048"], 0x78) 04:00:09 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f0000000000)=""/63) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:09 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 04:00:09 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000004000000048"], 0x78) 04:00:10 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000020800000043"], 0x78) 04:00:10 executing program 0: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x1a0) syncfs(r0) r1 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800007, 0x10, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$vga_arbiter(r4, &(0x7f0000000100), 0xf) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r1, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:10 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000800000800000048"], 0x78) 04:00:10 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x105900, 0x0) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f00000001c0)={0x0, 0x0, 0xb, 0x5, 0x50, &(0x7f0000000380)="12a5c727e058a31a31621e084f7b33cf30a5ae7e3431088901b15b0d3583a1a883763cacf68528cd129f5f477c1f50e2b5fea675c8b3cc52755ff073689f3f60f2c1a786742ff95ce541113745940a06c06bd5fd273a098f0e58fece9cb45664a18bbdbf6d8ff8b449174a9eb593f0a4fb7d2c5e7acee0546585e4f83d4a72a6757251bfb85f0078491829ff85aa548a3a8babf1aea114e93b7b6dfad01eabd1972660cc8fe7c3884b8b20915a353f97e40ff7156c51e3b2f32604dd9147fec292efbfcdc9b6f79c16a63a591eb5c8d9c077dc8d9894d9505eb4fcf4775723ffd9f6a7c95a70f5bbf5dd49e7711c9609a684382e8e99cddb9b6a5ae8c90f066e07a863a51311faac6c214d4f22f41985dcff6fd4c590c4316dacd462cff6b2941f8b46a9ff540cf7a7b7ce7f77d6c6c224074285aa41d43e9d400fed9a3e86f23abb8c3af0f5bacf3cf126e4fc7117f325ba7fafe3d46de5b92d5b4b054287c86fa35d1d7b846fa9e91b839c6ee96a8e0602836a373ea7d219b5edd4da8ffe5bf1659bc77f98fe09e6b3d3961123d933ed426e92dd52dee9f4b3361d6c1281f0fc52ead7a78f605f15db32b1864210d43694f3569935c5cfef38b23820b40d1669918c7f8f2857e28a3b0f925a23a370a0a747186978fe7e9a5aca038b2010f04a5534be1c0832657d2cdd85d37b2feef0ec886bc967bf2eb373e29a8861f72817fd9462d33170006d61ba683b78dd0727b136c13efe08874062ad991ff6d4fefdac76cb2e783f5bfa200f1181f46b6e8d3ad20ed18523cba813e55dfe6b9d7257b664b8dcfd9a5d212d924bce08f99a5e331af02fb12c36d163d964d4cd8e2998ece25f0886ee9f48d836abc73912b86e1e22924f840d705b4428b81f0f92ed0542af79ef600bb97178fc6af42b71b35998db637a4beb7468d7263b355084ccf595c8e2c1d7afc32b05eb7cb27719425cd14f1211b11e6fb813a9ce66dda6b15ff45361e692ea0ee63ad667cc1058089496f0074d6f7dbd686f334ddcccca19e2f267007869f14897c4594faddfaa4a7cf547e35f30f26ee0ea27aea47f4dc71550b817538cf00abad3053ccfc8f9db370f1201b4b7e46426713e4cb03a3b6ff6e67f0077359a1e2d7bbbcc4fe7d09475da390f6007c99e0ff6148769a5f3456434032d7ec74018a9f2fa567a947443f690e5f351aad936c77c165c5ad4760143c1d92d02295e98571fb2fc59ed526a2908c0a7f0ccb75c4b1c3b05a279cd3143b4c721e65c7cb5272ac3a08ee6d2b7f548c859bbc49ea9fa806596a97a1dab6fe6d2cb58351b28658fbb23ad4c43a9867544abb72fbc69f08750f0be394088e5baefcb96815b088a3bb018b8d06badb4e25e8b9f8e6403c4d40fb1f7ca6c4a6d2f5d6fa04c7863703b054471b500b85b518545535653e5fbcee2c6622fd0a6"}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) faccessat2(r3, &(0x7f0000000080)='./file0\x00', 0x101, 0x1300) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b5b073b39380000080000000009001000000000080000006d34a54a2939b629b3bfecca0d9db06b8e52c6a636604f5aa1fb8020dbef1db51d2369a043207b83cc49fd4b4f16d02e708d52c200a157058e937a2c0603ea7bc7f3880878b3c4c7bd075d603eec5c48193acefcf2be69e2f2487e5c1d9f590c2a9e9f4db537a261f8b232d018d9646cd6893cda6a6b4d6a1d9a201e30281897f21a18e68fc147ccfc041d9a7ee87b691ef36d8dd79c71175e2cb6e0bf4b2ca0b7448b71f22865fdccf6cda5dd0c67ed26188e59d7d6d1ac7d8779bb06fed747e98e7c915b71de1558599bae4787fe4324c9"], 0x78) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000140), 0x2, 0x1) 04:00:10 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3, 0x8000}], 0x1) semctl$GETPID(r0, 0x2, 0xb, 0x0) 04:00:10 executing program 0: syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, &(0x7f0000000140)=0x3, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000100), 0x19c, 0x400040) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) syz_io_uring_submit(r0, 0x0, &(0x7f00000003c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x8, 0x0, 0x0, 0x3, 0xb, 0x0, {0x0, 0x0, r6}}, 0xff) write(r4, &(0x7f0000000200)="a0f31e4fd649ddb9b1cf221b0a", 0xd) io_uring_enter(r3, 0x8cd, 0x54b, 0x0, &(0x7f00000001c0)={[0x1]}, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) openat$cgroup_ro(r2, &(0x7f00000002c0)='freezer.parent_freezing\x00', 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_setup(0x205728, &(0x7f0000000240)={0x0, 0xe309, 0x2, 0x2, 0x1eb}, &(0x7f0000026000/0x2000)=nil, &(0x7f0000112000/0x3000)=nil, &(0x7f0000000340), &(0x7f0000000380)) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) 04:00:10 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000800000000000800000048"], 0x78) 04:00:10 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) syz_io_uring_submit(r1, r2, &(0x7f0000001980)=@IORING_OP_WRITE={0x17, 0x3, 0x0, @fd=r5, 0x2, &(0x7f0000001900)="fab81b8163ea72d16ab840a20c00aa6eca8ff153e19a9c641d6380de398a405c980e92a146b4b23f696c742225db1d90a264c72bac455e9c9a0429d3ee57594c1fe29c914af526b2d274", 0x4a}, 0x2747) io_uring_enter(r0, 0x400450a, 0x1, 0x0, 0x0, 0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r6, r7, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r8, 0x0, 0x0}, 0x0) syz_io_uring_submit(r1, r7, &(0x7f00000018c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x96) r10 = accept$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @multicast2}}, &(0x7f00000001c0)=0x1c) preadv(r10, &(0x7f0000001800)=[{&(0x7f0000000240)=""/49, 0x31}, {&(0x7f0000000280)=""/110, 0x6e}, {&(0x7f0000000300)=""/158, 0x9e}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/225, 0xe1}, {&(0x7f00000014c0)=""/138, 0x8a}, {&(0x7f0000001580)=""/221, 0xdd}, {&(0x7f0000001680)=""/198, 0xc6}, {&(0x7f0000001780)=""/23, 0x17}, {&(0x7f00000017c0)=""/10, 0xa}], 0xa, 0x8, 0x9) r11 = syz_open_dev$vcsn(&(0x7f0000001ac0), 0xb627, 0x204200) sendmsg$unix(r9, &(0x7f0000001b80)={&(0x7f00000019c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001a40), 0x0, &(0x7f0000001ec0)=ANY=[@ANYBLOB="1c08000000000000010d820001000000f0b4c624116bfb2e7751ec7577a6e4d8ef01dccc4909c3f85704116e6695a7f66326f9019ab4fa4573e32106276095715e364f857ea3238fac06b88399422104b4472b56d5aa32640e63ac74c35017f4b24a2878cf3a86125ab72f10cebba24f14c3e716eac0cba6d889160e6d7188dd005797a482736e6564beba70692d726d63e926c165b79529f80abf2fe8a3fa794f0cc83ca41601050128e67e255ecc53c5ab61666ae444cde340003b843cca34f01857909d589895c6de3e15290ad95ecb0de4814cd684f9d26236524330e948984f2be46819f67dbab2414d76bac85355fc0c32917409e8a9bae789", @ANYRES32, @ANYRES32, @ANYRES32=r3, @ANYBLOB="000000001c0000000000c1453fbb4118d76e41d1cf6926e59d0000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000034000000000000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32=r10, @ANYRES32=r10, @ANYRES32=r10, @ANYRES32=r3, @ANYRES32=r11, @ANYRES32=r0, @ANYBLOB="4311a58c385e7e41f0fdd98c25a11aeadcbb1bfecede19039eecac25b1e1cc534b75f58c1c819920100d9e009abffd1facea09f528f6e6f5fc7103c08c745e3784bb8c15f8162f6d1d8f3344ece5b86deeb2ae625d4af2167d471c6536cced7397a026cd8139a5b443d8f1c8bc29c985d67903901602996f934f8694229845d86c63be66a8035aa14c61cc7db00023f39996862cdf8c7b45e61c431c8acc1c899136c5109e3c1faa00205a66902185d06acb616ceaeb7173fb535db00f905faa574f125f9ab5d7ae23607c14baf41ee2871ee0d5ac6dd3010e2b9ed180327901ebf1ecfc6e0d5946cac5145c1f4d60575f1ecb085d3262b3cb0e4899e86f22ef674597493f752bcb1ebd57f0e9e967e64c2ac4b3c562df7fa916e4ef20a05dda2465b8ba034a86"], 0x78, 0x84000}, 0x24062004) 04:00:10 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r5 = syz_open_dev$tty1(0xc, 0x4, 0x4) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) r8 = syz_io_uring_setup(0x7463, &(0x7f0000000180), &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r11}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0x81, &(0x7f0000000100)=[r4, r3, r5, r0, r0, r3, r6, r7], 0x8, 0x0, 0x1, {0x0, r11}}, 0xfffffffe) r12 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r12, 0x0) preadv(r12, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:10 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000240)={0x0, 0x13, 0x0, 0xfffffffd}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:11 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_setup(0x3c88, &(0x7f0000000240)={0x0, 0x1577, 0x10, 0x0, 0xa8, 0x0, r3}, &(0x7f00006cb000/0x1000)=nil, &(0x7f000071d000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f00000001c0)) r5 = accept4(r3, &(0x7f00000002c0)=@nl=@unspec, &(0x7f0000000340)=0x80, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000001c40)=@IORING_OP_SENDMSG={0x9, 0x1, 0x0, r5, 0x0, &(0x7f0000001c00)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)="46036d948ba46fd33722d8b7407f64fe411931aa7f9032c7578a64fb6736f7d32693b8db130ccf892641c25ff05026104746aca6f6fcc80ccb13985359b01b6ff49d9dfe20f9301a47ef2ed621e311c07aca4f134f949d281af09716019d873c0a780ad37cd4dc2f4f65e327d55749efce8a5c552472e287990ecd5474a432f46fc1a8602b021e8a2a45f1a1b68cf896b2f5cc71c4247ea3c34e6bc3a8495f90e003f219f0c27787770a9a82a9d3c41d0f11cd27ced43c10d1", 0xb9}, {&(0x7f0000000440)="20331f2c8a765a12fc2268aa78a2095323ab52a19db7702efea42e25fa87dd6c762efa43b512741fd3d2793e45e63c9a4371dd74e0d42836e1c65ef7b0d973dcc2f98fcc1963e125f51b6bfc2d115fee392e3b3de2c7fe9c5243db5b725bc23493f75d9f66e9ef8e381176cfefbfcd3fab2ffde39a10e0c343bad5b938580c22a19d82bb59099dd949cef7f02369dbffcb13befea0751bbf1fc338add29874c10ba1a7e0456c", 0xa6}, {&(0x7f0000000500)="a146d42000da546edb7e21138298f4e91eb69bae4f52c2d5bc315b54cac507b76e6feefbbe47d1a97a498465fbbb444c82681539312bc5c8f2ed96ec4fd96caf752e8109c631d571d64771ffd7c1b0055bfd76cf3af64502457b3585a1d25c2749ceca5f8a12dfea2f514a84bee1dd22e575ecc9a81d53948adfcd8502b2a90bad6d6e6e48bb1f96c5cd92cf2422f4d7d8c0ffc50df6fc85443002bd84aa", 0x9e}, {&(0x7f00000005c0)="5133ff55762a5a21f72a1c42be49ca7a41347240053ef20b2ce35f10028322afe1c2029590de8487d53840447e33a78c118610b0ab947f31edad7c4c4bc5f4d5d88f54015224ac7afb5598071e029dff3fcba42651d38994cc04020e0aa7648f966fcfab50b4406fa0e8fa7617465dd0689d5e85fb418b66aea5b4cc5dab01b9a7dcdc70af4213fbcd78a20071bc037f7b3b019311a081c5e93d2202fadc3e7c9cb00568084da8dab367613b6229004d9e4971a1dc3273f91351ea09ab3d85e18a4ddcb262cc9c4b344ac0e1f7f6cf09d067d92cde86841d24c00c2c1f0de041709f32ba", 0xe4}, {&(0x7f00000006c0)="8c2192c3527376cd895130bdda0c6468f655ad95c23d12b74e60370a608fa0cf4a623f138bab78784af423a70ffb965e7a4e82a07655bb6c3325bad77c9429ea44acc99bd03f002850d5dc4ae001060c7eca8a4ab563520520ca576d4d4bee055da5ce81a5822c8c52cd8868c8dd141e3b4615b87a2c131e09fb6cdd03148b02c4d1aecc00ab5cea3fea08cb92dfe3ab9e0e06d2ea054f58d4a0575d2cc4a671884949b5958fa166d672e035e99250e095b726823fd9ba8afb709fa4dc93ddb340c48ab33ec2199f762a6f49792913ef50bbf8d3280800cb4721bf494cf54b", 0xdf}], 0x5, &(0x7f0000000840)=[{0xb0, 0x113, 0x5, "2f743888cea7881586e9ae653ff7cb2621fd8801cda289bcc8716c8f4856a9d15e7f11c5cc230de19dbe23ecfc0b5af6eeb07d3bb06755855673426db5c52f7200a692e54b7fe7e1e6e7d2c2471553aeb9eee6c6afc4d240825478a0e220ee62f4d028b4ca1232cb4d794aae95bf4324060098ccda109aae6ca93a2ac62090646349d133355f62522c499011dd85cddddef337361566625777c4f78e5f"}, {0xe0, 0x1, 0x10001, "84cd0ccc02ed9e5b70646b81d64f4b501dacdb6a5bb00808c043d75f35c695015b84763f66c7e1870d3fcadbeb4f2ea04177b9c9c714c5f6af1c717f44c699bde526a936e6fa1a992d6a828f39b66fea6f66d133e48044448d81b1bd97cff3322eff4d031859a94c718734564749898642ec2de17af95f38c17f4dea0ac58cb6a4afe92bf95c12d9ab28ec7933844944c6bf708a457dfbd22124774e02515e3093f824f702a1e2d4cd43de1a9640c9d8dcb7dc92aeef808d407303ea6fd1fe608f34b9108152a8acc7afb5d55cd6"}, {0x1010, 0x112, 0x5, "6b698e2288a65cec7f61898bfd2af0f404191b957573edfda5c2da06012ddcd97551b2849707d9ad32302bb31915ea400c2c4b43f84401ffcfac1ee1a94cce9f627de2350b2004aea323cda6c1c8fe54f7c6a07d2db76c182ee7d644c7cf8fbf9c2b7b11f1a4ca5bb45f80b535a417da81b2e1432e10c74419d066933fb18cfa7dd90891960ba07539c83a718b42ac08ebff09fb064d6583d395d6bfe44d423c9d521deb7dc9896340cde79d801ed5f21575bf1275bd034ed04426139b42d53bec9b79a77207ad5245920692498ec9f11e2f169275d6d45cc4ef33a0309fd0570d561185a3abc7b28642f6d45ed5107e154140a6732c9970cc1e7d10ba53b027be8d7cd8e33d734361b043e05abb6bceaea619f5770dfcd02fed164fbb6f2a9686ea649b7c5759d5d06709f05aafe6cbbf3c007656d8892d25d2124ba17c0aba69c0f65d75c3917b4a7e41de25ce53ce372e57f3cfba8daee9cde9ed36262c47252afc00e07fe3b6a83fc55c11a5ae82f7d241e174491b8e5342bfbe23e28759e117e08974eddf4b11269c6881dd0dfc5ee85adee0e15cbd2215339522944a6d4cc35e3fc29c4ec0074ad43c87c5d5507b672e093bab6acbdafa96afb14615850f86f404d90e7ae874797a0c0db6db03a56f2ab25de1f11db816c6eb138dd35772cfecae626808035c12f24cfadaec42de41ac58cf2d31099fb32370cdbe0dd1fd632c4a6cffe23d20b54a766ccd2d5c50aa07b05d2d813a02d23a895d558e8df326f41b47d63d90c853e519f19d44f8da6404fadb462f368dacf9b8dfda3c273ec327704755381961dee3949e4928d16a1e955333f90255c21f7d075b44ffbe37c550df992ca70c107359e617271a316040bf7173cd7d89788346c689ed7e23d4a956d9e84df64dbf7ef6d9d40e2394852c5ad8cd76edaff8300845b54f7d6f7a411e66fee590ffe0efbbf45e20e84133ed408cf72fb47ca7dd8e9c0c1685717bf6781fad05071f2b5bafcc54c8219637f0c92315a05294b8db0dbabe99b059ddae00c0bdfe572be5f388512dbf96be567ccbf3fbc7ebdc9832d2d7993d168994fc2d2922599071d78751a48fa2b02246bd75a1086f4eb28146c9e6b8420819f7c95279b70a7fc6cc096484172747acbc0ab869f21c330280fcf415b9c2f4514eebeaa8a5a3f8b6788380588def5851697e6a9a9ce1c50538deef9ee84f71e65fe7f77990a73c640506ffd8c3c613ad6451bbc7ec96fdd6f926c2145642bea01bc5dc3cc9cca34df08273a07570b93e60d420acb2727b1c20d2ca9755dec98d547c8ad09c5ff1372e3a0e2e14081eb49dd134ee208b947acdcadcf21a8b680e6b2fed200bdae55cbc6c39a042ba997c43bdd7ed68c9945a61eb1ad3afdc2102ae187a3e11f5ec64bb55448e98cb960e42388ce1a219bb79401889abe6772de281b5bb8e8f4987f2276d6f599c6e8d92f0c20668d58c256b6c6e3602eba428c0a93bc14eb08358c32cfc53d69c9446ae89227bb05ba82738dd92f47712ea7eba7ca9b81ad1fb1f8f147348eef0a504d393fa43bad6d7ad976a9cf44d169bc056b595c9d69a7e1fe5ba83555b6b15acc291669754a612e13f363f8f5d2e525406d4586d029d2a27c52ade40b3b19a3a98051fc0b882f80330f9ea3b527bb297f70187446802eb8bddfa046668e07eb033abeacfbeca9eb4b456ab416a7213c6567aedb1ce1bc798a4ed26b0f41934bcc94f2aa161ee89645edf0232c38dc1de6d259997c03a5f1753d858c4eee1d270a72f09f148b4fea4e595c39bf9de153a114f609e8bc732199c68fc0de7cccfb960d0c141b2bd43c62fd0b50a7b6f22e0098869e2b46edcab50c71b3a8acb0c3b5fb0725ed6ef0318119e3ab711704ced235c8ae339aeb2d40d2b66e42237a8a9d436489db4e2bdd7b8c2e74ae22c072e99d0c12466136749841ebb4184f0c7bd07132a37d246e931a12c83690d9e742fa38be3df4e5e25d9ae489bc4a68475ff10108cc25f1fd02ca7c21ef4f975a5ec8883efc8665b7baf7bb47a43c941d30300766b22e049c8f0c4bceaa34fb752640f1aa26360650702b9ba5584043185c12ba735b59e65189e91cbb03a0736d7d5d78e2b676a2d91d654e052a2a83347ff3e4146464932b57b3826a3ef1accaa60c423bad98da7a635d21fa3f2af02fcc9d8e2844ebf175bace66645ef287334dd2490bde24d8da2a0829c0a554c36099e23c660564a7d03360d3be1efe966ed0fe9782ab070ccdc67d466e2c84fdd075b305be96b8553692c1426b411ca9a648b2a8af2d62cfd6aaffe253240e751b9991f5cd62af9f338d2b5f255be2d2818876643d579e8569eac5e9d7f5a06a2e423b8c607933bf7865eb7413d13d69102307cbac9a7945a3e60411a0b0de49e7a798083c7a99e3d08131918a8c85964022ab8964041bd5f68adaa4711450f646414f576b2f70a72474639f94ab2b257858c9584143853c88cdec86f0b64eca2706fdaf74ee3ea6331c2d03f1ca51d5aca3e01c686ae4934be93753c8d0bd0987dde0baef378a32b5b5b8b7e610d65c2c95344c694536987afff9a0d1739085d2ffd2c4f311ed0d6f1007f84cfcde30d1476c4bd5e2091a995570f6600cfd0bcd6943ff26973656e70c1fc9802dca7641718ab90fa7433b86c069511339cdd9a53c55ceccba49470c3997fb430adb00931c222893e8a98d59f8999d12cdf8939647838d9a1ac68eb6eaf4a985491cb5290078042aa4141edcb94891d26604b7f3ad766c4577d895132f6222865ed39ebcd144942a72dbd05868c32d45a2cb821220a3ee3ce1287a69109da2eb11ee3839308a0d9560155304cf68fd4bef1372756969c2146735723f533a0e76404d9918ff9f2c9c0b53e6512ac764b82e5e6f15ecbb56ce867f71124824f60dfdcc322fd8df9ae1253deaa2e1516e102663eea83f4fb797b32b8822540ca4a471f70df32078c57b69c4c62ad46e1d22677002a0d53b80a04a7534725cd7db2551a9c7b1c9ab8f9ccf61a0ca343e0a08ab1dea42ef0fb2fdfb98b8e64536dda005c0f1277775519ce183236104536890a7ce4b9a8548982e089089c0cadc57bc0164576494df0638a1278445242162d61a46ed2aec06369ae2f94ab19e0ba3e2ff1faaf0b6561589b847bf300301c54684c3ff385ec701f6ca020f6d83c7f87938755d0a9894d135cb6682652efa75989b7c1c8a74bcea86c91f8dc8e0338cde895823a57d25065c9dbce9683374eacf548a3540b0f7dba735ef247782cc51e13dc4ae91b1762f5aea5c660bfcfca60a5ef402737f303aba61cc626f1670f6094b5bdc47718780fb2cefb4460eeb0d6ae33c1e14f0dffdb3ba0007d247d85fe7744d2cb690e193eb84ddc12da9a090abe26b31a592849ab726f2276672fc242aeef74a8f772b68f8348413b8eff60851409b93f10a4c787389fef233790ca0557ed8af82f6c12e7a371339df31b13c54b91d31c0b884059d6f080e9064fdb1909080886eb5a505edee1e801b2aff2eedb0d8b4e7567512dfd2ff43e8d80e54c02195570b5a775afaa0576c07f720dac661cc1b948e262efc0c5a1d7d69d87fcea540a51d0278e78e9ad7fc47018215e2d3314bd11be96a8e3522c008ca65fb39a2f347068545225e7306479d3aa01204bcbfd6cf359fa3007364b586999fe7b7f8973d42fd7cd5aacfb4c121d803ccd51cbdd135a133abf830af2f17801d514da88c550da42d7bf907906122a9ac907e45e3630971e7b01a5b05e009529fbe9e68149b1a752d75cfe501a508c7e10c5a8eddaf89df2ec32c23bcb667b594aa8a484e9ec479cfc7d2485019c6a1962f17c5718974ce777178ff7b9586a70ce68e0e70cf0b7c3810c4ff0fc242de6f065cae8ad3776e68a2f176a6f4d551f89f34aeb1f02c6ca8120462f660584c30aefc9e6d2fdc53f2a5639b2a1826d44edcec2ac930a073945ed013809f41aedcae9a05827b81134913ca87e5899a52a56504f28e220227316322c5e462d30a9fac8ffd922b95dd974bec608263cb5523194a7a09ca7f5406d57e7705d9e4811f2873240521a1ffe7f39eca5d8db15554d2462d40535e5aa79039a52a07628c6adcb5d7eddd06058fc4b1d83c07e3ef0b9dce42e485247f91429a66c101ed05f89a0d927a980a5abfe7d78c4770bb89bdea47a65b1511115029e01bd7f2b552c2ff9db656538f94677371e2403251aef18d9354f2382a6652530646b0993f3747a8c8f94016519016ef37c71676453f0299e553f90a5a92d760d7858a5fe4cb5a49efc042a2fa78d51babf35539e954fc961dc53df016ad826cec76d4f949e800a385f96c99e9348921cdd81220f44f506d3f1a9de13126292701e90800b489819325eda76578773a01461219dd4ad16f5fde15549d861d3891ec33cc8a6afc3fe98b1685ae589582f2d1c8947333bd00ddddc3c912242ae7669e76b6a48f336b37b57779217f37c535c56c7522c1c887a47fa91ee4625b27de47b82fc94293f1004a7e19b3bab42291b60f2c47ab7cfda082a4cfbd8587205ab79c5d6948bf569306f57790b654bd586a8f3aef72c2a410a81a1b6407bd10508b024372dc0e3f7fc386c7fbaa12166cbe0c36c9ebdee5e610ed846a9b8f15d6d4496c2f3e264b5d18c2f372d98955f384843bf2157965d4923e5f072cca30b763fc0d1bdb8f84046b9f5eb2be9e1efb6c581c6ba056ce9ea206c8780611455e10ddaa64ff6345ad1bc9fe055fa9c92a9da8eddd52ad28b631d7edd3c220994e743c8272198b705bee3b4530f178b29c3d165bf35ea9d91c1454473611ecf463066267d612005b9ad3604f5a356d3eb1fe83f050f734a8702a33a97b48a0aae80ba9cf483d516517a201c4b4c20997043eda2bfb2e75bd4b7a54489917c1999118cbd900c8baa570d497c661bd7d8abf15051a0ecead919cc04758c5eb6de4f70d84869d7bed9f59e885f721699771c238b71a3751e7abfdb2a80bec7b3b54a0d37f1e23cfe478f3789b758eb54b66fd531bca17b8fc10830373e8048439b3461f6c76f144d868f39af891eeab844da299a42e6ecadd0d27695dc7791900f115421cf15ba2e80f9787e22d1a181d008d153743ffa4020d3af104d448a8270a90b027f8c2a8acf71876747ae84c974c3531c9666bc716118e112c2b5bde73e59f13121f95db6f4d6f1580ee306aab0eb23b28936c25626d9ab5715170705e84309af684b4da88c7ce6dd19921f282b1e10a15771a199cb1333d06af4ac1faab8347fb6496e75e6f48520ff2913eaac47b69ad3f0ccdc99873349da9fa8c94d41925dbb9a93239e547144968c80db093ba5372b75865f3921ef3077a597c8165c98a68805ccb52f7f67bdc6bc6a09ddd1ab00fc6c990bd850ba838590b15e5a62e99b08512c70f9f17888b049e6941921dd54a5bf9b3f8e9011db65c999bbbe4d8b4ed170a7cfa5cc0ae2149618b2f7daf1188d6dd2a88de10750c4cb8a92de3d4d671668225ef6f160df477adc20e2a9f14ec2a1e3c0e819946d58ba7a28d5ea0314ed541eb5b1a8d1d6fdee9e9ed6f41e72f7dbffca9fdff75de08e451bff92f8fe58d82df7b1f7964a376a12a498921e988d3d752033f09964bb56b429bc1262d8c97909589e89f7e723790c37486e8a9a3feb340b06a739ca946147e330ddaddd183511d29647bd383e7ef57cb56c29d262cb0dddaba0f7acdc4b178a8989f6422bae4b9cb0b3410c7bc3c6313959493b653aed288ae724ab47573883a3ee"}, {0x48, 0x112, 0x5, "eaa067890a4bb23a3bf53b058ac6f6ee150f00c5e389fa26be7c7d74352d19704d7b6211d7e2d9fcf1478f218f80f78aa0dc4acdfd05"}, {0xc0, 0x11, 0x81, "204102b46f090991f7e36726289e6090be775443a0b9bdd6ee6a5021c81d8c4272bf02fe8446fbda02ee87273dae4e8f7faeb02b16ee87b10a7fc3175e192f81101523d0e56d3d52194dcb6108e38ec1ed824da3959d25b7c84591bb57e1123f2029ed102ff83f86ea6b71809cba9de0614a91399fab949da229e2f70047ad9a0cf7cf538f3614da8c37ab419ed3504684debfbf1c921db0739a5a917e113efc7443a99a2b4eb3cc4816b0e383ac0028"}, {0xe8, 0x116, 0x2, "1c0f0724d45a41e4ca5a8831595de591cb962f74d5926ab5cb9da96dd5cf18d959fb0a8d7a95ea090088c1259b44dcb795255d9016e544796d70886102befdbea1f63ebd460ae5279ea8050e4f93d6456af248f04e5a0e7aa3eb4f785a3602f1d5e0afd9e74624d8993298467859167dfa61fc2de725fd310c8d4d56b7a3a9a7bb910a524566417688a243a35c5a5a9861ca6723e5b914ef537038fcd560b10f3f2b40505e6be1cf2c3ff2573f0877b05e2529af9b8d67f513f0241d4d5e3b9c13435799a83c7f373fb0ac978793674108d955"}], 0x1390}, 0x0, 0x800, 0x1, {0x0, r6}}, 0x5) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:11 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b3938000008000000ffffffffffffffff0800000043"], 0x78) 04:00:11 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f00000001c0)={'syz0', "268b6d953c8cb7cccec4e8e80b0861945856c2f6cd4bab14d24aa84a36d513e58a3e9d46c53928b21cab2e8f333f7b9a853d6ec873935dcc8910d305fb16a3c379428ecc44183567c9a0e01ce33613cdf9af2e2d73c7"}, 0x5a) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) mmap(&(0x7f0000692000/0x1000)=nil, 0x1000, 0x3, 0x50, r0, 0xf3caa000) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000240)={0x4, 0xffff, 0x400, 0x0, 0xe}) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:11 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f000054a000/0x4000)=nil, 0x4000, 0x3000000, 0x10, r0, 0x8000000) syz_io_uring_setup(0x1ddb, &(0x7f0000000240)={0x0, 0x42d6, 0x2, 0x3, 0x3cc, 0x0, r0}, &(0x7f0000232000/0x3000)=nil, &(0x7f00001ef000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000001c0)=0x0) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r7, 0x0, 0x0}, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) syz_io_uring_submit(r1, r6, &(0x7f0000000300)=@IORING_OP_POLL_ADD={0x6, 0x1, 0x0, @fd=r8}, 0x3f) r9 = socket$inet(0x2, 0x4, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x3, 0x0, r9, 0x0, 0x0, 0x0, 0x40000000, 0x0, {0x2}}, 0x80000001) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r10 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r10, 0x0) preadv(r10, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:11 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800ffffffffffffffff00000800000048"], 0x78) 04:00:11 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000140)=[{&(0x7f0000000040)=""/3, 0x3}, {&(0x7f0000000080)=""/83, 0x53}, {&(0x7f00000001c0)=""/23, 0x17}], 0x3, 0x3f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000010000006d"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000100)={'wg0\x00'}) 04:00:11 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) semop(r0, &(0x7f0000000000)=[{0x4, 0x0, 0x800}, {0x2, 0x80, 0x800}, {0x0, 0x3, 0x1000}, {0x1, 0x6, 0x1800}, {0x0, 0x6, 0x1000}, {0x2, 0x8, 0x1800}, {0x2, 0x101, 0x2c00}, {0x3, 0x36c, 0x800}, {0x0, 0xffff, 0x800}, {0x4, 0x40, 0x1000}], 0xa) 04:00:11 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r4, &(0x7f0000001440)=[{&(0x7f0000000100)=""/13, 0xd}, {&(0x7f0000000240)=""/143, 0x8f}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/72, 0x48}, {&(0x7f0000001380)=""/130, 0x82}, {&(0x7f00000001c0)}], 0x6, 0x1, 0x8) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:11 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000800000800000048"], 0x78) 04:00:11 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r1, &(0x7f0000000000)=[{0x2}], 0x1, &(0x7f00000000c0)={0x77359400}) 04:00:11 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x1, 0x0, 0x0, 0x0, &(0x7f0000000100)=[r4], 0x1}, 0x2) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:11 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$vga_arbiter(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="746172673a31382e6600000000e0eb0000000000"], 0x14) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000100)=0x2000) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) [ 1431.591191][T13717] ================================================================== [ 1431.599288][T13717] BUG: KCSAN: data-race in create_io_worker / io_wqe_enqueue [ 1431.606650][T13717] [ 1431.608968][T13717] write to 0xffff88816c434c50 of 4 bytes by task 13718 on cpu 1: [ 1431.616675][T13717] create_io_worker+0x368/0x3c0 [ 1431.621529][T13717] io_wq_check_workers+0x2ef/0x340 [ 1431.626637][T13717] io_wq_manager+0xc7/0x630 [ 1431.631131][T13717] ret_from_fork+0x1f/0x30 [ 1431.635537][T13717] [ 1431.637895][T13717] read to 0xffff88816c434c50 of 4 bytes by task 13717 on cpu 0: [ 1431.645525][T13717] io_wqe_enqueue+0x414/0x4d0 [ 1431.650200][T13717] io_wq_enqueue+0x3a/0x40 [ 1431.654603][T13717] io_queue_async_work+0x174/0x230 [ 1431.659700][T13717] __io_queue_sqe+0x2fe/0x3a0 [ 1431.664363][T13717] io_queue_sqe+0x6d/0x160 [ 1431.668779][T13717] io_submit_sqe+0x15c7/0x30c0 [ 1431.673529][T13717] io_submit_sqes+0x61f/0xaf0 [ 1431.678191][T13717] __se_sys_io_uring_enter+0x217/0xb20 [ 1431.683635][T13717] __x64_sys_io_uring_enter+0x74/0x80 [ 1431.689011][T13717] do_syscall_64+0x34/0x50 [ 1431.693437][T13717] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1431.699320][T13717] [ 1431.701633][T13717] Reported by Kernel Concurrency Sanitizer on: [ 1431.707763][T13717] CPU: 0 PID: 13717 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller #0 [ 1431.716518][T13717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.726568][T13717] ================================================================== 04:00:12 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000020000000000000800000043"], 0x78) 04:00:12 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x10c, &(0x7f0000000100)=0x8, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:12 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_FSYNC={0x3, 0x1, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x1, 0x1}, 0xf1) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000200000000000000000800000048"], 0x78) 04:00:12 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073bb9309825080000000009000000000000080000006d"], 0x78) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x0) readv(r2, &(0x7f0000001380)=[{&(0x7f0000000040)=""/183, 0xb7}, {&(0x7f0000000100)=""/123, 0x7b}, {&(0x7f00000001c0)=""/172, 0xac}, {&(0x7f0000000280)=""/246, 0xf6}, {&(0x7f0000000380)=""/4096, 0x1000}], 0x5) 04:00:12 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000008000000000800000048"], 0x78) 04:00:12 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80, 0x1800}, {}], 0x2) semop(r0, &(0x7f0000000080), 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:12 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) poll(&(0x7f0000000100)=[{r3, 0x242}], 0x1, 0x3) 04:00:12 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000404000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) r5 = inotify_init1(0x80000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0x8, &(0x7f0000000280)=[r3, r5, r3, r0, r3, r0], 0x6, 0x0, 0x1}, 0x7ff) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000560000/0x1000)=nil, 0x1000, 0x1000001, 0x80010, r0, 0x8000000) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r8, r9, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(0xffffffffffffffff, 0x232e, 0xa6e9, 0x4, &(0x7f0000000300)={[0x1]}, 0x8) syz_io_uring_submit(r8, r9, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r10, 0x0, 0x0}, 0x0) syz_io_uring_submit(r7, r9, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x2, 0x0, r6, &(0x7f0000000100)}, 0xffffffff) 04:00:12 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) write$vga_arbiter(r4, &(0x7f00000001c0)=@target={'target ', {'PCI:', 'f', ':', '3', ':', '15', '.', '10'}}, 0x15) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3, 0x30, 0xffffffffffffffff, 0xff000) fcntl$dupfd(r3, 0x0, r3) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0x101400, 0x0) dup(r5) 04:00:13 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x4b02, &(0x7f0000000200)={0x0, 0x0, 0x1}, &(0x7f00003b2000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x3ff}, 0x7fffffff) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x2004, @fd_index, 0x10001, &(0x7f00000001c0)=[{&(0x7f0000000100)="85f5dcb13c4d8385564def1bd46ac3b82c1ec0bc82e8f3d74bd582f6ca6ebbb356c600a9aa375e5025df07223000f8f9c8b52234bd9b029be95ecbe38db4", 0x3e}, {&(0x7f0000000240)="cf409af10ab041c5cd05c46980cd40ae4e28412fa1d76890358feab0d72c000af373522670f048d0e2409ee28d3bd9d49a17fdcdafd7009defccc9927fc9560f0faceb377d85281d215f52126cfaf7874a223a9e8af9989492f70591449348f12df9e5c7b0c5788b7d4cb3f90092cbea23ca1c1a1bb0400fcb4d3b64875fcc91050cfe79d9b97a489418ab351db2738fdc70", 0x92}], 0x2, 0x3, 0x1, {0x0, r6}}, 0x2) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000380), 0x10001, 0x0) write$vga_arbiter(r7, &(0x7f00000003c0)=@other={'lock', ' ', 'io'}, 0x8) r8 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r8, 0x0) preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:13 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000010000000800000043"], 0x78) 04:00:13 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000548000/0x2000)=nil, 0x2000, 0x1000008, 0x4010, r3, 0x9f55e000) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4}, 0x0) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) 04:00:13 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000800000000000000000800000048"], 0x78) 04:00:13 executing program 0: r0 = syz_io_uring_setup(0x15a3, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x1, 0x0, 0x0, 0x0, 0x0, {0x1}}, 0x0) r4 = syz_io_uring_setup(0x7463, &(0x7f0000000180)={0x0, 0x0, 0x4, 0x0, 0x200}, &(0x7f00003b2000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000940)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000900)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3, r7}}, 0x5) io_uring_enter(r0, 0x400450a, 0x0, 0x0, 0x0, 0x0) socketpair(0x18, 0x3, 0x4, &(0x7f0000000100)={0xffffffffffffffff}) r9 = accept4(r3, 0x0, &(0x7f00000001c0), 0x80000) sendmsg$sock(r8, &(0x7f0000000800)={&(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, r9, {0x2, 0x4e22, @empty}, 0x4, 0x0, 0x1}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)="538809a539cc6af6a3cd3725ba9ab540ba4ab9f3cbf64db67b8a3ea88980be341762ce60512ccebff25ecd002ab8cd336931f34013f7c957495b76caf6286eb974264ba20b69cec9c6649d270e9b23576497da20c5a747bac39ba8912c5e4d0dc12412c5200f60bd81554659f3914549601843fad06172ff0a824f7300144d15af79d3a3e0eae996b09d606ff53cf34d663e2100685f3ad6d749", 0x9a}, {&(0x7f0000000380)="40b7c2be38416ed3ae3e69bb47c7a074c57bc40596d95448e2126b6e7a11a8b85771fce0ae174b057b362a997a27013efa212195e33e213a90e05fb0aa4a0c1730fd795c64d63eea3c072a06b9f96942cee8fa6d70ce90ed9f14c836b135bc26ddad496cf343f7faae9284f650d117b5183dc50ea5af7a96819d4d3741afc560936e5058b71768cbcb943c82441cbe72e08fcee103994be6794af01e45703afa223f1856a4cf7e39ab8b5b4e4fedba5d3e199bb35aedfb6884f44b15795d9dbad985462280b1f5d005b71207ffff", 0xce}, {&(0x7f0000000480)="ef521ac09deb7e9a58f5d62d8a630b662022b90c77814344253bdabd59284498f53cf97d6555ea9e21a7040923ea89bbdbe8b7e177485ba0a6b357fbabb2e6ebe8ca54700742fdba4bbd07988cf50e507ac7318988dff9938aa0c58bae095367b67998613753a825fd87304b61ad54abb26f813a9015bdfc5a6fbe02b59e0dfe2c6a18916c4879c15ea5d4734b805f12f7ce9773352b4c0a1e730574a6d40104fd9fdecf05e7e24fc515e188d319e210ad7758f881ee34162b25674360e7fa24cd9f69fa9fb88697076ba837c5b3149d0c65aa683ff79ae1aa37bc5a9d0d39f565f12cacc715808812f17c8fd805ed2fd96c24bc0026c8d37b", 0xf9}, {&(0x7f0000000580)="9e1838701a4091db747dec1dbc339c46a889afb02e07b5e821ee174d594b53a42db41bd99a8a53ad4c8a790d9c6f9751885050b2516a63442071beb867e70ba2313286ac133f7f91023cf0a2", 0x4c}, {&(0x7f0000000600)="ff8dd81034f8aaef673527525e77cc124df180865499dae0748359416c93942314feae1ea07c65f36c04183d92bbae2590bb56e947f819ada33bf874f7d232b8cbd683dfc5c1eaa25aff40f6b72a1a", 0x4f}], 0x5, &(0x7f0000000700)=[@mark={{0x14, 0x1, 0x24, 0x6}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @mark={{0x14, 0x1, 0x24, 0x3}}, @mark={{0x14, 0x1, 0x24, 0x100}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @txtime={{0x18, 0x1, 0x3d, 0x7}}, @mark={{0x14, 0x1, 0x24, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x81}}, @timestamping={{0x14, 0x1, 0x25, 0x8b}}], 0xf0}, 0x2000c004) syz_io_uring_submit(r1, r2, &(0x7f00000008c0)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, r8, 0x80, &(0x7f0000000840)=@l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4}}, 0x7c7) 04:00:13 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000008000800000048"], 0x78) 04:00:13 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b5b073b3938000008001400000915c17140522f3dcfcb11bfab1d"], 0x78) r2 = fork() r3 = getpid() kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, 0xffffffffffffffff, 0x0) syz_open_procfs(r2, &(0x7f0000000040)='net/ip6_tables_names\x00') 04:00:13 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {0x0, 0xbf86}], 0x2) r1 = semget$private(0x0, 0x7, 0x0) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r2, &(0x7f00000000c0)=[{0x4, 0x97f1, 0x2000}, {0x3, 0x4, 0x1000}], 0x2) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000080)=[{0x3}], 0x1) r3 = semget$private(0x0, 0x7, 0x0) semop(r3, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r3, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r3, &(0x7f0000000140)=[{0x3, 0x8, 0x1000}, {0x1, 0x5, 0x1000}, {0x3, 0x7, 0x1800}, {0x3, 0x4, 0x400}, {0x2, 0x3894, 0x1000}, {0x2, 0x4, 0x1000}, {0x1, 0x7, 0x1800}], 0x7) semctl$GETPID(r0, 0x3, 0xb, 0x0) semctl$IPC_RMID(r2, 0x0, 0x0) 04:00:13 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000020000000800000043"], 0x78) 04:00:14 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000100000000000800000048"], 0x78) 04:00:14 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000080000000800000048"], 0x78) 04:00:14 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r2 = dup(r0) lseek(r2, 0x0, 0x3) 04:00:14 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000000)=[{0x2, 0x7, 0x1800}, {0x0, 0xfff9}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3, 0x8000}], 0x1) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000240)=[0x8, 0x1, 0x0, 0x1, 0x49f, 0x2, 0x76, 0x3, 0x80]) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r2 = semget(0x2, 0x3, 0x302) semtimedop(r2, &(0x7f00000001c0)=[{0x0, 0x9, 0x75951ff804157bbd}, {0x2, 0x9, 0x1000}, {0x2, 0x3, 0x1c00}], 0x3, &(0x7f0000000200)) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETPID(r1, 0x0, 0xb, &(0x7f00000000c0)=""/254) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:14 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000200000000000800000043"], 0x78) 04:00:15 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000200000000000800000048"], 0x78) 04:00:15 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000080800000048"], 0x78) 04:00:15 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) fsetxattr$trusted_overlay_nlink(r2, &(0x7f0000000080), &(0x7f00000000c0)={'L-', 0x6}, 0x16, 0x1) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b39380000088000000009000000000000080000004af3787c99bf6d"], 0x78) 04:00:15 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000000)=[{0x2, 0x5b7, 0x1800}], 0x1) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:15 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80, 0x1000}, {0x4, 0x81, 0x800}], 0x2) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000080)=[{0x6, 0x0, 0x800}, {0x0, 0x5, 0x1400}, {0x5, 0x101}, {0x1, 0xa2b0, 0x1800}, {0x0, 0x1f, 0x800}], 0x5) semop(r0, &(0x7f0000000080), 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:15 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semtimedop(0xffffffffffffffff, &(0x7f0000000000)=[{0x1, 0x7f}, {0x0, 0x1f, 0x800}, {0x0, 0x3, 0x800}], 0x3, &(0x7f00000000c0)) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 04:00:15 executing program 5: r0 = semget$private(0x0, 0x7, 0x4) semop(r0, &(0x7f0000000000)=[{0x4, 0x4b, 0x1800}, {0x4, 0x42cf}], 0x2) semop(r0, &(0x7f0000000040)=[{0x3, 0x0, 0x800}], 0x1) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r0, &(0x7f0000000080)=[{0x1, 0x1, 0x800}, {0x1, 0x2, 0xcf08529e2f48aeb1}, {0x3, 0x9, 0x1000}], 0x3, &(0x7f0000000100)={r1, r2+60000000}) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:15 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) r3 = socket$nl_audit(0x10, 0x3, 0x9) shutdown(r3, 0x1) setuid(r2) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f00000000c0)={{0x0, 0xee00, 0x0, r2, 0x0, 0x5, 0x78b8}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfff8}) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000)=[0x4]) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x1c4, 0x1, 0x9, 0x101, 0x0, 0x0, {}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x2}, @NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}, @NFCTH_TUPLE={0xb0, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}}, {0x14, 0x4, @private2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x35}}, {0x8, 0x2, @private=0xa010102}}}]}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_TUPLE={0xb8, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x32}}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @mcast2}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x5}}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x20}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1}]}, 0x1c4}, 0x1, 0x0, 0x0, 0x2004e812}, 0x10) 04:00:15 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000100000800000043"], 0x78) 04:00:15 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000100000048"], 0x78) 04:00:15 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000800000000000800000048"], 0x78) 04:00:16 executing program 3: syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000003, 0x10, r0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r0, &(0x7f00000000c0), 0x1000000000000020, 0x5e7, 0x2a) r2 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0) write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 04:00:16 executing program 3: openat(0xffffffffffffffff, &(0x7f00000004c0)='./file0/file0\x00', 0x200080, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='/proc/self/exe\x00', 0x0, 0x84) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000900)) fstat(r1, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_mount_image$nfs(&(0x7f0000000040), &(0x7f00000002c0)='./file0/file0\x00', 0xaa3, 0x3, &(0x7f0000000a40)=[{&(0x7f00000000c0)="1cca3719a6a2a62dd161a8802c100be4ea6f4c0b0bc61f4b40164ca437953e60af4336caf5f5234be13b06f70eef1a9bfbd2d89d570f00b5de4ebac4753348adb469dc8e80a36c075af477e1b7e29a2b1c9844b15847a12bff0aff1f395604c328d5473bf475567e503536baf0bfc23e793625dc5947cbff83801cca13ad4bbb8d75444e3adf5998a0b0011132fe5c92d432e85f4d2f514821fdee13f68a9cac07b09e135f67cdf8", 0xa8, 0x9}, {&(0x7f00000001c0)="5fba25cdd1d6dcd65813aed247fbb5daaba71ecd20e91efab5851f9337ef0c7fa43a82e182e99af223182fd5ab5ae69580c4845fa31fd51448a4efbd0df62e1cb75a955114d3748c394f85179e7964c74b8dc2214ce3749f621337c1fd3c7d3253f58bd3b2d9ae1da3c6cc7bcdea2ab8496fb09b79203b3e2edd358f092583fc460b9da1e0af8a14a15252e8eeea41abf38d69c74f9c949167c294bcbc505bb858dfe222d3e02046f8d6149fbf", 0xad, 0x3}, {&(0x7f00000009c0)="2923d3dc3b4151ece8efc5931e17db5b0c2c96a0b8ab5c6408f37c6d6894c0d0d2d397ccf3e6f2e67a734e1fecef95bd7349aab90f3b70ee51771fe4ea80585180869de1fbbc13", 0x47, 0x518}], 0x40, &(0x7f0000000b40)={[{'}$\x01$&'}, {',-@^['}, {'['}, {'#*'}, {')!_/\xaf%,\' *\xa1\xe6\x1d\xaeZ\x00s\x9f\x94\x82j\x88\x1f\x05\xdcQe\xd8\xe2\xb1\x9b\xac\xc01\xcf\xf3\x1d\x1a\xba\xfb\xd3\xdeoPM\xd4\x86\xa6h\xd5\xd0n\x15\xe7L0\xbf\xc3\x86\xea\xa2xqi\xab\xd9\x85\xca;E0\xb7fz\'\x91\xa9\xa0\xbeX\xb7\b\'\xd8Q(\xba\xca\xf6^\"\'\x12'}, {'(]+\'\\\\'}, {'#}('}], [{@fowner_lt={'fowner<', r2}}]}) preadv(r3, &(0x7f00000003c0)=[{&(0x7f0000000300)=""/167, 0xa7}], 0x1, 0x8, 0x81) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r5) syz_mount_image$ext4(&(0x7f0000000500)='ext2\x00', &(0x7f0000000540)='./file0\x00', 0x3, 0x3, &(0x7f00000006c0)=[{&(0x7f0000000580)="61b247ccc109fed65a7a7f6a2f00357a6a959ba39d7f120598b07ab699bdf59e6e284ef7e6ca6491e9bc78af3b675b6355603323ffc4503f2473d9f664c4dab1", 0x40, 0x9}, {&(0x7f00000005c0)="e54694978b3e488717b3927f8cb040929751e66d883e5fbb2911bfb89f8ea3e7bd9b66db4e2bde7e700718fad472c7b14fbac0d0facb6aa32555e41bd7d70ae57143981976bf1344fce7f00fc4fbaf92f90c13d1e6b5397b", 0x58, 0x1ff}, {&(0x7f0000000640)="19a91ccdfdcce5be7e8ecbae3780629aa0a8c55a63c6ce9a662b860bc271a60770c03e6d226c02f487fc6e2b5e1961c4e1d798b02da3c238f6af8e57f8392f81ee0353db0ffe7e", 0x47, 0x9}], 0x102080, &(0x7f0000000740)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@quota}, {@nodelalloc}, {@journal_dev}, {@min_batch_time={'min_batch_time', 0x3d, 0x125}}, {@sb={'sb', 0x3d, 0x5}}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x800}}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}, {@nouser_xattr}], [{@fowner_eq={'fowner', 0x3d, r5}}, {@fowner_eq={'fowner', 0x3d, 0xee01}}, {@fsname={'fsname', 0x3d, '&'}}, {@fsmagic={'fsmagic', 0x3d, 0x7ff}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@subj_user={'subj_user', 0x3d, ',-@^['}}]}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) setreuid(r2, r6) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}}}) preadv(r7, &(0x7f0000000480)=[{&(0x7f0000000000)=""/61, 0x3d}, {&(0x7f0000000440)=""/63, 0x3f}], 0x2, 0xffffffc9, 0x2) [ 1436.089921][T13994] loop3: detected capacity change from 0 to 5 04:00:16 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) r2 = semget(0x1, 0x6ab9d8b8ad999636, 0x70) semop(r2, &(0x7f00000000c0)=[{0x0, 0x6, 0x1000}], 0x1) semop(r1, &(0x7f0000000000)=[{0x4, 0x3, 0x800}, {0x2, 0x20, 0x800}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:16 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000200000048"], 0x78) 04:00:16 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000200000800000043"], 0x78) 04:00:16 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000010000000800000048"], 0x78) [ 1436.856501][T14030] loop3: detected capacity change from 0 to 5 04:00:17 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$VT_ACTIVATE(r3, 0x5606, 0x2) ioctl$VT_GETMODE(r2, 0x5601, &(0x7f0000000100)) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCL_PASTESEL(r4, 0x541c, &(0x7f0000000280)) preadv(r1, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/12, 0xfffffffffffffc9d}, {&(0x7f00000002c0)=""/197, 0xc5}], 0x2, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) r5 = accept(0xffffffffffffffff, &(0x7f0000000200)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f0000000080)=0x80) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x20010, r5, 0x7708c000) open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100) 04:00:17 executing program 5: r0 = semget$private(0x0, 0x0, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) semctl$GETNCNT(r0, 0x4, 0xe, &(0x7f0000000000)=""/4) semget$private(0x0, 0x4, 0x2) semctl$IPC_RMID(r0, 0x0, 0x0) 04:00:17 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000100)=[{0x1, 0x1, 0x800}, {0x3, 0x5, 0xe1186ec27d99da07}, {0x2, 0x85cb, 0x1800}], 0x3) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$GETZCNT(r1, 0x2, 0xf, &(0x7f0000000140)=""/76) semop(r0, &(0x7f00000000c0)=[{0x3, 0xdb0f}, {0x4, 0x5, 0x1800}, {0x0, 0x3}, {0x2, 0x5, 0x1000}, {0x3, 0x6e}, {0x1, 0x9, 0x1800}], 0x6) semop(r0, &(0x7f0000000000)=[{0x0, 0x8, 0x1000}, {0x3, 0x101, 0x1000}, {0x0, 0x8, 0x1000}, {0xe1c4275f20df1124, 0x7f}, {0x2, 0x5}, {0x1, 0x4, 0x1000}, {0x0, 0x403, 0x800}], 0x7) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) r2 = semget(0x1, 0x1, 0x2a) semop(r2, &(0x7f00000001c0)=[{0x0, 0x73}, {0x3, 0x1f, 0x800}], 0x2) 04:00:17 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000800000800000048"], 0x78) 04:00:17 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000000078000043"], 0x78) 04:00:17 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000001000800000048"], 0x78) 04:00:18 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000240)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r4) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x17f) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0xfffffffffffffc70) splice(r3, 0x0, r4, 0x0, 0xfffd, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0x94) 04:00:18 executing program 5: r0 = semget$private(0x0, 0x1, 0x66f) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) r1 = semget(0x3, 0x2, 0x0) semctl$IPC_RMID(r1, 0x0, 0x0) semctl$SETVAL(r1, 0x2, 0x10, &(0x7f0000000000)=0x40) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:18 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) r1 = semget$private(0x0, 0x2, 0x0) fstat(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getgid() lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r6) semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000001c0)={{0x1, r2, r3, r4, r6, 0x80, 0x3ff}, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) r7 = semget$private(0x0, 0x7, 0x0) semop(r7, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r7, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r7, &(0x7f0000000240)=[{0x4, 0x2, 0x1000}, {0x1, 0x80, 0x800}, {0x1, 0xff, 0x1000}, {0x0, 0x3, 0x800}], 0x4) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:18 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000004000000048"], 0x78) 04:00:18 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000002000000000800000043"], 0x78) 04:00:18 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000002000800000048"], 0x78) 04:00:18 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b5b073b393800008710be8ce1c79cc7c65b0f198e080000000009000000000000080000006d"], 0x78) 04:00:19 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semtimedop(r1, &(0x7f0000000100)=[{0x0, 0x7fff}], 0x1, 0x0) semop(r1, &(0x7f0000000000)=[{0x0, 0x800, 0x800}, {0x2, 0x6}], 0x2) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:19 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000008000800000048"], 0x78) 04:00:19 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000001000800000043"], 0x78) 04:00:19 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000008000800000048"], 0x78) 04:00:19 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x2, 0x40, 0xad, 0x2, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5b, 0x2, @perf_bp={&(0x7f0000000040), 0x1}, 0x800, 0x5bcc, 0x3, 0x3, 0x9, 0x9, 0x3, 0x0, 0xc16a, 0x0, 0x9001}, 0x0, 0x3, r2, 0x0) fallocate(r3, 0x10, 0x3, 0x2) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 04:00:20 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) r3 = getgid() semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f00000000c0)={{0x2, r2, 0xffffffffffffffff, 0xee00, r3, 0x84, 0x6}, 0x100000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0xff}) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:20 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000080800000048"], 0x78) 04:00:20 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000002000800000043"], 0x78) 04:00:20 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000ffffffffffffffff000800000048"], 0x78) 04:00:20 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) ioctl$PTP_PIN_SETFUNC(r1, 0x40603d07, &(0x7f0000000040)={'\x00', 0x4, 0x1, 0x1}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000000009000000000000080000006d"], 0x78) 04:00:21 executing program 5: r0 = semget$private(0x0, 0x7, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x80}, {}], 0x2) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000)=[0x800, 0x8, 0x8, 0x8, 0x7f, 0x5, 0x3f, 0x0, 0x81]) semop(r0, &(0x7f0000000080)=[{0x3}], 0x1) semctl$GETPID(r0, 0x3, 0xb, 0x0) 04:00:21 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000000000004000000048"], 0x78) 04:00:21 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000000000000020000000800000043"], 0x78) 04:00:21 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b393800000800000002000000000000000800000048"], 0x78) 04:00:21 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6f2042, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b5b073b39380000080000100009000000000000080000006d"], 0x78)