fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) (async) sched_setattr(r3, &(0x7f0000000080)={0x38, 0x2, 0x10000023, 0x3, 0xa00, 0x4, 0x1f, 0x7, 0x2, 0x1f}, 0x0) (async) 22:03:54 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:03:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, 0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:03:54 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1a000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:03:54 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1c000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:03:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x204100, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000200)={0x38, 0x0, 0xc0, 0x77f0, 0xed, 0x7, 0x34, 0x900000000, 0x10001, 0x7}, 0x0) symlinkat(&(0x7f0000000080)='./file0\x00', r3, &(0x7f00000001c0)='./file0\x00') io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:03:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async, rerun: 64) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (rerun: 64) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x204100, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000200)={0x38, 0x0, 0xc0, 0x77f0, 0xed, 0x7, 0x34, 0x900000000, 0x10001, 0x7}, 0x0) (async) symlinkat(&(0x7f0000000080)='./file0\x00', r3, &(0x7f00000001c0)='./file0\x00') (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:03:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x204100, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000200)={0x38, 0x0, 0xc0, 0x77f0, 0xed, 0x7, 0x34, 0x900000000, 0x10001, 0x7}, 0x0) (async) symlinkat(&(0x7f0000000080)='./file0\x00', r3, &(0x7f00000001c0)='./file0\x00') io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:03:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x185, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x267}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x6, 0x38, 0xfffffff8, 0x15aa, 0x1, 0x1, 0x4, 0x8, 0x29a1}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:03:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x185, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x267}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x6, 0x38, 0xfffffff8, 0x15aa, 0x1, 0x1, 0x4, 0x8, 0x29a1}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:03:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x185, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x267}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x6, 0x38, 0xfffffff8, 0x15aa, 0x1, 0x1, 0x4, 0x8, 0x29a1}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) [ 2459.298680][T19136] warn_alloc: 1 callbacks suppressed [ 2459.298691][T19136] syz-executor.2: vmalloc error: size 314195968, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2459.320684][T19136] CPU: 1 PID: 19136 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2459.329463][T19136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2459.339510][T19136] Call Trace: [ 2459.342806][T19136] [ 2459.345718][T19136] dump_stack_lvl+0xd6/0x122 [ 2459.350360][T19136] dump_stack+0x11/0x1b [ 2459.354668][T19136] warn_alloc+0x132/0x190 [ 2459.358979][T19136] ? alloc_page_interleave+0x104/0x120 [ 2459.364431][T19136] __vmalloc_node_range+0x58b/0x690 [ 2459.369675][T19136] ? xt_alloc_table_info+0x39/0x70 [ 2459.374811][T19136] __vmalloc_node+0x61/0x70 [ 2459.379291][T19136] ? xt_alloc_table_info+0x39/0x70 [ 2459.384441][T19136] kvmalloc_node+0xd2/0x110 [ 2459.388923][T19136] xt_alloc_table_info+0x39/0x70 [ 2459.393908][T19136] do_ipt_set_ctl+0x649/0x1710 [ 2459.398708][T19136] ? __this_cpu_preempt_check+0x18/0x20 [ 2459.404233][T19136] ? __perf_event_task_sched_in+0x898/0x8d0 [ 2459.410103][T19136] ? __this_cpu_preempt_check+0x18/0x20 [ 2459.415630][T19136] ? xfd_validate_state+0x4e/0xf0 [ 2459.420668][T19136] ? save_fpregs_to_fpstate+0xf5/0x140 [ 2459.426130][T19136] ? _raw_spin_unlock+0x2e/0x50 [ 2459.431078][T19136] ? finish_task_switch+0xd0/0x280 [ 2459.436238][T19136] ? __rcu_read_unlock+0x5c/0x290 [ 2459.441239][T19136] nf_setsockopt+0x1a6/0x1c0 [ 2459.445937][T19136] ip_setsockopt+0x2815/0x2c80 [ 2459.450679][T19136] ? _raw_spin_unlock+0x2e/0x50 [ 2459.455531][T19136] ? finish_task_switch+0xd0/0x280 [ 2459.460626][T19136] ? __schedule+0x44a/0x6a0 [ 2459.465112][T19136] ? __rcu_read_unlock+0x5c/0x290 [ 2459.470238][T19136] ? preempt_count_add+0x41/0x90 [ 2459.475154][T19136] ? sysvec_reschedule_ipi+0x58/0x100 [ 2459.480575][T19136] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 2459.486205][T19136] ? avc_has_perm+0x99/0x160 [ 2459.490778][T19136] ? tsan.module_ctor+0x10/0x10 [ 2459.495695][T19136] ? avc_has_perm+0x70/0x160 [ 2459.500284][T19136] ? avc_has_perm+0xd5/0x160 [ 2459.504876][T19136] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2459.511189][T19136] ? selinux_socket_setsockopt+0x145/0x170 [ 2459.517048][T19136] udp_setsockopt+0x83/0x90 [ 2459.521527][T19136] sock_common_setsockopt+0x5d/0x70 [ 2459.526703][T19136] ? sock_common_recvmsg+0xe0/0xe0 [ 2459.531956][T19136] __sys_setsockopt+0x209/0x2a0 [ 2459.536809][T19136] __x64_sys_setsockopt+0x62/0x70 [ 2459.541851][T19136] do_syscall_64+0x44/0xd0 [ 2459.546245][T19136] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2459.552115][T19136] RIP: 0033:0x7ff9d4f80e99 [ 2459.556504][T19136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2459.576116][T19136] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2459.584510][T19136] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2459.592623][T19136] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2459.600574][T19136] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2459.608533][T19136] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2459.616487][T19136] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2459.624634][T19136] [ 2459.627768][T19136] Mem-Info: [ 2459.630878][T19136] active_anon:321 inactive_anon:98474 isolated_anon:0 [ 2459.630878][T19136] active_file:4089 inactive_file:62949 isolated_file:0 [ 2459.630878][T19136] unevictable:0 dirty:0 writeback:0 [ 2459.630878][T19136] slab_reclaimable:5620 slab_unreclaimable:15950 [ 2459.630878][T19136] mapped:27425 shmem:597 pagetables:1166 bounce:0 [ 2459.630878][T19136] kernel_misc_reclaimable:0 [ 2459.630878][T19136] free:1716822 free_pcp:3533 free_cma:0 [ 2459.672433][T19136] Node 0 active_anon:1284kB inactive_anon:393896kB active_file:16356kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2388kB writeback_tmp:0kB kernel_stack:4432kB pagetables:4664kB all_unreclaimable? no [ 2459.698766][T19136] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2459.725675][T19136] lowmem_reserve[]: 0 2896 7874 7874 [ 2459.731006][T19136] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2459.759678][T19136] lowmem_reserve[]: 0 0 4978 4978 [ 2459.764757][T19136] Node 0 Normal free:3886212kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1284kB inactive_anon:393896kB active_file:16356kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:9072kB local_pcp:3468kB free_cma:0kB [ 2459.795059][T19136] lowmem_reserve[]: 0 0 0 0 [ 2459.799612][T19136] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2459.812306][T19136] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2459.828283][T19136] Node 0 Normal: 47*4kB (UME) 11*8kB (E) 73*16kB (UME) 35*32kB (ME) 6*64kB (ME) 18*128kB (UME) 24*256kB (ME) 70*512kB (UM) 193*1024kB (UME) 52*2048kB (UM) 863*4096kB (UM) = 3886212kB [ 2459.846427][T19136] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2459.855818][T19136] 11556 total pagecache pages [ 2459.860492][T19136] 0 pages in swap cache [ 2459.864676][T19136] Swap cache stats: add 0, delete 0, find 0/0 [ 2459.870835][T19136] Free swap = 0kB [ 2459.874591][T19136] Total swap = 0kB [ 2459.878336][T19136] 2097051 pages RAM [ 2459.882243][T19136] 0 pages HighMem/MovableOnly [ 2459.886925][T19136] 75959 pages reserved 22:04:03 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86400bbc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:03 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1d000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$vcsu(&(0x7f0000000080), 0x4, 0x30000) io_uring_enter(r3, 0x240e, 0x36aa, 0x0, &(0x7f0000000180)={[0x1000000000000000]}, 0x8) pipe(&(0x7f0000000040)) 22:04:03 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1a) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, 0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:04:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r3, r6, &(0x7f0000000080)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2004, @fd=r0, 0x100, 0x0, 0x0, 0x4, 0x0, {0x3, r8}}, 0x3) pipe(&(0x7f0000000040)) 22:04:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) connect$unix(0xffffffffffffffff, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:04:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x2, 0x5, 0x2, 0x9, 0xffffffffffff1ffd, 0x4, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x2, 0x5, 0x2, 0x9, 0xffffffffffff1ffd, 0x4, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x2, 0x5, 0x2, 0x9, 0xffffffffffff1ffd, 0x4, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) sched_setattr(0xffffffffffffffff, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x2, 0x5, 0x2, 0x9, 0xffffffffffff1ffd, 0x4, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:04:04 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86400cbc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f0000000080)={'bridge0\x00', 0xeb0}) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, 0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:04:04 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1b) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:04 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1e000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r3, r6, &(0x7f0000000080)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2004, @fd=r0, 0x100, 0x0, 0x0, 0x4, 0x0, {0x3, r8}}, 0x3) pipe(&(0x7f0000000040)) 22:04:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f0000000080)={'bridge0\x00', 0xeb0}) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async, rerun: 32) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 32) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f0000000080)={'bridge0\x00', 0xeb0}) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:04 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1d000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) getrlimit(0x3, &(0x7f0000000080)) pipe(&(0x7f0000000040)) 22:04:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) getrlimit(0x3, &(0x7f0000000080)) (async) pipe(&(0x7f0000000040)) 22:04:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) getrlimit(0x3, &(0x7f0000000080)) (async) pipe(&(0x7f0000000040)) 22:04:12 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86400dbc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:12 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1f000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:12 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:04:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1d000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:04:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:04:12 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x3, &(0x7f0000000180)=[{0x6, 0x20, 0x0, 0x401}, {0x6, 0x6, 0x5c}, {0x4, 0x1, 0x6, 0x1}]}) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x3, 0x10000000, 0x1000, 0x78, 0x5, 0x609a, 0x3, 0x80, 0x5}, 0x0) r1 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, 0x0) 22:04:12 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x3, &(0x7f0000000180)=[{0x6, 0x20, 0x0, 0x401}, {0x6, 0x6, 0x5c}, {0x4, 0x1, 0x6, 0x1}]}) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x3, 0x10000000, 0x1000, 0x78, 0x5, 0x609a, 0x3, 0x80, 0x5}, 0x0) r1 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x3, &(0x7f0000000180)=[{0x6, 0x20, 0x0, 0x401}, {0x6, 0x6, 0x5c}, {0x4, 0x1, 0x6, 0x1}]}) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x3, 0x10000000, 0x1000, 0x78, 0x5, 0x609a, 0x3, 0x80, 0x5}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, 0x0) (async) 22:04:12 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x3, &(0x7f0000000180)=[{0x6, 0x20, 0x0, 0x401}, {0x6, 0x6, 0x5c}, {0x4, 0x1, 0x6, 0x1}]}) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x3, 0x10000000, 0x1000, 0x78, 0x5, 0x609a, 0x3, 0x80, 0x5}, 0x0) (async, rerun: 32) r1 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (rerun: 32) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async, rerun: 64) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 64) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, 0x0) 22:04:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x4, 0x6}, &(0x7f0000000180)) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) [ 2476.858676][T19349] warn_alloc: 2 callbacks suppressed [ 2476.858688][T19349] syz-executor.2: vmalloc error: size 314114048, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2476.880851][T19349] CPU: 0 PID: 19349 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2476.889616][T19349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2476.899772][T19349] Call Trace: [ 2476.903037][T19349] [ 2476.905951][T19349] dump_stack_lvl+0xd6/0x122 [ 2476.910526][T19349] dump_stack+0x11/0x1b [ 2476.914666][T19349] warn_alloc+0x132/0x190 [ 2476.918986][T19349] ? alloc_page_interleave+0x104/0x120 [ 2476.924434][T19349] __vmalloc_node_range+0x58b/0x690 [ 2476.929680][T19349] ? xt_alloc_table_info+0x39/0x70 [ 2476.934794][T19349] __vmalloc_node+0x61/0x70 [ 2476.939320][T19349] ? xt_alloc_table_info+0x39/0x70 [ 2476.944502][T19349] kvmalloc_node+0xd2/0x110 [ 2476.948989][T19349] xt_alloc_table_info+0x39/0x70 [ 2476.953938][T19349] do_ipt_set_ctl+0x649/0x1710 [ 2476.958684][T19349] ? rmqueue_pcplist+0x157/0x1f0 [ 2476.963685][T19349] ? rmqueue+0x4a/0xd20 [ 2476.967945][T19349] ? __rcu_read_unlock+0x5c/0x290 [ 2476.972949][T19349] nf_setsockopt+0x1a6/0x1c0 [ 2476.977520][T19349] ip_setsockopt+0x2815/0x2c80 [ 2476.982276][T19349] ? _raw_spin_unlock+0x2e/0x50 [ 2476.987107][T19349] ? finish_task_switch+0xd0/0x280 [ 2476.992199][T19349] ? __schedule+0x44a/0x6a0 [ 2476.996701][T19349] ? __rcu_read_unlock+0x5c/0x290 [ 2477.001802][T19349] ? schedule+0x8b/0xb0 [ 2477.005938][T19349] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2477.011311][T19349] ? avc_has_perm+0x70/0x160 [ 2477.015888][T19349] ? avc_has_perm+0xd5/0x160 [ 2477.020596][T19349] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2477.026936][T19349] ? selinux_socket_setsockopt+0x145/0x170 [ 2477.032774][T19349] udp_setsockopt+0x83/0x90 [ 2477.037261][T19349] sock_common_setsockopt+0x5d/0x70 [ 2477.042445][T19349] ? sock_common_recvmsg+0xe0/0xe0 [ 2477.047551][T19349] __sys_setsockopt+0x209/0x2a0 [ 2477.052448][T19349] __x64_sys_setsockopt+0x62/0x70 [ 2477.057591][T19349] do_syscall_64+0x44/0xd0 [ 2477.062098][T19349] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2477.067990][T19349] RIP: 0033:0x7ff9d4f80e99 [ 2477.072501][T19349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2477.092269][T19349] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2477.100755][T19349] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2477.108858][T19349] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2477.116807][T19349] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2477.124759][T19349] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2477.132709][T19349] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2477.140662][T19349] [ 2477.143806][T19349] Mem-Info: [ 2477.146905][T19349] active_anon:323 inactive_anon:98551 isolated_anon:0 [ 2477.146905][T19349] active_file:4099 inactive_file:62948 isolated_file:0 [ 2477.146905][T19349] unevictable:0 dirty:0 writeback:0 [ 2477.146905][T19349] slab_reclaimable:5626 slab_unreclaimable:15986 [ 2477.146905][T19349] mapped:27489 shmem:599 pagetables:1177 bounce:0 [ 2477.146905][T19349] kernel_misc_reclaimable:0 [ 2477.146905][T19349] free:1716596 free_pcp:3660 free_cma:0 [ 2477.188390][T19349] Node 0 active_anon:1292kB inactive_anon:394204kB active_file:16396kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2396kB writeback_tmp:0kB kernel_stack:4464kB pagetables:4708kB all_unreclaimable? no [ 2477.214793][T19349] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2477.241694][T19349] lowmem_reserve[]: 0 2896 7874 7874 [ 2477.246983][T19349] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2477.275571][T19349] lowmem_reserve[]: 0 0 4978 4978 [ 2477.280658][T19349] Node 0 Normal free:3885308kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1292kB inactive_anon:394204kB active_file:16396kB inactive_file:251792kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:9596kB local_pcp:5884kB free_cma:0kB [ 2477.311258][T19349] lowmem_reserve[]: 0 0 0 0 [ 2477.315766][T19349] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2477.328538][T19349] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2477.344582][T19349] Node 0 Normal: 5*4kB (UME) 13*8kB (UE) 14*16kB (UME) 55*32kB (UME) 27*64kB (UME) 24*128kB (UME) 24*256kB (ME) 63*512kB (UM) 192*1024kB (UME) 53*2048kB (UM) 863*4096kB (UM) = 3885308kB [ 2477.363452][T19349] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2477.372737][T19349] 11567 total pagecache pages [ 2477.377388][T19349] 0 pages in swap cache [ 2477.381631][T19349] Swap cache stats: add 0, delete 0, find 0/0 [ 2477.387684][T19349] Free swap = 0kB [ 2477.391439][T19349] Total swap = 0kB [ 2477.395146][T19349] 2097051 pages RAM [ 2477.398956][T19349] 0 pages HighMem/MovableOnly [ 2477.403628][T19349] 75959 pages reserved 22:04:20 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86400fbc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x4, 0x6}, &(0x7f0000000180)) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:04:20 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x20000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:20 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1d) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:20 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1d000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x4, 0x6}, &(0x7f0000000180)) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x4, 0x6}, &(0x7f0000000180)) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:04:20 executing program 1: sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x10c, &(0x7f0000000140)=0x3, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:20 executing program 1: sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x10c, &(0x7f0000000140)=0x3, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:20 executing program 1: sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x10c, &(0x7f0000000140)=0x3, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 32) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) pipe(&(0x7f0000000040)) 22:04:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) syz_io_uring_submit(r0, r1, &(0x7f0000000080)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xfffffff9) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) io_uring_enter(r3, 0x2a6e, 0x0, 0x1, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 64) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (rerun: 64) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) r2 = socket$inet_udplite(0x2, 0x2, 0x88) syz_io_uring_submit(r0, r1, &(0x7f0000000080)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xfffffff9) (async, rerun: 32) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) (rerun: 32) io_uring_enter(r3, 0x2a6e, 0x0, 0x1, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:26 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864010bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) syz_io_uring_submit(r0, r1, &(0x7f0000000080)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xfffffff9) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) io_uring_enter(r3, 0x2a6e, 0x0, 0x1, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) syz_io_uring_submit(r0, r1, &(0x7f0000000080)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xfffffff9) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) (async) io_uring_enter(r3, 0x2a6e, 0x0, 0x1, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:04:26 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1f000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:26 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x3f000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:26 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1e) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:04:26 executing program 1: r0 = accept4(0xffffffffffffffff, &(0x7f0000000200)=@generic, &(0x7f0000000280)=0x80, 0x800) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0x1, {0x2, 0x11e, 0x2}, 0xff}, 0x18) prlimit64(0x0, 0x8, &(0x7f00000000c0)={0x9, 0x8f}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x53}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x104, &(0x7f0000000140)=0x8307e, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000635000/0x4000)=nil, 0x4000, 0x6}, 0x80000000) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0x1, &(0x7f0000000080)={0xeb7a}, &(0x7f0000000180)) 22:04:26 executing program 1: r0 = accept4(0xffffffffffffffff, &(0x7f0000000200)=@generic, &(0x7f0000000280)=0x80, 0x800) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0x1, {0x2, 0x11e, 0x2}, 0xff}, 0x18) prlimit64(0x0, 0x8, &(0x7f00000000c0)={0x9, 0x8f}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x53}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x104, &(0x7f0000000140)=0x8307e, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000635000/0x4000)=nil, 0x4000, 0x6}, 0x80000000) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0x1, &(0x7f0000000080)={0xeb7a}, &(0x7f0000000180)) accept4(0xffffffffffffffff, &(0x7f0000000200)=@generic, &(0x7f0000000280)=0x80, 0x800) (async) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0x1, {0x2, 0x11e, 0x2}, 0xff}, 0x18) (async) prlimit64(0x0, 0x8, &(0x7f00000000c0)={0x9, 0x8f}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x53}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x104, &(0x7f0000000140)=0x8307e, 0x0, 0x4) (async) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000635000/0x4000)=nil, 0x4000, 0x6}, 0x80000000) (async) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) prlimit64(0x0, 0x1, &(0x7f0000000080)={0xeb7a}, &(0x7f0000000180)) (async) 22:04:26 executing program 1: r0 = accept4(0xffffffffffffffff, &(0x7f0000000200)=@generic, &(0x7f0000000280)=0x80, 0x800) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0x1, {0x2, 0x11e, 0x2}, 0xff}, 0x18) prlimit64(0x0, 0x8, &(0x7f00000000c0)={0x9, 0x8f}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x53}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x104, &(0x7f0000000140)=0x8307e, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000635000/0x4000)=nil, 0x4000, 0x6}, 0x80000000) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0x1, &(0x7f0000000080)={0xeb7a}, &(0x7f0000000180)) accept4(0xffffffffffffffff, &(0x7f0000000200)=@generic, &(0x7f0000000280)=0x80, 0x800) (async) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0x1, {0x2, 0x11e, 0x2}, 0xff}, 0x18) (async) prlimit64(0x0, 0x8, &(0x7f00000000c0)={0x9, 0x8f}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x53}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x104, &(0x7f0000000140)=0x8307e, 0x0, 0x4) (async) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000635000/0x4000)=nil, 0x4000, 0x6}, 0x80000000) (async) io_uring_enter(r1, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) prlimit64(0x0, 0x1, &(0x7f0000000080)={0xeb7a}, &(0x7f0000000180)) (async) 22:04:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) fstat(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r4, 0x0) getresgid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)=0x0) chown(&(0x7f0000000080)='./file0\x00', r4, r5) pipe(&(0x7f0000000040)) 22:04:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) r3 = socket$inet6_udp(0xa, 0x2, 0x0) fstat(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r4, 0x0) (async) getresgid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)=0x0) chown(&(0x7f0000000080)='./file0\x00', r4, r5) pipe(&(0x7f0000000040)) 22:04:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) r3 = socket$inet6_udp(0xa, 0x2, 0x0) fstat(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r4, 0x0) (async) getresgid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)=0x0) chown(&(0x7f0000000080)='./file0\x00', r4, r5) (async, rerun: 64) pipe(&(0x7f0000000040)) (rerun: 64) [ 2490.628675][T19474] warn_alloc: 1 callbacks suppressed [ 2490.628764][T19474] syz-executor.2: vmalloc error: size 314179584, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2490.650876][T19474] CPU: 1 PID: 19474 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2490.659632][T19474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2490.669665][T19474] Call Trace: [ 2490.672924][T19474] [ 2490.675866][T19474] dump_stack_lvl+0xd6/0x122 [ 2490.680546][T19474] dump_stack+0x11/0x1b [ 2490.684696][T19474] warn_alloc+0x132/0x190 [ 2490.689007][T19474] ? alloc_page_interleave+0x104/0x120 [ 2490.694500][T19474] __vmalloc_node_range+0x58b/0x690 [ 2490.699713][T19474] ? xt_alloc_table_info+0x39/0x70 [ 2490.704808][T19474] __vmalloc_node+0x61/0x70 [ 2490.709290][T19474] ? xt_alloc_table_info+0x39/0x70 [ 2490.714409][T19474] kvmalloc_node+0xd2/0x110 [ 2490.718984][T19474] xt_alloc_table_info+0x39/0x70 [ 2490.723906][T19474] do_ipt_set_ctl+0x649/0x1710 [ 2490.728706][T19474] ? rmqueue_pcplist+0x157/0x1f0 [ 2490.733633][T19474] ? rmqueue+0x4a/0xd20 [ 2490.737893][T19474] ? __rcu_read_unlock+0x5c/0x290 [ 2490.743003][T19474] nf_setsockopt+0x1a6/0x1c0 [ 2490.747579][T19474] ip_setsockopt+0x2815/0x2c80 [ 2490.752336][T19474] ? _raw_spin_unlock+0x2e/0x50 [ 2490.757193][T19474] ? finish_task_switch+0xd0/0x280 [ 2490.762302][T19474] ? __schedule+0x44a/0x6a0 [ 2490.766795][T19474] ? __rcu_read_unlock+0x5c/0x290 [ 2490.771996][T19474] ? schedule+0x8b/0xb0 [ 2490.776142][T19474] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2490.781563][T19474] ? avc_has_perm+0x70/0x160 [ 2490.786229][T19474] ? avc_has_perm+0xd5/0x160 [ 2490.790875][T19474] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2490.797194][T19474] ? selinux_socket_setsockopt+0x145/0x170 [ 2490.802996][T19474] udp_setsockopt+0x83/0x90 [ 2490.807488][T19474] sock_common_setsockopt+0x5d/0x70 [ 2490.812668][T19474] ? sock_common_recvmsg+0xe0/0xe0 [ 2490.817760][T19474] __sys_setsockopt+0x209/0x2a0 [ 2490.822592][T19474] __x64_sys_setsockopt+0x62/0x70 [ 2490.827598][T19474] do_syscall_64+0x44/0xd0 [ 2490.832045][T19474] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2490.837921][T19474] RIP: 0033:0x7ff9d4f80e99 [ 2490.842339][T19474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2490.861930][T19474] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2490.870401][T19474] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2490.878411][T19474] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2490.886363][T19474] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2490.894384][T19474] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2490.902420][T19474] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2490.910373][T19474] [ 2490.913483][T19474] Mem-Info: [ 2490.916581][T19474] active_anon:277 inactive_anon:98473 isolated_anon:0 [ 2490.916581][T19474] active_file:4104 inactive_file:62949 isolated_file:0 [ 2490.916581][T19474] unevictable:0 dirty:11 writeback:0 [ 2490.916581][T19474] slab_reclaimable:5632 slab_unreclaimable:15982 [ 2490.916581][T19474] mapped:27425 shmem:552 pagetables:1166 bounce:0 [ 2490.916581][T19474] kernel_misc_reclaimable:0 [ 2490.916581][T19474] free:1716685 free_pcp:3637 free_cma:0 [ 2490.957941][T19474] Node 0 active_anon:1108kB inactive_anon:393892kB active_file:16416kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:44kB writeback:0kB shmem:2208kB writeback_tmp:0kB kernel_stack:4448kB pagetables:4664kB all_unreclaimable? no [ 2490.984394][T19474] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2491.011226][T19474] lowmem_reserve[]: 0 2896 7874 7874 [ 2491.016572][T19474] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2491.045186][T19474] lowmem_reserve[]: 0 0 4978 4978 [ 2491.050254][T19474] Node 0 Normal free:3885664kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1108kB inactive_anon:393892kB active_file:16416kB inactive_file:251796kB unevictable:0kB writepending:44kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:9504kB local_pcp:5596kB free_cma:0kB [ 2491.080652][T19474] lowmem_reserve[]: 0 0 0 0 [ 2491.085234][T19474] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2491.097924][T19474] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2491.113912][T19474] Node 0 Normal: 2*4kB (ME) 3*8kB (ME) 10*16kB (ME) 3*32kB (UE) 27*64kB (UME) 23*128kB (UME) 25*256kB (UME) 65*512kB (UM) 193*1024kB (UME) 53*2048kB (UM) 863*4096kB (UM) = 3885664kB [ 2491.131937][T19474] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2491.141328][T19474] 11528 total pagecache pages [ 2491.146072][T19474] 0 pages in swap cache [ 2491.150277][T19474] Swap cache stats: add 0, delete 0, find 0/0 [ 2491.156326][T19474] Free swap = 0kB [ 2491.160057][T19474] Total swap = 0kB [ 2491.163854][T19474] 2097051 pages RAM [ 2491.167629][T19474] 0 pages HighMem/MovableOnly [ 2491.172303][T19474] 75959 pages reserved 22:04:34 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864011bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:34 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x40000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:34 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x63) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x54, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) fstat(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r4, 0x0) getresgid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)=0x0) chown(&(0x7f0000000080)='./file0\x00', r4, r5) pipe(&(0x7f0000000040)) 22:04:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:04:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) fstat(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r4, 0x0) getresgid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)=0x0) chown(&(0x7f0000000080)='./file0\x00', r4, r5) pipe(&(0x7f0000000040)) 22:04:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x54, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:34 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x20000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x54, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:34 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x54570600, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x50, r0, 0x10000000) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x81, 0x0) syz_io_uring_submit(r4, r6, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x3, 0x0, r7, &(0x7f0000000180)={0xc980, 0x0, 0x2}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x12345}, 0xffffff53) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_OPENAT={0x12, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000540)='./file0\x00', 0x63, 0x40101, 0x23456, {0x0, r8}}, 0x1f) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:42 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864012bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async, rerun: 32) r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x50, r0, 0x10000000) (rerun: 32) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x81, 0x0) (async) syz_io_uring_submit(r4, r6, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x3, 0x0, r7, &(0x7f0000000180)={0xc980, 0x0, 0x2}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x12345}, 0xffffff53) (async) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_OPENAT={0x12, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000540)='./file0\x00', 0x63, 0x40101, 0x23456, {0x0, r8}}, 0x1f) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) pipe(&(0x7f0000000040)) (rerun: 32) 22:04:42 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1f7) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:42 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x1d000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:04:42 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x5a0c0000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x50, r0, 0x10000000) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x81, 0x0) (async) syz_io_uring_submit(r4, r6, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x3, 0x0, r7, &(0x7f0000000180)={0xc980, 0x0, 0x2}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x12345}, 0xffffff53) (async) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async, rerun: 32) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (rerun: 32) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_OPENAT={0x12, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000540)='./file0\x00', 0x63, 0x40101, 0x23456, {0x0, r8}}, 0x1f) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:42 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x62010000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x336c, &(0x7f0000000180)={0x0, 0x8c5c, 0x8, 0x3, 0x63e}, &(0x7f00006d5000/0x1000)=nil, &(0x7f00006d6000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r6, &(0x7f0000000400)=@IORING_OP_WRITEV={0x2, 0x3, 0x4004, @fd_index=0x3, 0xffffffffffffff86, &(0x7f0000000800)=[{&(0x7f0000000240)="f61aafc58bd5960d67f9c696c7c4c94495198a1d9c194422774f92fcdac27b5550d67ce65cb72b759e6b253e18a3f80b426e14d2903134115beb4478e46759ec5d175cc3664553f6554129fbad20f4", 0x4f}, {&(0x7f0000000340)="e660a16553225103ddb1531f3537db81be883f117cf5802d2450afa0d7f5575b45fe190cc8f0e038ece83791b3407e0861ac272792b80fdf786d63fc1672fe1c236698763a7fa8a1386561b59499f75fbffc54c9a664ce81218d638457693378dfcbc9f057f9aa4cc3b7da", 0x6b}, {&(0x7f00000003c0)="d2b5472f3721b6da234ad31be9406e10", 0x10}, {&(0x7f0000000480)="93db52f3d06fcd02cc9f051b180754d4747145394753622bb11c96cf221592755e1d549ad6352d8a380c03df20a488e565212a103a38d56054841caceacd2a6742fa138177203f60557acba6f7a94e6d092c02b918fd26af2e8e1aa3f3aee2081e7d101ef88cb0f6e229691402f8deab60cc1a036179583002c2ad04b3b3e26569aa714e7e93461e5ae8963175b3ba3bec8c0291c964aab99f0a3eeb9b89b61239d349176fd1b5e0d5e94cd08d5a8d1c07c66cd1f24921af033b97105f300651f9e6cfc54f05915984d5a7d3d8ebf1479cfbec74f4a2099fe01c4078951d7b334e778faa", 0xe4}, {&(0x7f0000000580)="6ec71e422f951c1e0b1a8a39d5beec89dfff181a3a1a506643d7441c0e960c0b7865dc6dff2abebf23a26037110790b61ef1fde3394ebccd50219534cfb1b13c76bcea21597b77e45857421a313df84272e110dba385352621cd65e47edc54711a790299592bfed07ca78e6425da4cf71de174811f96378fc2dceda643f0737eca763788d40ab7f7f20708d2f18caa798d54e1f0a5605bddd3f0b701de6670728b8fb259fcfacd62a7f03e417eb57859dde61e", 0xb3}, {&(0x7f0000000640)="8f3ed8d805d0240819f7a7946185933b71059c6ff1ffbeb5dbf7f4f878e25712fb6f60ac39fb7d2cde8d9a936b95836d768ccab83e3ac61b912f8c07a5c9e4a043d151e9024f0ec5f77fbbf30051775417db037260f4842bab65041e67f53787f1611d24265329b6f7d8721791cc5bb923b2136affd7d41d758479db62f3dffe46e126bb189ab7baa8c91c80a7927d31ad7bc9a5ea3b999e33d3cada41418b8df357af21489a13db8abcf94cc474eb753b7d5658ef1bbea126278d04ba71aa3fcfe26358fa81", 0xc6}, {&(0x7f0000000740)="4ec4bde68f9a27eb0c04342126ee96529e30e60d06abe99c2d55105ca2a926ba34b29a58c11149e94142f41ac83b173bd1c610ac5e43ca2535a5a104c0b99ef5d8ae57b2c4a98514fc4704dabfe9212ec82635ae0479421d7a23197f0ff84b66d1da1d618de550f1a6d02dc73c5cf7850e905d406f483650dbf675298db95961af89759ed63f985b7fbedeeb9419736fb11ec532ebec000a2a14d7bb776356e18b3aed6a388292", 0xa7}], 0x7, 0x0, 0x1, {0x3, r7}}, 0x2) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) [ 2507.208659][T19604] warn_alloc: 1 callbacks suppressed [ 2507.208671][T19604] syz-executor.2: vmalloc error: size 314195968, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2507.230659][T19604] CPU: 0 PID: 19604 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2507.239418][T19604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2507.249508][T19604] Call Trace: [ 2507.252778][T19604] [ 2507.255690][T19604] dump_stack_lvl+0xd6/0x122 [ 2507.260348][T19604] dump_stack+0x11/0x1b [ 2507.264516][T19604] warn_alloc+0x132/0x190 [ 2507.268831][T19604] ? alloc_page_interleave+0x104/0x120 [ 2507.274289][T19604] __vmalloc_node_range+0x58b/0x690 [ 2507.279475][T19604] ? xt_alloc_table_info+0x39/0x70 [ 2507.284643][T19604] __vmalloc_node+0x61/0x70 [ 2507.289332][T19604] ? xt_alloc_table_info+0x39/0x70 [ 2507.294545][T19604] kvmalloc_node+0xd2/0x110 [ 2507.299034][T19604] xt_alloc_table_info+0x39/0x70 [ 2507.304064][T19604] do_ipt_set_ctl+0x649/0x1710 [ 2507.308863][T19604] ? rmqueue_pcplist+0x157/0x1f0 [ 2507.313819][T19604] ? rmqueue+0x4a/0xd20 [ 2507.317995][T19604] ? __rcu_read_unlock+0x5c/0x290 [ 2507.323062][T19604] nf_setsockopt+0x1a6/0x1c0 [ 2507.327631][T19604] ip_setsockopt+0x2815/0x2c80 [ 2507.332399][T19604] ? _raw_spin_unlock+0x2e/0x50 [ 2507.337252][T19604] ? finish_task_switch+0xd0/0x280 [ 2507.342343][T19604] ? __schedule+0x44a/0x6a0 [ 2507.346825][T19604] ? __rcu_read_unlock+0x5c/0x290 [ 2507.351896][T19604] ? schedule+0x8b/0xb0 [ 2507.356128][T19604] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2507.361483][T19604] ? avc_has_perm+0x70/0x160 [ 2507.366053][T19604] ? avc_has_perm+0xd5/0x160 [ 2507.370793][T19604] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2507.377110][T19604] ? selinux_socket_setsockopt+0x145/0x170 [ 2507.382920][T19604] udp_setsockopt+0x83/0x90 [ 2507.387479][T19604] sock_common_setsockopt+0x5d/0x70 [ 2507.392658][T19604] ? sock_common_recvmsg+0xe0/0xe0 [ 2507.397766][T19604] __sys_setsockopt+0x209/0x2a0 [ 2507.402665][T19604] __x64_sys_setsockopt+0x62/0x70 [ 2507.407700][T19604] do_syscall_64+0x44/0xd0 [ 2507.412096][T19604] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2507.418011][T19604] RIP: 0033:0x7ff9d4f80e99 [ 2507.422472][T19604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2507.442123][T19604] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2507.450529][T19604] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2507.458478][T19604] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2507.466501][T19604] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2507.474452][T19604] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2507.482410][T19604] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2507.490360][T19604] [ 2507.493493][T19604] Mem-Info: [ 2507.496590][T19604] active_anon:279 inactive_anon:98551 isolated_anon:0 [ 2507.496590][T19604] active_file:4111 inactive_file:62948 isolated_file:0 [ 2507.496590][T19604] unevictable:0 dirty:0 writeback:0 [ 2507.496590][T19604] slab_reclaimable:5690 slab_unreclaimable:16204 [ 2507.496590][T19604] mapped:27489 shmem:554 pagetables:1177 bounce:0 [ 2507.496590][T19604] kernel_misc_reclaimable:0 [ 2507.496590][T19604] free:1716969 free_pcp:3273 free_cma:0 [ 2507.537870][T19604] Node 0 active_anon:1116kB inactive_anon:394204kB active_file:16444kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2216kB writeback_tmp:0kB kernel_stack:3552kB pagetables:4708kB all_unreclaimable? no [ 2507.564251][T19604] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2507.591006][T19604] lowmem_reserve[]: 0 2896 7874 7874 [ 2507.596379][T19604] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2507.625105][T19604] lowmem_reserve[]: 0 0 4978 4978 [ 2507.630151][T19604] Node 0 Normal free:3886800kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1116kB inactive_anon:394204kB active_file:16444kB inactive_file:251792kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:8036kB local_pcp:4872kB free_cma:0kB [ 2507.660471][T19604] lowmem_reserve[]: 0 0 0 0 [ 2507.664981][T19604] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2507.677561][T19604] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2507.693597][T19604] Node 0 Normal: 290*4kB (UME) 209*8kB (UME) 136*16kB (UM) 32*32kB (UME) 37*64kB (UME) 24*128kB (UME) 22*256kB (M) 60*512kB (UME) 193*1024kB (UME) 54*2048kB (UME) 862*4096kB (UM) = 3886800kB [ 2507.712419][T19604] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2507.721753][T19604] 11534 total pagecache pages [ 2507.726474][T19604] 0 pages in swap cache [ 2507.730678][T19604] Swap cache stats: add 0, delete 0, find 0/0 [ 2507.736737][T19604] Free swap = 0kB [ 2507.740590][T19604] Total swap = 0kB [ 2507.744297][T19604] 2097051 pages RAM [ 2507.748081][T19604] 0 pages HighMem/MovableOnly [ 2507.752774][T19604] 75959 pages reserved 22:04:50 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864013bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x336c, &(0x7f0000000180)={0x0, 0x8c5c, 0x8, 0x3, 0x63e}, &(0x7f00006d5000/0x1000)=nil, &(0x7f00006d6000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r6, &(0x7f0000000400)=@IORING_OP_WRITEV={0x2, 0x3, 0x4004, @fd_index=0x3, 0xffffffffffffff86, &(0x7f0000000800)=[{&(0x7f0000000240)="f61aafc58bd5960d67f9c696c7c4c94495198a1d9c194422774f92fcdac27b5550d67ce65cb72b759e6b253e18a3f80b426e14d2903134115beb4478e46759ec5d175cc3664553f6554129fbad20f4", 0x4f}, {&(0x7f0000000340)="e660a16553225103ddb1531f3537db81be883f117cf5802d2450afa0d7f5575b45fe190cc8f0e038ece83791b3407e0861ac272792b80fdf786d63fc1672fe1c236698763a7fa8a1386561b59499f75fbffc54c9a664ce81218d638457693378dfcbc9f057f9aa4cc3b7da", 0x6b}, {&(0x7f00000003c0)="d2b5472f3721b6da234ad31be9406e10", 0x10}, {&(0x7f0000000480)="93db52f3d06fcd02cc9f051b180754d4747145394753622bb11c96cf221592755e1d549ad6352d8a380c03df20a488e565212a103a38d56054841caceacd2a6742fa138177203f60557acba6f7a94e6d092c02b918fd26af2e8e1aa3f3aee2081e7d101ef88cb0f6e229691402f8deab60cc1a036179583002c2ad04b3b3e26569aa714e7e93461e5ae8963175b3ba3bec8c0291c964aab99f0a3eeb9b89b61239d349176fd1b5e0d5e94cd08d5a8d1c07c66cd1f24921af033b97105f300651f9e6cfc54f05915984d5a7d3d8ebf1479cfbec74f4a2099fe01c4078951d7b334e778faa", 0xe4}, {&(0x7f0000000580)="6ec71e422f951c1e0b1a8a39d5beec89dfff181a3a1a506643d7441c0e960c0b7865dc6dff2abebf23a26037110790b61ef1fde3394ebccd50219534cfb1b13c76bcea21597b77e45857421a313df84272e110dba385352621cd65e47edc54711a790299592bfed07ca78e6425da4cf71de174811f96378fc2dceda643f0737eca763788d40ab7f7f20708d2f18caa798d54e1f0a5605bddd3f0b701de6670728b8fb259fcfacd62a7f03e417eb57859dde61e", 0xb3}, {&(0x7f0000000640)="8f3ed8d805d0240819f7a7946185933b71059c6ff1ffbeb5dbf7f4f878e25712fb6f60ac39fb7d2cde8d9a936b95836d768ccab83e3ac61b912f8c07a5c9e4a043d151e9024f0ec5f77fbbf30051775417db037260f4842bab65041e67f53787f1611d24265329b6f7d8721791cc5bb923b2136affd7d41d758479db62f3dffe46e126bb189ab7baa8c91c80a7927d31ad7bc9a5ea3b999e33d3cada41418b8df357af21489a13db8abcf94cc474eb753b7d5658ef1bbea126278d04ba71aa3fcfe26358fa81", 0xc6}, {&(0x7f0000000740)="4ec4bde68f9a27eb0c04342126ee96529e30e60d06abe99c2d55105ca2a926ba34b29a58c11149e94142f41ac83b173bd1c610ac5e43ca2535a5a104c0b99ef5d8ae57b2c4a98514fc4704dabfe9212ec82635ae0479421d7a23197f0ff84b66d1da1d618de550f1a6d02dc73c5cf7850e905d406f483650dbf675298db95961af89759ed63f985b7fbedeeb9419736fb11ec532ebec000a2a14d7bb776356e18b3aed6a388292", 0xa7}], 0x7, 0x0, 0x1, {0x3, r7}}, 0x2) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_setup(0x336c, &(0x7f0000000180)={0x0, 0x8c5c, 0x8, 0x3, 0x63e}, &(0x7f00006d5000/0x1000)=nil, &(0x7f00006d6000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r4, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) (async) syz_io_uring_submit(r3, r6, &(0x7f0000000400)=@IORING_OP_WRITEV={0x2, 0x3, 0x4004, @fd_index=0x3, 0xffffffffffffff86, &(0x7f0000000800)=[{&(0x7f0000000240)="f61aafc58bd5960d67f9c696c7c4c94495198a1d9c194422774f92fcdac27b5550d67ce65cb72b759e6b253e18a3f80b426e14d2903134115beb4478e46759ec5d175cc3664553f6554129fbad20f4", 0x4f}, {&(0x7f0000000340)="e660a16553225103ddb1531f3537db81be883f117cf5802d2450afa0d7f5575b45fe190cc8f0e038ece83791b3407e0861ac272792b80fdf786d63fc1672fe1c236698763a7fa8a1386561b59499f75fbffc54c9a664ce81218d638457693378dfcbc9f057f9aa4cc3b7da", 0x6b}, {&(0x7f00000003c0)="d2b5472f3721b6da234ad31be9406e10", 0x10}, {&(0x7f0000000480)="93db52f3d06fcd02cc9f051b180754d4747145394753622bb11c96cf221592755e1d549ad6352d8a380c03df20a488e565212a103a38d56054841caceacd2a6742fa138177203f60557acba6f7a94e6d092c02b918fd26af2e8e1aa3f3aee2081e7d101ef88cb0f6e229691402f8deab60cc1a036179583002c2ad04b3b3e26569aa714e7e93461e5ae8963175b3ba3bec8c0291c964aab99f0a3eeb9b89b61239d349176fd1b5e0d5e94cd08d5a8d1c07c66cd1f24921af033b97105f300651f9e6cfc54f05915984d5a7d3d8ebf1479cfbec74f4a2099fe01c4078951d7b334e778faa", 0xe4}, {&(0x7f0000000580)="6ec71e422f951c1e0b1a8a39d5beec89dfff181a3a1a506643d7441c0e960c0b7865dc6dff2abebf23a26037110790b61ef1fde3394ebccd50219534cfb1b13c76bcea21597b77e45857421a313df84272e110dba385352621cd65e47edc54711a790299592bfed07ca78e6425da4cf71de174811f96378fc2dceda643f0737eca763788d40ab7f7f20708d2f18caa798d54e1f0a5605bddd3f0b701de6670728b8fb259fcfacd62a7f03e417eb57859dde61e", 0xb3}, {&(0x7f0000000640)="8f3ed8d805d0240819f7a7946185933b71059c6ff1ffbeb5dbf7f4f878e25712fb6f60ac39fb7d2cde8d9a936b95836d768ccab83e3ac61b912f8c07a5c9e4a043d151e9024f0ec5f77fbbf30051775417db037260f4842bab65041e67f53787f1611d24265329b6f7d8721791cc5bb923b2136affd7d41d758479db62f3dffe46e126bb189ab7baa8c91c80a7927d31ad7bc9a5ea3b999e33d3cada41418b8df357af21489a13db8abcf94cc474eb753b7d5658ef1bbea126278d04ba71aa3fcfe26358fa81", 0xc6}, {&(0x7f0000000740)="4ec4bde68f9a27eb0c04342126ee96529e30e60d06abe99c2d55105ca2a926ba34b29a58c11149e94142f41ac83b173bd1c610ac5e43ca2535a5a104c0b99ef5d8ae57b2c4a98514fc4704dabfe9212ec82635ae0479421d7a23197f0ff84b66d1da1d618de550f1a6d02dc73c5cf7850e905d406f483650dbf675298db95961af89759ed63f985b7fbedeeb9419736fb11ec532ebec000a2a14d7bb776356e18b3aed6a388292", 0xa7}], 0x7, 0x0, 0x1, {0x3, r7}}, 0x2) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:04:50 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1f8) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:04:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r3, r6, &(0x7f0000000080)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2004, @fd=r0, 0x100, 0x0, 0x0, 0x4, 0x0, {0x3, r8}}, 0x3) pipe(&(0x7f0000000040)) 22:04:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x63000000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_setup(0x336c, &(0x7f0000000180)={0x0, 0x8c5c, 0x8, 0x3, 0x63e}, &(0x7f00006d5000/0x1000)=nil, &(0x7f00006d6000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000200)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r6, &(0x7f0000000400)=@IORING_OP_WRITEV={0x2, 0x3, 0x4004, @fd_index=0x3, 0xffffffffffffff86, &(0x7f0000000800)=[{&(0x7f0000000240)="f61aafc58bd5960d67f9c696c7c4c94495198a1d9c194422774f92fcdac27b5550d67ce65cb72b759e6b253e18a3f80b426e14d2903134115beb4478e46759ec5d175cc3664553f6554129fbad20f4", 0x4f}, {&(0x7f0000000340)="e660a16553225103ddb1531f3537db81be883f117cf5802d2450afa0d7f5575b45fe190cc8f0e038ece83791b3407e0861ac272792b80fdf786d63fc1672fe1c236698763a7fa8a1386561b59499f75fbffc54c9a664ce81218d638457693378dfcbc9f057f9aa4cc3b7da", 0x6b}, {&(0x7f00000003c0)="d2b5472f3721b6da234ad31be9406e10", 0x10}, {&(0x7f0000000480)="93db52f3d06fcd02cc9f051b180754d4747145394753622bb11c96cf221592755e1d549ad6352d8a380c03df20a488e565212a103a38d56054841caceacd2a6742fa138177203f60557acba6f7a94e6d092c02b918fd26af2e8e1aa3f3aee2081e7d101ef88cb0f6e229691402f8deab60cc1a036179583002c2ad04b3b3e26569aa714e7e93461e5ae8963175b3ba3bec8c0291c964aab99f0a3eeb9b89b61239d349176fd1b5e0d5e94cd08d5a8d1c07c66cd1f24921af033b97105f300651f9e6cfc54f05915984d5a7d3d8ebf1479cfbec74f4a2099fe01c4078951d7b334e778faa", 0xe4}, {&(0x7f0000000580)="6ec71e422f951c1e0b1a8a39d5beec89dfff181a3a1a506643d7441c0e960c0b7865dc6dff2abebf23a26037110790b61ef1fde3394ebccd50219534cfb1b13c76bcea21597b77e45857421a313df84272e110dba385352621cd65e47edc54711a790299592bfed07ca78e6425da4cf71de174811f96378fc2dceda643f0737eca763788d40ab7f7f20708d2f18caa798d54e1f0a5605bddd3f0b701de6670728b8fb259fcfacd62a7f03e417eb57859dde61e", 0xb3}, {&(0x7f0000000640)="8f3ed8d805d0240819f7a7946185933b71059c6ff1ffbeb5dbf7f4f878e25712fb6f60ac39fb7d2cde8d9a936b95836d768ccab83e3ac61b912f8c07a5c9e4a043d151e9024f0ec5f77fbbf30051775417db037260f4842bab65041e67f53787f1611d24265329b6f7d8721791cc5bb923b2136affd7d41d758479db62f3dffe46e126bb189ab7baa8c91c80a7927d31ad7bc9a5ea3b999e33d3cada41418b8df357af21489a13db8abcf94cc474eb753b7d5658ef1bbea126278d04ba71aa3fcfe26358fa81", 0xc6}, {&(0x7f0000000740)="4ec4bde68f9a27eb0c04342126ee96529e30e60d06abe99c2d55105ca2a926ba34b29a58c11149e94142f41ac83b173bd1c610ac5e43ca2535a5a104c0b99ef5d8ae57b2c4a98514fc4704dabfe9212ec82635ae0479421d7a23197f0ff84b66d1da1d618de550f1a6d02dc73c5cf7850e905d406f483650dbf675298db95961af89759ed63f985b7fbedeeb9419736fb11ec532ebec000a2a14d7bb776356e18b3aed6a388292", 0xa7}], 0x7, 0x0, 0x1, {0x3, r7}}, 0x2) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) [ 2510.898594][ C1] sched: RT throttling activated 22:04:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:04:51 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1f9) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:51 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x63010000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) setrlimit(0xa, &(0x7f0000000080)={0x4, 0x100000001}) syz_io_uring_setup(0x85c, &(0x7f0000000180)={0x0, 0xa9ea, 0x1, 0x1, 0x344, 0x0, r0}, &(0x7f0000633000/0x2000)=nil, &(0x7f00006d3000/0x4000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000240)) syz_io_uring_setup(0x7ac4, &(0x7f0000000340)={0x0, 0xa9ce, 0x0, 0x1, 0x312}, &(0x7f00006d3000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000280), &(0x7f00000003c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000400)=@IORING_OP_WRITE={0x17, 0x3, 0x2004, @fd=r0, 0x4d, &(0x7f0000000480)="69119e42b63c6a1699f8cc35b6a84331b33f96a827799cced63358c4af0f9c326a1745804bc5275e06a79905d67a2c3e4ed584b3d0c24b7e0175baa2de0e25240072394742310fa2188a2dea3401e0b80a3bd5ad1867d60f9d41778171b75286d97e3baa8a38743f75b0532b34b9c1653e56bf02de54f8c809c923988d84d34fd9d7814ddfc3b8b3eeefe954724a1b274f277aee5d51b8e24a25ae9d5e47c6318e6746e7531d528bd2bde117d502900b739ea39c5c93f4767a7d17cd323f686a5f6279da37617182c3c663fe", 0xcc}, 0x9) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:51 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r3, r6, &(0x7f0000000080)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2004, @fd=r0, 0x100, 0x0, 0x0, 0x4, 0x0, {0x3, r8}}, 0x3) pipe(&(0x7f0000000040)) 22:04:53 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864014bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r3, r6, &(0x7f0000000080)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2004, @fd=r0, 0x100, 0x0, 0x0, 0x4, 0x0, {0x3, r8}}, 0x3) pipe(&(0x7f0000000040)) 22:04:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) setrlimit(0xa, &(0x7f0000000080)={0x4, 0x100000001}) syz_io_uring_setup(0x85c, &(0x7f0000000180)={0x0, 0xa9ea, 0x1, 0x1, 0x344, 0x0, r0}, &(0x7f0000633000/0x2000)=nil, &(0x7f00006d3000/0x4000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000240)) syz_io_uring_setup(0x7ac4, &(0x7f0000000340)={0x0, 0xa9ce, 0x0, 0x1, 0x312}, &(0x7f00006d3000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000280), &(0x7f00000003c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000400)=@IORING_OP_WRITE={0x17, 0x3, 0x2004, @fd=r0, 0x4d, &(0x7f0000000480)="69119e42b63c6a1699f8cc35b6a84331b33f96a827799cced63358c4af0f9c326a1745804bc5275e06a79905d67a2c3e4ed584b3d0c24b7e0175baa2de0e25240072394742310fa2188a2dea3401e0b80a3bd5ad1867d60f9d41778171b75286d97e3baa8a38743f75b0532b34b9c1653e56bf02de54f8c809c923988d84d34fd9d7814ddfc3b8b3eeefe954724a1b274f277aee5d51b8e24a25ae9d5e47c6318e6746e7531d528bd2bde117d502900b739ea39c5c93f4767a7d17cd323f686a5f6279da37617182c3c663fe", 0xcc}, 0x9) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 32) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) pipe(&(0x7f0000000040)) 22:04:53 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x204) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:04:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r3, r6, &(0x7f0000000080)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2004, @fd=r0, 0x100, 0x0, 0x0, 0x4, 0x0, {0x3, r8}}, 0x3) 22:04:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) setrlimit(0xa, &(0x7f0000000080)={0x4, 0x100000001}) (async) syz_io_uring_setup(0x85c, &(0x7f0000000180)={0x0, 0xa9ea, 0x1, 0x1, 0x344, 0x0, r0}, &(0x7f0000633000/0x2000)=nil, &(0x7f00006d3000/0x4000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000240)) (async) syz_io_uring_setup(0x7ac4, &(0x7f0000000340)={0x0, 0xa9ce, 0x0, 0x1, 0x312}, &(0x7f00006d3000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000280), &(0x7f00000003c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000400)=@IORING_OP_WRITE={0x17, 0x3, 0x2004, @fd=r0, 0x4d, &(0x7f0000000480)="69119e42b63c6a1699f8cc35b6a84331b33f96a827799cced63358c4af0f9c326a1745804bc5275e06a79905d67a2c3e4ed584b3d0c24b7e0175baa2de0e25240072394742310fa2188a2dea3401e0b80a3bd5ad1867d60f9d41778171b75286d97e3baa8a38743f75b0532b34b9c1653e56bf02de54f8c809c923988d84d34fd9d7814ddfc3b8b3eeefe954724a1b274f277aee5d51b8e24a25ae9d5e47c6318e6746e7531d528bd2bde117d502900b739ea39c5c93f4767a7d17cd323f686a5f6279da37617182c3c663fe", 0xcc}, 0x9) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r1, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r0, 0x0, r1, 0x2) r2 = syz_open_dev$vcsn(&(0x7f0000000200), 0x7e97, 0x200) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0xc6, 0x4b, 0x2, 0x3c, 0x0, 0xffffffffffff666b, 0x40801, 0x7, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x80, 0x1, @perf_bp={&(0x7f0000000080), 0x8}, 0x1, 0x9, 0xc3ad, 0xe, 0x3, 0x8, 0x8, 0x0, 0x8, 0x0, 0x1000}, r0, 0x4, r2, 0x8) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x73f4, 0x0, 0x0, 0xfffffffe}, 0x0) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x2000)=nil, 0x2000, 0x7000008, 0x110, r3, 0x10000000) 22:04:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r1, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r0, 0x0, r1, 0x2) r2 = syz_open_dev$vcsn(&(0x7f0000000200), 0x7e97, 0x200) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0xc6, 0x4b, 0x2, 0x3c, 0x0, 0xffffffffffff666b, 0x40801, 0x7, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x80, 0x1, @perf_bp={&(0x7f0000000080), 0x8}, 0x1, 0x9, 0xc3ad, 0xe, 0x3, 0x8, 0x8, 0x0, 0x8, 0x0, 0x1000}, r0, 0x4, r2, 0x8) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x73f4, 0x0, 0x0, 0xfffffffe}, 0x0) (async) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x2000)=nil, 0x2000, 0x7000008, 0x110, r3, 0x10000000) 22:04:53 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x64010000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r1, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r0, 0x0, r1, 0x2) r2 = syz_open_dev$vcsn(&(0x7f0000000200), 0x7e97, 0x200) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0xc6, 0x4b, 0x2, 0x3c, 0x0, 0xffffffffffff666b, 0x40801, 0x7, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x80, 0x1, @perf_bp={&(0x7f0000000080), 0x8}, 0x1, 0x9, 0xc3ad, 0xe, 0x3, 0x8, 0x8, 0x0, 0x8, 0x0, 0x1000}, r0, 0x4, r2, 0x8) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x73f4, 0x0, 0x0, 0xfffffffe}, 0x0) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x2000)=nil, 0x2000, 0x7000008, 0x110, r3, 0x10000000) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) (async) write$binfmt_elf32(r1, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r0, 0x0, r1, 0x2) (async) syz_open_dev$vcsn(&(0x7f0000000200), 0x7e97, 0x200) (async) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0xc6, 0x4b, 0x2, 0x3c, 0x0, 0xffffffffffff666b, 0x40801, 0x7, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x80, 0x1, @perf_bp={&(0x7f0000000080), 0x8}, 0x1, 0x9, 0xc3ad, 0xe, 0x3, 0x8, 0x8, 0x0, 0x8, 0x0, 0x1000}, r0, 0x4, r2, 0x8) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x73f4, 0x0, 0x0, 0xfffffffe}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x2000)=nil, 0x2000, 0x7000008, 0x110, r3, 0x10000000) (async) 22:04:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5}, 0x0) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) dup(r4) syz_io_uring_submit(r1, r7, &(0x7f0000000400)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r8, 0x80, &(0x7f0000000480)=@l2tp6={0xa, 0x0, 0xf0e, @rand_addr=' \x01\x00', 0x7f, 0x3}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x101) syz_io_uring_setup(0x4799, &(0x7f0000000180)={0x0, 0x97e3, 0x0, 0x2, 0x59}, &(0x7f00006d4000/0x3000)=nil, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)=0x0) r11 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400480, 0x0) fcntl$lock(r11, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) syz_io_uring_submit(r1, r10, &(0x7f00000003c0)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r11, 0x0, 0x0, 0x0, {0x3d}, 0x1}, 0x9) syz_io_uring_setup(0x5a00, &(0x7f0000000240)={0x0, 0x55e, 0x0, 0x0, 0x18, 0x0, r3}, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000395000/0x400000)=nil, &(0x7f0000000340), &(0x7f0000000380)) 22:04:54 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864015bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5}, 0x0) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) dup(r4) syz_io_uring_submit(r1, r7, &(0x7f0000000400)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r8, 0x80, &(0x7f0000000480)=@l2tp6={0xa, 0x0, 0xf0e, @rand_addr=' \x01\x00', 0x7f, 0x3}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x101) syz_io_uring_setup(0x4799, &(0x7f0000000180)={0x0, 0x97e3, 0x0, 0x2, 0x59}, &(0x7f00006d4000/0x3000)=nil, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)=0x0) r11 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400480, 0x0) fcntl$lock(r11, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) syz_io_uring_submit(r1, r10, &(0x7f00000003c0)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r11, 0x0, 0x0, 0x0, {0x3d}, 0x1}, 0x9) syz_io_uring_setup(0x5a00, &(0x7f0000000240)={0x0, 0x55e, 0x0, 0x0, 0x18, 0x0, r3}, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000395000/0x400000)=nil, &(0x7f0000000340), &(0x7f0000000380)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5}, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) (async) dup(r4) (async) syz_io_uring_submit(r1, r7, &(0x7f0000000400)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r8, 0x80, &(0x7f0000000480)=@l2tp6={0xa, 0x0, 0xf0e, @rand_addr=' \x01\x00', 0x7f, 0x3}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x101) (async) syz_io_uring_setup(0x4799, &(0x7f0000000180)={0x0, 0x97e3, 0x0, 0x2, 0x59}, &(0x7f00006d4000/0x3000)=nil, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400480, 0x0) (async) fcntl$lock(r11, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) syz_io_uring_submit(r1, r10, &(0x7f00000003c0)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r11, 0x0, 0x0, 0x0, {0x3d}, 0x1}, 0x9) (async) syz_io_uring_setup(0x5a00, &(0x7f0000000240)={0x0, 0x55e, 0x0, 0x0, 0x18, 0x0, r3}, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000395000/0x400000)=nil, &(0x7f0000000340), &(0x7f0000000380)) (async) 22:04:54 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x26d) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:04:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) 22:04:54 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xaa2b0300, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5}, 0x0) (async) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) dup(r4) (async) syz_io_uring_submit(r1, r7, &(0x7f0000000400)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r8, 0x80, &(0x7f0000000480)=@l2tp6={0xa, 0x0, 0xf0e, @rand_addr=' \x01\x00', 0x7f, 0x3}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x101) (async) syz_io_uring_setup(0x4799, &(0x7f0000000180)={0x0, 0x97e3, 0x0, 0x2, 0x59}, &(0x7f00006d4000/0x3000)=nil, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000000080), &(0x7f0000000200)=0x0) (async) r11 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400480, 0x0) fcntl$lock(r11, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) syz_io_uring_submit(r1, r10, &(0x7f00000003c0)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r11, 0x0, 0x0, 0x0, {0x3d}, 0x1}, 0x9) (async) syz_io_uring_setup(0x5a00, &(0x7f0000000240)={0x0, 0x55e, 0x0, 0x0, 0x18, 0x0, r3}, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000395000/0x400000)=nil, &(0x7f0000000340), &(0x7f0000000380)) 22:04:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x80}, 0x0) r0 = syz_io_uring_setup(0x188, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x400400}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x80, 0x5, 0xff, 0xf8, 0x0, 0x5, 0x8010, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x100000000, 0x1}, 0x40000, 0x1, 0x8001, 0x8, 0x7, 0xffff8001, 0x62, 0x0, 0x43, 0x0, 0xa}, 0x0, 0xf, 0xffffffffffffffff, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:54 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x300) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x80}, 0x0) (async) r0 = syz_io_uring_setup(0x188, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x400400}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (async) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x80, 0x5, 0xff, 0xf8, 0x0, 0x5, 0x8010, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x100000000, 0x1}, 0x40000, 0x1, 0x8001, 0x8, 0x7, 0xffff8001, 0x62, 0x0, 0x43, 0x0, 0xa}, 0x0, 0xf, 0xffffffffffffffff, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:04:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x80}, 0x0) (async) r0 = syz_io_uring_setup(0x188, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x400400}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x80, 0x5, 0xff, 0xf8, 0x0, 0x5, 0x8010, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x100000000, 0x1}, 0x40000, 0x1, 0x8001, 0x8, 0x7, 0xffff8001, 0x62, 0x0, 0x43, 0x0, 0xa}, 0x0, 0xf, 0xffffffffffffffff, 0x1) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:54 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xe4ffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:54 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864016bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:04:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r6, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x2000, @fd=r6, 0x7, 0x0, 0x1, 0x11, 0x1, {0x1, r8}}, 0x10001) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:04:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:04:55 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x3e8) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xe8030000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:04:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r6, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x2000, @fd=r6, 0x7, 0x0, 0x1, 0x11, 0x1, {0x1, r8}}, 0x10001) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r6, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) io_uring_setup(0x3b81, &(0x7f00000000c0)) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (async) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) (async) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x2000, @fd=r6, 0x7, 0x0, 0x1, 0x11, 0x1, {0x1, r8}}, 0x10001) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:04:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:04:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r6, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x2000, @fd=r6, 0x7, 0x0, 0x1, 0x11, 0x1, {0x1, r8}}, 0x10001) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:04:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:04:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:04:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x18b, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet_dccp(0x2, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000009, 0x10012, r4, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r5, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000080)=0x1) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) lseek(r6, 0x4, 0x4) getsockopt$inet_int(r3, 0x10d, 0xb0, 0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) [ 2514.679327][ T24] audit: type=1400 audit(1640815495.533:279): avc: denied { getopt } for pid=21405 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 2519.848899][T21331] warn_alloc: 3 callbacks suppressed [ 2519.848909][T21331] syz-executor.2: vmalloc error: size 314191872, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2519.870871][T21331] CPU: 1 PID: 21331 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2519.879658][T21331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2519.889802][T21331] Call Trace: [ 2519.893059][T21331] [ 2519.895969][T21331] dump_stack_lvl+0xd6/0x122 [ 2519.900611][T21331] dump_stack+0x11/0x1b [ 2519.904796][T21331] warn_alloc+0x132/0x190 [ 2519.909108][T21331] ? alloc_page_interleave+0x104/0x120 [ 2519.914556][T21331] __vmalloc_node_range+0x58b/0x690 [ 2519.919753][T21331] ? xt_alloc_table_info+0x39/0x70 [ 2519.924916][T21331] __vmalloc_node+0x61/0x70 [ 2519.929471][T21331] ? xt_alloc_table_info+0x39/0x70 [ 2519.934625][T21331] kvmalloc_node+0xd2/0x110 [ 2519.939159][T21331] xt_alloc_table_info+0x39/0x70 [ 2519.944135][T21331] do_ipt_set_ctl+0x649/0x1710 [ 2519.948876][T21331] ? rmqueue_pcplist+0x157/0x1f0 [ 2519.953792][T21331] ? rmqueue+0x4a/0xd20 [ 2519.957930][T21331] ? __rcu_read_unlock+0x5c/0x290 [ 2519.962981][T21331] nf_setsockopt+0x1a6/0x1c0 [ 2519.967622][T21331] ip_setsockopt+0x2815/0x2c80 [ 2519.972411][T21331] ? enqueue_entity+0x4bf/0x6c0 [ 2519.977240][T21331] ? reweight_entity+0x22/0xf0 [ 2519.982074][T21331] ? enqueue_task_fair+0x443/0x520 [ 2519.987164][T21331] ? __rcu_read_unlock+0x5c/0x290 [ 2519.992182][T21331] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2519.997531][T21331] ? avc_has_perm+0x70/0x160 [ 2520.002144][T21331] ? avc_has_perm+0xd5/0x160 [ 2520.006746][T21331] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2520.013084][T21331] ? selinux_socket_setsockopt+0x145/0x170 [ 2520.018988][T21331] udp_setsockopt+0x83/0x90 [ 2520.023517][T21331] sock_common_setsockopt+0x5d/0x70 [ 2520.028718][T21331] ? sock_common_recvmsg+0xe0/0xe0 [ 2520.033806][T21331] __sys_setsockopt+0x209/0x2a0 [ 2520.038652][T21331] __x64_sys_setsockopt+0x62/0x70 [ 2520.043687][T21331] do_syscall_64+0x44/0xd0 [ 2520.048082][T21331] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2520.053964][T21331] RIP: 0033:0x7ff9d4f80e99 [ 2520.058352][T21331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2520.078097][T21331] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2520.086483][T21331] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2520.094430][T21331] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2520.102491][T21331] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2520.110485][T21331] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2520.118430][T21331] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2520.126467][T21331] [ 2520.129540][T21331] Mem-Info: [ 2520.132738][T21331] active_anon:281 inactive_anon:98475 isolated_anon:0 [ 2520.132738][T21331] active_file:4139 inactive_file:62949 isolated_file:0 [ 2520.132738][T21331] unevictable:0 dirty:0 writeback:0 [ 2520.132738][T21331] slab_reclaimable:5673 slab_unreclaimable:16139 [ 2520.132738][T21331] mapped:27425 shmem:557 pagetables:1166 bounce:0 [ 2520.132738][T21331] kernel_misc_reclaimable:0 [ 2520.132738][T21331] free:1717881 free_pcp:2493 free_cma:0 [ 2520.173909][T21331] Node 0 active_anon:1124kB inactive_anon:393900kB active_file:16556kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2228kB writeback_tmp:0kB kernel_stack:3536kB pagetables:4664kB all_unreclaimable? no [ 2520.200318][T21331] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2520.227211][T21331] lowmem_reserve[]: 0 2896 7874 7874 [ 2520.232622][T21331] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2520.261253][T21331] lowmem_reserve[]: 0 0 4978 4978 [ 2520.266280][T21331] Node 0 Normal free:3890448kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1124kB inactive_anon:393900kB active_file:16556kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:4928kB local_pcp:1808kB free_cma:0kB [ 2520.296564][T21331] lowmem_reserve[]: 0 0 0 0 [ 2520.301093][T21331] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2520.313835][T21331] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2520.329940][T21331] Node 0 Normal: 266*4kB (UME) 209*8kB (UME) 96*16kB (UME) 29*32kB (ME) 27*64kB (UME) 24*128kB (ME) 24*256kB (ME) 67*512kB (UME) 192*1024kB (UME) 55*2048kB (UME) 862*4096kB (UM) = 3890448kB [ 2520.348841][T21331] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2520.358165][T21331] 11567 total pagecache pages [ 2520.362842][T21331] 0 pages in swap cache [ 2520.366988][T21331] Swap cache stats: add 0, delete 0, find 0/0 [ 2520.373052][T21331] Free swap = 0kB [ 2520.376756][T21331] Total swap = 0kB [ 2520.380478][T21331] 2097051 pages RAM [ 2520.384269][T21331] 0 pages HighMem/MovableOnly [ 2520.388951][T21331] 75959 pages reserved 22:05:08 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864017bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:05:08 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xf0ffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 32) r0 = syz_io_uring_setup(0x18b, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (async, rerun: 32) r3 = socket$inet_dccp(0x2, 0x6, 0x0) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000009, 0x10012, r4, 0x0) (async, rerun: 32) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) fcntl$lock(r5, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async, rerun: 32) fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000080)=0x1) (rerun: 32) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) lseek(r6, 0x4, 0x4) getsockopt$inet_int(r3, 0x10d, 0xb0, 0x0, &(0x7f00000000c0)) (async, rerun: 64) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (rerun: 64) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:05:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:05:08 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x402) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x18b, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet_dccp(0x2, 0x6, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000009, 0x10012, r4, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r5, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000080)=0x1) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) lseek(r6, 0x4, 0x4) getsockopt$inet_int(r3, 0x10d, 0xb0, 0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x18b, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) socket$inet_dccp(0x2, 0x6, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0) (async) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0xfea7) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000009, 0x10012, r4, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r5, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000080)=0x1) (async) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) (async) lseek(r6, 0x4, 0x4) (async) getsockopt$inet_int(r3, 0x10d, 0xb0, 0x0, &(0x7f00000000c0)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:05:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) setrlimit(0x6, &(0x7f0000000380)={0x0, 0x5}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) sched_setattr(r3, &(0x7f0000000200)={0x38, 0x6, 0x5, 0x8, 0x1, 0x10000, 0x5, 0xffff, 0x7fff, 0x2}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r6 = mmap$IORING_OFF_SQES(&(0x7f0000634000/0x4000)=nil, 0x4000, 0x1800002, 0x810, r5, 0x10000000) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x7, &(0x7f0000000180)={r7, r8+10000000}}, 0x5) 22:05:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) [ 2527.593599][ T24] audit: type=1400 audit(1640815508.443:280): avc: denied { map } for pid=21452 comm="syz-executor.1" path="pipe:[61910]" dev="pipefs" ino=61910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 22:05:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 64) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (rerun: 64) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) setrlimit(0x6, &(0x7f0000000380)={0x0, 0x5}) (async) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) sched_setattr(r3, &(0x7f0000000200)={0x38, 0x6, 0x5, 0x8, 0x1, 0x10000, 0x5, 0xffff, 0x7fff, 0x2}, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r6 = mmap$IORING_OFF_SQES(&(0x7f0000634000/0x4000)=nil, 0x4000, 0x1800002, 0x810, r5, 0x10000000) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x7, &(0x7f0000000180)={r7, r8+10000000}}, 0x5) 22:05:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) [ 2533.148634][T21423] syz-executor.2: vmalloc error: size 314191872, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2533.165385][T21423] CPU: 1 PID: 21423 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2533.174142][T21423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2533.184212][T21423] Call Trace: [ 2533.187477][T21423] [ 2533.190395][T21423] dump_stack_lvl+0xd6/0x122 [ 2533.194967][T21423] dump_stack+0x11/0x1b [ 2533.199099][T21423] warn_alloc+0x132/0x190 [ 2533.203409][T21423] ? alloc_page_interleave+0x104/0x120 [ 2533.208934][T21423] __vmalloc_node_range+0x58b/0x690 [ 2533.214206][T21423] ? xt_alloc_table_info+0x39/0x70 [ 2533.219312][T21423] __vmalloc_node+0x61/0x70 [ 2533.223802][T21423] ? xt_alloc_table_info+0x39/0x70 [ 2533.228922][T21423] kvmalloc_node+0xd2/0x110 [ 2533.233550][T21423] xt_alloc_table_info+0x39/0x70 [ 2533.238480][T21423] do_ipt_set_ctl+0x649/0x1710 [ 2533.243259][T21423] ? rmqueue_pcplist+0x157/0x1f0 [ 2533.248467][T21423] ? rmqueue+0x4a/0xd20 [ 2533.252605][T21423] ? __rcu_read_unlock+0x5c/0x290 [ 2533.257636][T21423] nf_setsockopt+0x1a6/0x1c0 [ 2533.262223][T21423] ip_setsockopt+0x2815/0x2c80 [ 2533.266973][T21423] ? _raw_spin_unlock+0x2e/0x50 [ 2533.271861][T21423] ? finish_task_switch+0xd0/0x280 [ 2533.276960][T21423] ? __schedule+0x44a/0x6a0 [ 2533.281541][T21423] ? __rcu_read_unlock+0x5c/0x290 [ 2533.286552][T21423] ? schedule+0x8b/0xb0 [ 2533.290698][T21423] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2533.296083][T21423] ? avc_has_perm+0x70/0x160 [ 2533.300718][T21423] ? avc_has_perm+0xd5/0x160 [ 2533.305294][T21423] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2533.311637][T21423] ? selinux_socket_setsockopt+0x145/0x170 [ 2533.317539][T21423] udp_setsockopt+0x83/0x90 [ 2533.322089][T21423] sock_common_setsockopt+0x5d/0x70 [ 2533.327439][T21423] ? sock_common_recvmsg+0xe0/0xe0 [ 2533.332530][T21423] __sys_setsockopt+0x209/0x2a0 [ 2533.337363][T21423] __x64_sys_setsockopt+0x62/0x70 [ 2533.342472][T21423] do_syscall_64+0x44/0xd0 [ 2533.346869][T21423] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2533.352790][T21423] RIP: 0033:0x7ff9d4f80e99 [ 2533.357269][T21423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2533.376889][T21423] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2533.385280][T21423] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2533.393264][T21423] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2533.401213][T21423] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2533.409160][T21423] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2533.417108][T21423] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2533.425067][T21423] [ 2533.428270][T21423] Mem-Info: [ 2533.431386][T21423] active_anon:284 inactive_anon:98474 isolated_anon:0 [ 2533.431386][T21423] active_file:4142 inactive_file:62949 isolated_file:0 [ 2533.431386][T21423] unevictable:0 dirty:10 writeback:0 [ 2533.431386][T21423] slab_reclaimable:5646 slab_unreclaimable:15997 [ 2533.431386][T21423] mapped:27425 shmem:559 pagetables:1166 bounce:0 [ 2533.431386][T21423] kernel_misc_reclaimable:0 [ 2533.431386][T21423] free:1717258 free_pcp:3296 free_cma:0 [ 2533.472768][T21423] Node 0 active_anon:1136kB inactive_anon:393896kB active_file:16568kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:40kB writeback:0kB shmem:2236kB writeback_tmp:0kB kernel_stack:3536kB pagetables:4664kB all_unreclaimable? no [ 2533.499265][T21423] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2533.526107][T21423] lowmem_reserve[]: 0 2896 7874 7874 [ 2533.531398][T21423] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2533.560053][T21423] lowmem_reserve[]: 0 0 4978 4978 [ 2533.565061][T21423] Node 0 Normal free:3887956kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1136kB inactive_anon:393896kB active_file:16568kB inactive_file:251796kB unevictable:0kB writepending:40kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:8140kB local_pcp:2740kB free_cma:0kB [ 2533.595465][T21423] lowmem_reserve[]: 0 0 0 0 [ 2533.600029][T21423] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2533.612639][T21423] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2533.628669][T21423] Node 0 Normal: 1*4kB (M) 206*8kB (UM) 104*16kB (M) 33*32kB (UME) 27*64kB (UME) 25*128kB (UME) 25*256kB (UME) 63*512kB (UME) 192*1024kB (UME) 55*2048kB (UME) 862*4096kB (UM) = 3887956kB [ 2533.647187][T21423] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2533.656531][T21423] 11571 total pagecache pages [ 2533.661200][T21423] 0 pages in swap cache [ 2533.665337][T21423] Swap cache stats: add 0, delete 0, find 0/0 [ 2533.671407][T21423] Free swap = 0kB [ 2533.675199][T21423] Total swap = 0kB [ 2533.678931][T21423] 2097051 pages RAM [ 2533.682753][T21423] 0 pages HighMem/MovableOnly [ 2533.687397][T21423] 75959 pages reserved 22:05:21 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864018bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:05:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) setrlimit(0x6, &(0x7f0000000380)={0x0, 0x5}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) sched_setattr(r3, &(0x7f0000000200)={0x38, 0x6, 0x5, 0x8, 0x1, 0x10000, 0x5, 0xffff, 0x7fff, 0x2}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r6 = mmap$IORING_OFF_SQES(&(0x7f0000634000/0x4000)=nil, 0x4000, 0x1800002, 0x810, r5, 0x10000000) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x7, &(0x7f0000000180)={r7, r8+10000000}}, 0x5) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) (async) setrlimit(0x6, &(0x7f0000000380)={0x0, 0x5}) (async) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) (async) sched_setattr(r3, &(0x7f0000000200)={0x38, 0x6, 0x5, 0x8, 0x1, 0x10000, 0x5, 0xffff, 0x7fff, 0x2}, 0x0) (async) pipe(&(0x7f0000000040)) (async) mmap$IORING_OFF_SQES(&(0x7f0000634000/0x4000)=nil, 0x4000, 0x1800002, 0x810, r5, 0x10000000) (async) clock_gettime(0x0, &(0x7f0000000080)) (async) syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x7, &(0x7f0000000180)={r7, r8+10000000}}, 0x5) (async) 22:05:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, 0x0, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:05:21 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x406) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:21 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xf2ffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) fallocate(r3, 0x20, 0x577, 0xd0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:05:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) fallocate(r3, 0x20, 0x577, 0xd0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) fallocate(r3, 0x20, 0x577, 0xd0) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:05:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) fallocate(r3, 0x20, 0x577, 0xd0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) fallocate(r3, 0x20, 0x577, 0xd0) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:05:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000480)={'syz0', "93a9bae06e1b709df4b8eb299c7317b2c344c99f9475e1fa9c2b5361cd8039bef928860e7dc9c64c30a454fa4f1114318e5f7c13151832b88851b82b7bfab78a5ab0a087424c786f1ac14e11046124e9eada6238a528fa971443265496508f757da07bebc59c75bcab352ee1e05de6940b2e9396128ebfec60ca9d22a4c659418b8169cb2e590853d25321863696d4a71a6f7bdae95f489c0b29d8e1ff6679b561d64c0306cbfc8bd0ca4139751c325dd1fb8793fe9b4cb5687493ec19028d6feedc65f2dce97d4b7d87a4591125d0e16e7ab4aa661d014b6d77bb2fbef1cf532d9ba70eaa7faf37bc2fd90ee8bdb6217ecf02f42976bd2019eaad5772ea0093c16a17432959a2c9e53d23ae75b348568f34aee579ba0a15625601cf02faf8a907248e21ee1168c27d1813d69d1cc57f97359d568f173cf3f7183a60cf1b405068a57d9b6cc4e33b28470077eec444d46428628b6c35cadad921577a903ee046778a922231b3edf41e08d7155cbcc1d26693066ab7cc43085678f90100ff5f0a13aa13b37bd264ac9ba40ad99126f0cc96c3847e22e3e59b13ac8ce5139dc665940470af85b40d3888e5ccf537adf1b2e014f71dd404b545fe79b195210204490a84063943ba8d833db59bd4cd672d2df79ca60562791ffb0c2fb680e98ffcd1f0ec98dff4d580af30fb7cb4e6522b5b63e6f8628309136c3ea5d78a5aca18a60e8df5080a24f8382c78c3ed8c0eddd66db1e61e6982c3d1f4f252edae5f8b8cd1061422d9d730c42071c72b9226928fcaca638eaba5ac46ac899f1044419fee74562d1401039aa58b8a82289ae7ba33babed9df90d2d0666092a4bbd21a71d87d1f09d1a7ddd2be93c54bf3eea7f0a38b4129279813ad8a20726aa596957bbbfbeca183347d1973adaa7248121531ed6990bd29cbad8aedfe54cf86d348b04a7c364bc6ca9a53ff5c61bd90473787b140f73c16d8804c227caf396245c6236f535b00bdba49c1607b2d5b91f308960f789e1b18c802a6ee4ddbd83f9b26a9b8ae6168d55e6accf14f2db5ec16be3717416cc6823f3c728cd909dd7c1b60078c32afe9fe2d7f94e3367fde4ca78d27eaa19620f3a356d960acbf65dcef197dccb2d2a4c308e6ce4059994c64137e41f90785b17b40db239e3bdba0861c6279c02b72d90d0e5add6875869788cefa621dbd764a568bbe23b38f39e2f4129a7b7c9dd1010238339cb6a38441196e1a71010d2c04838bb2f2341594944deee751f8c81963183800d52ba3344807c25b1412f09843319b7071108ce70b426452669a93e72c2aedafe9b335fecbbd4a181c1573dfc2b8fb95752d20b3dc4ecf287eff3bd31a6dc9c5756b2a54c4951f0799890259c6b78afd5217d8742e5b915212aab98b5196eb2daf419258b56a658bf2407c33df8ab84305e09edb13c889dd23cc1bb21b4c374c75fa71a5fe14290d13e7a12acdbe03e2c5935de815004fabd6326fa8cf64ad31d91716489432441c47756859d7063c27e2da6f0f1935f3105032e6a065a550c18b539ab88f87d848bddca623d45c1722c71c0d4c10f252e7a171abb37e557a83f64f2b52266e02f071e82e84f06b85fc0590a9f671ef78f9a74208224fde5bbc7612a6ddc0277480761cc22ba80ebee44682b442458c48614989681dad44343615fd9b0e0fa5291e8620586cc6bdfcbe154a45d9ba9dd8bcf19a347db06995ce5408f36ba6cbf6c0cb094165fab281765095dd95f95a2b9ac29475a4ddfa35a47100c24bbd4171c2407c3b77b41c43761aae9561de89b215d66f76c7f9a9240b4261415c6c5b00118e63c457c8f3cc836ff2aaab0843db4d7c6643a1e78708c54340c1b8790908e6bb4ed08ac19766532027f3ee873058eed5f6d6d02e35710919310825fc30f32b27929ead22a4e2c24d645c7834abe8dfd4f08c902101dcac06fd9cec99b87f7ad24207cca622ac54e4a30f902f168880bc24bbd247f852533c5f2af55a846ebaf3afc8ba9d8fba7e5ab2ed4663dc89ed41a18e9c39b6699b4dbc084ccb1387ab7f0700b373380257e9a5367d022240a59b24f25a6ffff09875b9ce86f228b849beffc639013b1b8702699d87b995b248b99423a47e33b257a2f3ca259cbbb640acb32cb9d5796aa6b5fee8cd8d2194d75dd36368a2a1cb2d2950ad601f29a1cf2b494e387ff53f993962151eaa3b837f11ca36dec591b942ef9a466e40274b74d67fc0095871855bdd1cb4f0140b5b1a9075d92220acc41595b27fa858edbb4b2e5229b55be67877e9b70d1cee850d17f74244baf959f058bdbf0a5b8c5db8fbc7761a5a4f25e4a14063e5b2ece86356ac41ead6305454866cfaeba4c37333cff5247d92d98320342dac6f432b4e94beecd94f2d5fed5146d1f46a7dce3b2447cae8c462f851d930b75b08193e1dfb281c2aba7f09eebbf8a715f75deb0512b18dc9a8e2c5f4fbf6291faf3f756b22608cc62115185cf7919aa8475daf2d1528647bbfcbb33c18f9d956360fb2e41dffc915d1d9fd09af80a3500cf872b73f1af7b54029259f60e1776f2967fef7e593695fc7fea215c393a22ccebce9a1fb4e89522f3091470809d7cc2f3fc96cc10d084c239d038d16f75b9f68713185ce9c96ccec8d3e6422dfc32a145e320b0392bba419235f7ff2bbd92b137977ee979b7abb9a0daec6dd604a686a139f67ab34620a1701e157eb28e2011c5fbbf4ce1ea47dccac6e96a874ad5fe973d41b6108c5cbf5abc84b8c3a6636d16b731e79bb508b8672d142b09eab2e6c9e28b61bf9375779e663d5fddf2e5447a2d1be98cd6b23f661a2b542a09cb7a626737485cfd5489cefda17473755531409c4e325160f5581bea5d2da514487efaa3a391b57caf218f9821cd865b5e1a30122398f9c06c9c94512ff619825dacd0f1ab35ddb3ee90faf291637d69a45f51c8fb741a4923099c83abd9cc6fc40b487519beab4e3acf7ad64439eaafda1f2cbfb80ac6ec03505f8166e34cbf5436df692c65c2b6ffa348f2f0a914c2f708b3487d4db2edc09dd99189e192b1dee49beb5fa6ea965b19a609f6708ccfa90d7ab3aeadc81b32213707366b2c84496f1306a170f5f937e9fec5832ab3d272d08426090678f5aef81509241c275f17352c0f1813671fe954580ccc29a6e5eb589f9fce0b2e27052b1c80c48773d421406338a3414450e56fa26b5f63bae9b875b699aa6447af453db7672fb4c75e4c4973f5859a212ef5e82e0acf618ac46ae05bde65f81e63f8f54114b5b4d90c0befbe21f1d62abc7c149d233cef808ae1d37b9142d64eaa4e7cbd5a3240c61f54a856b88b217cd6bb445b125314f376f439e63b567c44e30a377aaea7c3d770133b1a5b0187f7683910f0302c6eed71b013be0aed2e054e0af23592e90ec08bb59d78a2b6d67458da30880afdc31bc57ecab3360b049f7fb95e22ba7a771e0992ad0a017fcf7e4ced7c017fe895e0d67ad0822b639b3a52b800cde507b126f683c8b3a4e632222347412e0d084fc9ba105ecc9ae881db12c99a2f346a923e4d6c8c82961a71514ec8854921ff770593f5f73c1285953b9c2db0268bd5e6be90e85fa3085fbae0a46e9fea4c1ff35b2abb62f0b5ed115f39d76d154235d95c3dbb34c2e740159b93db876b8e6493a7be40860cca0b7ebcdcfbd22eb87766e95bf5443aa2e9afc3a3341d6a6ecea5c61b50954494fadc82622ec72ea84ff8393bf5eeed89cd0be8f41499cf9c7c2e2f259a534d3df40b586404cd62203635f14b1e91156930bae1f3df05e4d706666874eb17567416c11fa75266c423d4ca32efc0c74fcce4a652ca4f243466f45526e818bf5cc21c46ab81ad4cfd78532555351d5a39be81364229f5f0f3ce9e1c841dff470130e2a91fe2c120e2b7feab01a89eac4a1c41d318262c7f9425b4e761e75ad7303133d28c837fff8c7f9d1c0b5f0308fded937b9e63762c75b9b699c931717c75ac1ec8b09f9c83a91e583752625fd76208c95421389e3f79d17bdcbf37964ad480f26e4c90bee8083015e877d90ea3beb01b5fcfa23c9e4d8e2c3240a1c1bbddd507215f18d0fb749a2396041264c49aca3f1c0b885a5cd1fe19dacca42c41cd4381db6fd1f965ae8551452a3b1548754f141ec7c48891e0af0fc6c0d31e8a32684f8f6530709c502717cc75cd1d31cfd1a583a7caebbd891748d8313719b6f2964939996cf1c9d2dc2acbd54a23230a6e5a13aed4a2ad7d29d740a71558cb5516ec96745d2c3b93ecdd5ea839bb77f9c80766f1ea23592bd08b0a60806341e24520d152d1844f3a1e9cd2e0f48464e8bff0a22f7a0f716f75158df2762f95346178cdde567444118d6add804d0a35116bde30fc07e0ca80b16e21e162c12c725a9a9466fad2cd73d463ba2a2bb428e0fef243bd0525f81a07b72b7c6dc03ac6345546ebfd52532a2364eac338f174c42d9ff7c5bdb8cb37848d7eb0bf75557a87db8e55e2f56faf07c7661877e8ef390d692d7f4b6954e41318f9037ab1121280bdc0ebb3a6a74a6805f912c617593d1c081322994ddb0b2edcede7d66251d6babe27f5c6920a65c91f72142725f740cfa2222dae06c1564f0a49f16f9d60610e69a277b3a204cdb36fc88bb5a67e3485c1ce9a536311129a4335c3834101fc0099270e5450e77d009acdea3147b31ec6fb83ab91f5b8b62e63c3cb09b3e126f5069c33dcc6fcf9c29a7ab30fc05943c597caf7c4576802af99fefb7f941b660404ee23cd28c3728f5c6fca801f0b48b42db2ca836a66e328cbd59184f2f45a14d18ed72d04b277b723b27a8f66ce2869bfe3ba6229c81cd0bd2e2c44a57720d2f64097524151e98fcbefe10096e76e43dc0cc6e4226f312ae486adaec2bd702b7ba5ce2e33718509fb80d2122e7fd22de08d732851f43576aa569ad471e52e343d572c0394c2752eb4d0f05caafd2c05d6c9b0502363f87f93dc263078e34ac2ab02041703a546a794348516b812af851d2176f04592b3cd7a209b9a4fe8d6740526ff0affc3382a66c902e0b510e3919430e1fa01e9feb5e8cbf503e84a49580094f0ad5bd894e0fa390dee3cce4f7108a570d67a3426c10331801bdb2570306c0c28240feb44d00e4228a6f78dd37d7af6d8471654a40d89ccf03dd1f150699570844ed29475800bbcda15e9ebb44ac70108d6ae74279d351638aa14ab2fa1278e4a2eb63b4577be3d7b2679c6d2ff13f248781cd21347a1ad42a23d0931f8d8330799a19643a4d51ea261c7a3ac726f28bae4165d794c2567eea24ce4a43774cc8ac58b7c179a517d8f8c594612ce3bf314d4decc57029d758065a2258507842cacb5bfc26bcfe5ac440f2fa1f0a3f01a5d6d7bf7b85fa097af3638caa36d5608d52da79ffab9c68ce6a2f37cf4de8737c04ce60af215185e9f65329bcb91c99a07840467a30e37fcf31b0b3919eb8a2e32f76eb217af3afba8ab4eadcca913806912eb47f786899ef7268a0fab420f066f8b3512859815d1c579b8e39e6c94895b393e93553ecb740e47e0f0c85bfd41128a0788c2e943c6c68df700d0bae6faddcfd3a846b207f82609035860c76c2f529196b8eaef66b9bd1f31dfdad7ed47bf713b9f517fb77c3d61bd75cd6faba2c671f094cf0f8a6693955621b88e013655bf969e049cfeafe75560754e542b2f3ea49d985cc4c87db224f37a29090ec3555636b85c12e28e86275d106951044b10cf14f0ed4046835b16bc9fcd6c59be4880ef0101a3d072a9dda60af883eac9212711d"}, 0x1004) [ 2551.638664][T21531] syz-executor.2: vmalloc error: size 314134528, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2551.655333][T21531] CPU: 1 PID: 21531 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2551.664092][T21531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2551.674378][T21531] Call Trace: [ 2551.677638][T21531] [ 2551.680548][T21531] dump_stack_lvl+0xd6/0x122 [ 2551.685141][T21531] dump_stack+0x11/0x1b [ 2551.689277][T21531] warn_alloc+0x132/0x190 [ 2551.693591][T21531] ? alloc_page_interleave+0x104/0x120 [ 2551.699029][T21531] __vmalloc_node_range+0x58b/0x690 [ 2551.704299][T21531] ? xt_alloc_table_info+0x39/0x70 [ 2551.709393][T21531] __vmalloc_node+0x61/0x70 [ 2551.713913][T21531] ? xt_alloc_table_info+0x39/0x70 [ 2551.719051][T21531] kvmalloc_node+0xd2/0x110 [ 2551.723573][T21531] xt_alloc_table_info+0x39/0x70 [ 2551.728510][T21531] do_ipt_set_ctl+0x649/0x1710 [ 2551.733265][T21531] ? rmqueue_pcplist+0x157/0x1f0 [ 2551.738194][T21531] ? rmqueue+0x4a/0xd20 [ 2551.742338][T21531] ? __rcu_read_unlock+0x5c/0x290 [ 2551.747362][T21531] nf_setsockopt+0x1a6/0x1c0 [ 2551.751973][T21531] ip_setsockopt+0x2815/0x2c80 [ 2551.756716][T21531] ? _raw_spin_unlock+0x2e/0x50 [ 2551.761549][T21531] ? finish_task_switch+0xd0/0x280 [ 2551.766733][T21531] ? __schedule+0x44a/0x6a0 [ 2551.771225][T21531] ? __rcu_read_unlock+0x5c/0x290 [ 2551.776231][T21531] ? schedule+0x8b/0xb0 [ 2551.780365][T21531] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2551.785797][T21531] ? avc_has_perm+0x70/0x160 [ 2551.790413][T21531] ? avc_has_perm+0xd5/0x160 [ 2551.794993][T21531] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2551.801373][T21531] ? selinux_socket_setsockopt+0x145/0x170 [ 2551.807157][T21531] udp_setsockopt+0x83/0x90 [ 2551.811725][T21531] sock_common_setsockopt+0x5d/0x70 [ 2551.816930][T21531] ? sock_common_recvmsg+0xe0/0xe0 [ 2551.822036][T21531] __sys_setsockopt+0x209/0x2a0 [ 2551.826878][T21531] __x64_sys_setsockopt+0x62/0x70 [ 2551.831895][T21531] do_syscall_64+0x44/0xd0 [ 2551.836355][T21531] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2551.842375][T21531] RIP: 0033:0x7ff9d4f80e99 [ 2551.846768][T21531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2551.866468][T21531] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2551.874857][T21531] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2551.882811][T21531] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2551.890763][T21531] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2551.898743][T21531] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2551.906691][T21531] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2551.914648][T21531] [ 2551.917796][T21531] Mem-Info: [ 2551.920916][T21531] active_anon:286 inactive_anon:98474 isolated_anon:0 [ 2551.920916][T21531] active_file:4148 inactive_file:62949 isolated_file:0 [ 2551.920916][T21531] unevictable:0 dirty:0 writeback:0 [ 2551.920916][T21531] slab_reclaimable:5628 slab_unreclaimable:15874 [ 2551.920916][T21531] mapped:27425 shmem:561 pagetables:1166 bounce:0 [ 2551.920916][T21531] kernel_misc_reclaimable:0 [ 2551.920916][T21531] free:1718029 free_pcp:2656 free_cma:0 [ 2551.962409][T21531] Node 0 active_anon:1144kB inactive_anon:393896kB active_file:16592kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2244kB writeback_tmp:0kB kernel_stack:3536kB pagetables:4664kB all_unreclaimable? no [ 2551.988818][T21531] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2552.015589][T21531] lowmem_reserve[]: 0 2896 7874 7874 [ 2552.020946][T21531] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2552.049585][T21531] lowmem_reserve[]: 0 0 4978 4978 [ 2552.054663][T21531] Node 0 Normal free:3891040kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1144kB inactive_anon:393896kB active_file:16592kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:5576kB local_pcp:2972kB free_cma:0kB [ 2552.084899][T21531] lowmem_reserve[]: 0 0 0 0 [ 2552.089542][T21531] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2552.102227][T21531] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2552.118434][T21531] Node 0 Normal: 60*4kB (UME) 278*8kB (UME) 130*16kB (ME) 35*32kB (ME) 27*64kB (ME) 25*128kB (UME) 24*256kB (ME) 65*512kB (UME) 191*1024kB (UME) 56*2048kB (UME) 862*4096kB (UM) = 3891040kB [ 2552.137141][T21531] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2552.146444][T21531] 11579 total pagecache pages [ 2552.151114][T21531] 0 pages in swap cache [ 2552.155414][T21531] Swap cache stats: add 0, delete 0, find 0/0 [ 2552.161526][T21531] Free swap = 0kB [ 2552.165268][T21531] Total swap = 0kB [ 2552.168983][T21531] 2097051 pages RAM [ 2552.172837][T21531] 0 pages HighMem/MovableOnly [ 2552.177490][T21531] 75959 pages reserved 22:05:33 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864019bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:05:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000480)={'syz0', "93a9bae06e1b709df4b8eb299c7317b2c344c99f9475e1fa9c2b5361cd8039bef928860e7dc9c64c30a454fa4f1114318e5f7c13151832b88851b82b7bfab78a5ab0a087424c786f1ac14e11046124e9eada6238a528fa971443265496508f757da07bebc59c75bcab352ee1e05de6940b2e9396128ebfec60ca9d22a4c659418b8169cb2e590853d25321863696d4a71a6f7bdae95f489c0b29d8e1ff6679b561d64c0306cbfc8bd0ca4139751c325dd1fb8793fe9b4cb5687493ec19028d6feedc65f2dce97d4b7d87a4591125d0e16e7ab4aa661d014b6d77bb2fbef1cf532d9ba70eaa7faf37bc2fd90ee8bdb6217ecf02f42976bd2019eaad5772ea0093c16a17432959a2c9e53d23ae75b348568f34aee579ba0a15625601cf02faf8a907248e21ee1168c27d1813d69d1cc57f97359d568f173cf3f7183a60cf1b405068a57d9b6cc4e33b28470077eec444d46428628b6c35cadad921577a903ee046778a922231b3edf41e08d7155cbcc1d26693066ab7cc43085678f90100ff5f0a13aa13b37bd264ac9ba40ad99126f0cc96c3847e22e3e59b13ac8ce5139dc665940470af85b40d3888e5ccf537adf1b2e014f71dd404b545fe79b195210204490a84063943ba8d833db59bd4cd672d2df79ca60562791ffb0c2fb680e98ffcd1f0ec98dff4d580af30fb7cb4e6522b5b63e6f8628309136c3ea5d78a5aca18a60e8df5080a24f8382c78c3ed8c0eddd66db1e61e6982c3d1f4f252edae5f8b8cd1061422d9d730c42071c72b9226928fcaca638eaba5ac46ac899f1044419fee74562d1401039aa58b8a82289ae7ba33babed9df90d2d0666092a4bbd21a71d87d1f09d1a7ddd2be93c54bf3eea7f0a38b4129279813ad8a20726aa596957bbbfbeca183347d1973adaa7248121531ed6990bd29cbad8aedfe54cf86d348b04a7c364bc6ca9a53ff5c61bd90473787b140f73c16d8804c227caf396245c6236f535b00bdba49c1607b2d5b91f308960f789e1b18c802a6ee4ddbd83f9b26a9b8ae6168d55e6accf14f2db5ec16be3717416cc6823f3c728cd909dd7c1b60078c32afe9fe2d7f94e3367fde4ca78d27eaa19620f3a356d960acbf65dcef197dccb2d2a4c308e6ce4059994c64137e41f90785b17b40db239e3bdba0861c6279c02b72d90d0e5add6875869788cefa621dbd764a568bbe23b38f39e2f4129a7b7c9dd1010238339cb6a38441196e1a71010d2c04838bb2f2341594944deee751f8c81963183800d52ba3344807c25b1412f09843319b7071108ce70b426452669a93e72c2aedafe9b335fecbbd4a181c1573dfc2b8fb95752d20b3dc4ecf287eff3bd31a6dc9c5756b2a54c4951f0799890259c6b78afd5217d8742e5b915212aab98b5196eb2daf419258b56a658bf2407c33df8ab84305e09edb13c889dd23cc1bb21b4c374c75fa71a5fe14290d13e7a12acdbe03e2c5935de815004fabd6326fa8cf64ad31d91716489432441c47756859d7063c27e2da6f0f1935f3105032e6a065a550c18b539ab88f87d848bddca623d45c1722c71c0d4c10f252e7a171abb37e557a83f64f2b52266e02f071e82e84f06b85fc0590a9f671ef78f9a74208224fde5bbc7612a6ddc0277480761cc22ba80ebee44682b442458c48614989681dad44343615fd9b0e0fa5291e8620586cc6bdfcbe154a45d9ba9dd8bcf19a347db06995ce5408f36ba6cbf6c0cb094165fab281765095dd95f95a2b9ac29475a4ddfa35a47100c24bbd4171c2407c3b77b41c43761aae9561de89b215d66f76c7f9a9240b4261415c6c5b00118e63c457c8f3cc836ff2aaab0843db4d7c6643a1e78708c54340c1b8790908e6bb4ed08ac19766532027f3ee873058eed5f6d6d02e35710919310825fc30f32b27929ead22a4e2c24d645c7834abe8dfd4f08c902101dcac06fd9cec99b87f7ad24207cca622ac54e4a30f902f168880bc24bbd247f852533c5f2af55a846ebaf3afc8ba9d8fba7e5ab2ed4663dc89ed41a18e9c39b6699b4dbc084ccb1387ab7f0700b373380257e9a5367d022240a59b24f25a6ffff09875b9ce86f228b849beffc639013b1b8702699d87b995b248b99423a47e33b257a2f3ca259cbbb640acb32cb9d5796aa6b5fee8cd8d2194d75dd36368a2a1cb2d2950ad601f29a1cf2b494e387ff53f993962151eaa3b837f11ca36dec591b942ef9a466e40274b74d67fc0095871855bdd1cb4f0140b5b1a9075d92220acc41595b27fa858edbb4b2e5229b55be67877e9b70d1cee850d17f74244baf959f058bdbf0a5b8c5db8fbc7761a5a4f25e4a14063e5b2ece86356ac41ead6305454866cfaeba4c37333cff5247d92d98320342dac6f432b4e94beecd94f2d5fed5146d1f46a7dce3b2447cae8c462f851d930b75b08193e1dfb281c2aba7f09eebbf8a715f75deb0512b18dc9a8e2c5f4fbf6291faf3f756b22608cc62115185cf7919aa8475daf2d1528647bbfcbb33c18f9d956360fb2e41dffc915d1d9fd09af80a3500cf872b73f1af7b54029259f60e1776f2967fef7e593695fc7fea215c393a22ccebce9a1fb4e89522f3091470809d7cc2f3fc96cc10d084c239d038d16f75b9f68713185ce9c96ccec8d3e6422dfc32a145e320b0392bba419235f7ff2bbd92b137977ee979b7abb9a0daec6dd604a686a139f67ab34620a1701e157eb28e2011c5fbbf4ce1ea47dccac6e96a874ad5fe973d41b6108c5cbf5abc84b8c3a6636d16b731e79bb508b8672d142b09eab2e6c9e28b61bf9375779e663d5fddf2e5447a2d1be98cd6b23f661a2b542a09cb7a626737485cfd5489cefda17473755531409c4e325160f5581bea5d2da514487efaa3a391b57caf218f9821cd865b5e1a30122398f9c06c9c94512ff619825dacd0f1ab35ddb3ee90faf291637d69a45f51c8fb741a4923099c83abd9cc6fc40b487519beab4e3acf7ad64439eaafda1f2cbfb80ac6ec03505f8166e34cbf5436df692c65c2b6ffa348f2f0a914c2f708b3487d4db2edc09dd99189e192b1dee49beb5fa6ea965b19a609f6708ccfa90d7ab3aeadc81b32213707366b2c84496f1306a170f5f937e9fec5832ab3d272d08426090678f5aef81509241c275f17352c0f1813671fe954580ccc29a6e5eb589f9fce0b2e27052b1c80c48773d421406338a3414450e56fa26b5f63bae9b875b699aa6447af453db7672fb4c75e4c4973f5859a212ef5e82e0acf618ac46ae05bde65f81e63f8f54114b5b4d90c0befbe21f1d62abc7c149d233cef808ae1d37b9142d64eaa4e7cbd5a3240c61f54a856b88b217cd6bb445b125314f376f439e63b567c44e30a377aaea7c3d770133b1a5b0187f7683910f0302c6eed71b013be0aed2e054e0af23592e90ec08bb59d78a2b6d67458da30880afdc31bc57ecab3360b049f7fb95e22ba7a771e0992ad0a017fcf7e4ced7c017fe895e0d67ad0822b639b3a52b800cde507b126f683c8b3a4e632222347412e0d084fc9ba105ecc9ae881db12c99a2f346a923e4d6c8c82961a71514ec8854921ff770593f5f73c1285953b9c2db0268bd5e6be90e85fa3085fbae0a46e9fea4c1ff35b2abb62f0b5ed115f39d76d154235d95c3dbb34c2e740159b93db876b8e6493a7be40860cca0b7ebcdcfbd22eb87766e95bf5443aa2e9afc3a3341d6a6ecea5c61b50954494fadc82622ec72ea84ff8393bf5eeed89cd0be8f41499cf9c7c2e2f259a534d3df40b586404cd62203635f14b1e91156930bae1f3df05e4d706666874eb17567416c11fa75266c423d4ca32efc0c74fcce4a652ca4f243466f45526e818bf5cc21c46ab81ad4cfd78532555351d5a39be81364229f5f0f3ce9e1c841dff470130e2a91fe2c120e2b7feab01a89eac4a1c41d318262c7f9425b4e761e75ad7303133d28c837fff8c7f9d1c0b5f0308fded937b9e63762c75b9b699c931717c75ac1ec8b09f9c83a91e583752625fd76208c95421389e3f79d17bdcbf37964ad480f26e4c90bee8083015e877d90ea3beb01b5fcfa23c9e4d8e2c3240a1c1bbddd507215f18d0fb749a2396041264c49aca3f1c0b885a5cd1fe19dacca42c41cd4381db6fd1f965ae8551452a3b1548754f141ec7c48891e0af0fc6c0d31e8a32684f8f6530709c502717cc75cd1d31cfd1a583a7caebbd891748d8313719b6f2964939996cf1c9d2dc2acbd54a23230a6e5a13aed4a2ad7d29d740a71558cb5516ec96745d2c3b93ecdd5ea839bb77f9c80766f1ea23592bd08b0a60806341e24520d152d1844f3a1e9cd2e0f48464e8bff0a22f7a0f716f75158df2762f95346178cdde567444118d6add804d0a35116bde30fc07e0ca80b16e21e162c12c725a9a9466fad2cd73d463ba2a2bb428e0fef243bd0525f81a07b72b7c6dc03ac6345546ebfd52532a2364eac338f174c42d9ff7c5bdb8cb37848d7eb0bf75557a87db8e55e2f56faf07c7661877e8ef390d692d7f4b6954e41318f9037ab1121280bdc0ebb3a6a74a6805f912c617593d1c081322994ddb0b2edcede7d66251d6babe27f5c6920a65c91f72142725f740cfa2222dae06c1564f0a49f16f9d60610e69a277b3a204cdb36fc88bb5a67e3485c1ce9a536311129a4335c3834101fc0099270e5450e77d009acdea3147b31ec6fb83ab91f5b8b62e63c3cb09b3e126f5069c33dcc6fcf9c29a7ab30fc05943c597caf7c4576802af99fefb7f941b660404ee23cd28c3728f5c6fca801f0b48b42db2ca836a66e328cbd59184f2f45a14d18ed72d04b277b723b27a8f66ce2869bfe3ba6229c81cd0bd2e2c44a57720d2f64097524151e98fcbefe10096e76e43dc0cc6e4226f312ae486adaec2bd702b7ba5ce2e33718509fb80d2122e7fd22de08d732851f43576aa569ad471e52e343d572c0394c2752eb4d0f05caafd2c05d6c9b0502363f87f93dc263078e34ac2ab02041703a546a794348516b812af851d2176f04592b3cd7a209b9a4fe8d6740526ff0affc3382a66c902e0b510e3919430e1fa01e9feb5e8cbf503e84a49580094f0ad5bd894e0fa390dee3cce4f7108a570d67a3426c10331801bdb2570306c0c28240feb44d00e4228a6f78dd37d7af6d8471654a40d89ccf03dd1f150699570844ed29475800bbcda15e9ebb44ac70108d6ae74279d351638aa14ab2fa1278e4a2eb63b4577be3d7b2679c6d2ff13f248781cd21347a1ad42a23d0931f8d8330799a19643a4d51ea261c7a3ac726f28bae4165d794c2567eea24ce4a43774cc8ac58b7c179a517d8f8c594612ce3bf314d4decc57029d758065a2258507842cacb5bfc26bcfe5ac440f2fa1f0a3f01a5d6d7bf7b85fa097af3638caa36d5608d52da79ffab9c68ce6a2f37cf4de8737c04ce60af215185e9f65329bcb91c99a07840467a30e37fcf31b0b3919eb8a2e32f76eb217af3afba8ab4eadcca913806912eb47f786899ef7268a0fab420f066f8b3512859815d1c579b8e39e6c94895b393e93553ecb740e47e0f0c85bfd41128a0788c2e943c6c68df700d0bae6faddcfd3a846b207f82609035860c76c2f529196b8eaef66b9bd1f31dfdad7ed47bf713b9f517fb77c3d61bd75cd6faba2c671f094cf0f8a6693955621b88e013655bf969e049cfeafe75560754e542b2f3ea49d985cc4c87db224f37a29090ec3555636b85c12e28e86275d106951044b10cf14f0ed4046835b16bc9fcd6c59be4880ef0101a3d072a9dda60af883eac9212711d"}, 0x1004) 22:05:33 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x500) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:05:33 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xf4ffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000480)={'syz0', "93a9bae06e1b709df4b8eb299c7317b2c344c99f9475e1fa9c2b5361cd8039bef928860e7dc9c64c30a454fa4f1114318e5f7c13151832b88851b82b7bfab78a5ab0a087424c786f1ac14e11046124e9eada6238a528fa971443265496508f757da07bebc59c75bcab352ee1e05de6940b2e9396128ebfec60ca9d22a4c659418b8169cb2e590853d25321863696d4a71a6f7bdae95f489c0b29d8e1ff6679b561d64c0306cbfc8bd0ca4139751c325dd1fb8793fe9b4cb5687493ec19028d6feedc65f2dce97d4b7d87a4591125d0e16e7ab4aa661d014b6d77bb2fbef1cf532d9ba70eaa7faf37bc2fd90ee8bdb6217ecf02f42976bd2019eaad5772ea0093c16a17432959a2c9e53d23ae75b348568f34aee579ba0a15625601cf02faf8a907248e21ee1168c27d1813d69d1cc57f97359d568f173cf3f7183a60cf1b405068a57d9b6cc4e33b28470077eec444d46428628b6c35cadad921577a903ee046778a922231b3edf41e08d7155cbcc1d26693066ab7cc43085678f90100ff5f0a13aa13b37bd264ac9ba40ad99126f0cc96c3847e22e3e59b13ac8ce5139dc665940470af85b40d3888e5ccf537adf1b2e014f71dd404b545fe79b195210204490a84063943ba8d833db59bd4cd672d2df79ca60562791ffb0c2fb680e98ffcd1f0ec98dff4d580af30fb7cb4e6522b5b63e6f8628309136c3ea5d78a5aca18a60e8df5080a24f8382c78c3ed8c0eddd66db1e61e6982c3d1f4f252edae5f8b8cd1061422d9d730c42071c72b9226928fcaca638eaba5ac46ac899f1044419fee74562d1401039aa58b8a82289ae7ba33babed9df90d2d0666092a4bbd21a71d87d1f09d1a7ddd2be93c54bf3eea7f0a38b4129279813ad8a20726aa596957bbbfbeca183347d1973adaa7248121531ed6990bd29cbad8aedfe54cf86d348b04a7c364bc6ca9a53ff5c61bd90473787b140f73c16d8804c227caf396245c6236f535b00bdba49c1607b2d5b91f308960f789e1b18c802a6ee4ddbd83f9b26a9b8ae6168d55e6accf14f2db5ec16be3717416cc6823f3c728cd909dd7c1b60078c32afe9fe2d7f94e3367fde4ca78d27eaa19620f3a356d960acbf65dcef197dccb2d2a4c308e6ce4059994c64137e41f90785b17b40db239e3bdba0861c6279c02b72d90d0e5add6875869788cefa621dbd764a568bbe23b38f39e2f4129a7b7c9dd1010238339cb6a38441196e1a71010d2c04838bb2f2341594944deee751f8c81963183800d52ba3344807c25b1412f09843319b7071108ce70b426452669a93e72c2aedafe9b335fecbbd4a181c1573dfc2b8fb95752d20b3dc4ecf287eff3bd31a6dc9c5756b2a54c4951f0799890259c6b78afd5217d8742e5b915212aab98b5196eb2daf419258b56a658bf2407c33df8ab84305e09edb13c889dd23cc1bb21b4c374c75fa71a5fe14290d13e7a12acdbe03e2c5935de815004fabd6326fa8cf64ad31d91716489432441c47756859d7063c27e2da6f0f1935f3105032e6a065a550c18b539ab88f87d848bddca623d45c1722c71c0d4c10f252e7a171abb37e557a83f64f2b52266e02f071e82e84f06b85fc0590a9f671ef78f9a74208224fde5bbc7612a6ddc0277480761cc22ba80ebee44682b442458c48614989681dad44343615fd9b0e0fa5291e8620586cc6bdfcbe154a45d9ba9dd8bcf19a347db06995ce5408f36ba6cbf6c0cb094165fab281765095dd95f95a2b9ac29475a4ddfa35a47100c24bbd4171c2407c3b77b41c43761aae9561de89b215d66f76c7f9a9240b4261415c6c5b00118e63c457c8f3cc836ff2aaab0843db4d7c6643a1e78708c54340c1b8790908e6bb4ed08ac19766532027f3ee873058eed5f6d6d02e35710919310825fc30f32b27929ead22a4e2c24d645c7834abe8dfd4f08c902101dcac06fd9cec99b87f7ad24207cca622ac54e4a30f902f168880bc24bbd247f852533c5f2af55a846ebaf3afc8ba9d8fba7e5ab2ed4663dc89ed41a18e9c39b6699b4dbc084ccb1387ab7f0700b373380257e9a5367d022240a59b24f25a6ffff09875b9ce86f228b849beffc639013b1b8702699d87b995b248b99423a47e33b257a2f3ca259cbbb640acb32cb9d5796aa6b5fee8cd8d2194d75dd36368a2a1cb2d2950ad601f29a1cf2b494e387ff53f993962151eaa3b837f11ca36dec591b942ef9a466e40274b74d67fc0095871855bdd1cb4f0140b5b1a9075d92220acc41595b27fa858edbb4b2e5229b55be67877e9b70d1cee850d17f74244baf959f058bdbf0a5b8c5db8fbc7761a5a4f25e4a14063e5b2ece86356ac41ead6305454866cfaeba4c37333cff5247d92d98320342dac6f432b4e94beecd94f2d5fed5146d1f46a7dce3b2447cae8c462f851d930b75b08193e1dfb281c2aba7f09eebbf8a715f75deb0512b18dc9a8e2c5f4fbf6291faf3f756b22608cc62115185cf7919aa8475daf2d1528647bbfcbb33c18f9d956360fb2e41dffc915d1d9fd09af80a3500cf872b73f1af7b54029259f60e1776f2967fef7e593695fc7fea215c393a22ccebce9a1fb4e89522f3091470809d7cc2f3fc96cc10d084c239d038d16f75b9f68713185ce9c96ccec8d3e6422dfc32a145e320b0392bba419235f7ff2bbd92b137977ee979b7abb9a0daec6dd604a686a139f67ab34620a1701e157eb28e2011c5fbbf4ce1ea47dccac6e96a874ad5fe973d41b6108c5cbf5abc84b8c3a6636d16b731e79bb508b8672d142b09eab2e6c9e28b61bf9375779e663d5fddf2e5447a2d1be98cd6b23f661a2b542a09cb7a626737485cfd5489cefda17473755531409c4e325160f5581bea5d2da514487efaa3a391b57caf218f9821cd865b5e1a30122398f9c06c9c94512ff619825dacd0f1ab35ddb3ee90faf291637d69a45f51c8fb741a4923099c83abd9cc6fc40b487519beab4e3acf7ad64439eaafda1f2cbfb80ac6ec03505f8166e34cbf5436df692c65c2b6ffa348f2f0a914c2f708b3487d4db2edc09dd99189e192b1dee49beb5fa6ea965b19a609f6708ccfa90d7ab3aeadc81b32213707366b2c84496f1306a170f5f937e9fec5832ab3d272d08426090678f5aef81509241c275f17352c0f1813671fe954580ccc29a6e5eb589f9fce0b2e27052b1c80c48773d421406338a3414450e56fa26b5f63bae9b875b699aa6447af453db7672fb4c75e4c4973f5859a212ef5e82e0acf618ac46ae05bde65f81e63f8f54114b5b4d90c0befbe21f1d62abc7c149d233cef808ae1d37b9142d64eaa4e7cbd5a3240c61f54a856b88b217cd6bb445b125314f376f439e63b567c44e30a377aaea7c3d770133b1a5b0187f7683910f0302c6eed71b013be0aed2e054e0af23592e90ec08bb59d78a2b6d67458da30880afdc31bc57ecab3360b049f7fb95e22ba7a771e0992ad0a017fcf7e4ced7c017fe895e0d67ad0822b639b3a52b800cde507b126f683c8b3a4e632222347412e0d084fc9ba105ecc9ae881db12c99a2f346a923e4d6c8c82961a71514ec8854921ff770593f5f73c1285953b9c2db0268bd5e6be90e85fa3085fbae0a46e9fea4c1ff35b2abb62f0b5ed115f39d76d154235d95c3dbb34c2e740159b93db876b8e6493a7be40860cca0b7ebcdcfbd22eb87766e95bf5443aa2e9afc3a3341d6a6ecea5c61b50954494fadc82622ec72ea84ff8393bf5eeed89cd0be8f41499cf9c7c2e2f259a534d3df40b586404cd62203635f14b1e91156930bae1f3df05e4d706666874eb17567416c11fa75266c423d4ca32efc0c74fcce4a652ca4f243466f45526e818bf5cc21c46ab81ad4cfd78532555351d5a39be81364229f5f0f3ce9e1c841dff470130e2a91fe2c120e2b7feab01a89eac4a1c41d318262c7f9425b4e761e75ad7303133d28c837fff8c7f9d1c0b5f0308fded937b9e63762c75b9b699c931717c75ac1ec8b09f9c83a91e583752625fd76208c95421389e3f79d17bdcbf37964ad480f26e4c90bee8083015e877d90ea3beb01b5fcfa23c9e4d8e2c3240a1c1bbddd507215f18d0fb749a2396041264c49aca3f1c0b885a5cd1fe19dacca42c41cd4381db6fd1f965ae8551452a3b1548754f141ec7c48891e0af0fc6c0d31e8a32684f8f6530709c502717cc75cd1d31cfd1a583a7caebbd891748d8313719b6f2964939996cf1c9d2dc2acbd54a23230a6e5a13aed4a2ad7d29d740a71558cb5516ec96745d2c3b93ecdd5ea839bb77f9c80766f1ea23592bd08b0a60806341e24520d152d1844f3a1e9cd2e0f48464e8bff0a22f7a0f716f75158df2762f95346178cdde567444118d6add804d0a35116bde30fc07e0ca80b16e21e162c12c725a9a9466fad2cd73d463ba2a2bb428e0fef243bd0525f81a07b72b7c6dc03ac6345546ebfd52532a2364eac338f174c42d9ff7c5bdb8cb37848d7eb0bf75557a87db8e55e2f56faf07c7661877e8ef390d692d7f4b6954e41318f9037ab1121280bdc0ebb3a6a74a6805f912c617593d1c081322994ddb0b2edcede7d66251d6babe27f5c6920a65c91f72142725f740cfa2222dae06c1564f0a49f16f9d60610e69a277b3a204cdb36fc88bb5a67e3485c1ce9a536311129a4335c3834101fc0099270e5450e77d009acdea3147b31ec6fb83ab91f5b8b62e63c3cb09b3e126f5069c33dcc6fcf9c29a7ab30fc05943c597caf7c4576802af99fefb7f941b660404ee23cd28c3728f5c6fca801f0b48b42db2ca836a66e328cbd59184f2f45a14d18ed72d04b277b723b27a8f66ce2869bfe3ba6229c81cd0bd2e2c44a57720d2f64097524151e98fcbefe10096e76e43dc0cc6e4226f312ae486adaec2bd702b7ba5ce2e33718509fb80d2122e7fd22de08d732851f43576aa569ad471e52e343d572c0394c2752eb4d0f05caafd2c05d6c9b0502363f87f93dc263078e34ac2ab02041703a546a794348516b812af851d2176f04592b3cd7a209b9a4fe8d6740526ff0affc3382a66c902e0b510e3919430e1fa01e9feb5e8cbf503e84a49580094f0ad5bd894e0fa390dee3cce4f7108a570d67a3426c10331801bdb2570306c0c28240feb44d00e4228a6f78dd37d7af6d8471654a40d89ccf03dd1f150699570844ed29475800bbcda15e9ebb44ac70108d6ae74279d351638aa14ab2fa1278e4a2eb63b4577be3d7b2679c6d2ff13f248781cd21347a1ad42a23d0931f8d8330799a19643a4d51ea261c7a3ac726f28bae4165d794c2567eea24ce4a43774cc8ac58b7c179a517d8f8c594612ce3bf314d4decc57029d758065a2258507842cacb5bfc26bcfe5ac440f2fa1f0a3f01a5d6d7bf7b85fa097af3638caa36d5608d52da79ffab9c68ce6a2f37cf4de8737c04ce60af215185e9f65329bcb91c99a07840467a30e37fcf31b0b3919eb8a2e32f76eb217af3afba8ab4eadcca913806912eb47f786899ef7268a0fab420f066f8b3512859815d1c579b8e39e6c94895b393e93553ecb740e47e0f0c85bfd41128a0788c2e943c6c68df700d0bae6faddcfd3a846b207f82609035860c76c2f529196b8eaef66b9bd1f31dfdad7ed47bf713b9f517fb77c3d61bd75cd6faba2c671f094cf0f8a6693955621b88e013655bf969e049cfeafe75560754e542b2f3ea49d985cc4c87db224f37a29090ec3555636b85c12e28e86275d106951044b10cf14f0ed4046835b16bc9fcd6c59be4880ef0101a3d072a9dda60af883eac9212711d"}, 0x1004) 22:05:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000100)) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x30, 0x8000, 0x80000001, 0x2, 0x3ff, 0x0, 0x20, 0x7}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:05:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x30, 0x8000, 0x80000001, 0x2, 0x3ff, 0x0, 0x20, 0x7}, 0x0) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:05:46 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86401abc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:05:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x30, 0x8000, 0x80000001, 0x2, 0x3ff, 0x0, 0x20, 0x7}, 0x0) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:05:46 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:05:46 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x600) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:46 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xf5ffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:46 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r1, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000280)=0x0) ioctl$BINDER_FREEZE(r1, 0x400c620e, &(0x7f0000000340)={r2, 0x1, 0x80000000}) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="78000000060605000000000000000000000000080900000009000200737b7a30000000000900030073797a320000000005000100070000000900020073797a310000000005000100070000000900020073797a310000000005000100070000000500010007000000050001000700"/120], 0x78}}, 0x48000) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:05:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:46 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r1, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000280)=0x0) ioctl$BINDER_FREEZE(r1, 0x400c620e, &(0x7f0000000340)={r2, 0x1, 0x80000000}) (async) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="78000000060605000000000000000000000000080900000009000200737b7a30000000000900030073797a320000000005000100070000000900020073797a310000000005000100070000000900020073797a310000000005000100070000000500010007000000050001000700"/120], 0x78}}, 0x48000) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:05:46 executing program 5: sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:46 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r1, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000280)=0x0) ioctl$BINDER_FREEZE(r1, 0x400c620e, &(0x7f0000000340)={r2, 0x1, 0x80000000}) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="78000000060605000000000000000000000000080900000009000200737b7a30000000000900030073797a320000000005000100070000000900020073797a310000000005000100070000000900020073797a310000000005000100070000000500010007000000050001000700"/120], 0x78}}, 0x48000) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r1, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000280)) (async) ioctl$BINDER_FREEZE(r1, 0x400c620e, &(0x7f0000000340)={r2, 0x1, 0x80000000}) (async) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="78000000060605000000000000000000000000080900000009000200737b7a30000000000900030073797a320000000005000100070000000900020073797a310000000005000100070000000900020073797a310000000005000100070000000500010007000000050001000700"/120], 0x78}}, 0x48000) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) [ 2571.008681][T21664] warn_alloc: 1 callbacks suppressed [ 2571.008692][T21664] syz-executor.2: vmalloc error: size 314155008, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2571.030583][T21664] CPU: 0 PID: 21664 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2571.039365][T21664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2571.049474][T21664] Call Trace: [ 2571.052739][T21664] [ 2571.055653][T21664] dump_stack_lvl+0xd6/0x122 [ 2571.060288][T21664] dump_stack+0x11/0x1b [ 2571.064479][T21664] warn_alloc+0x132/0x190 [ 2571.068794][T21664] ? alloc_page_interleave+0x104/0x120 [ 2571.074261][T21664] __vmalloc_node_range+0x58b/0x690 [ 2571.079509][T21664] ? xt_alloc_table_info+0x39/0x70 [ 2571.084694][T21664] __vmalloc_node+0x61/0x70 [ 2571.089240][T21664] ? xt_alloc_table_info+0x39/0x70 [ 2571.094331][T21664] kvmalloc_node+0xd2/0x110 [ 2571.098819][T21664] xt_alloc_table_info+0x39/0x70 [ 2571.103755][T21664] do_ipt_set_ctl+0x649/0x1710 [ 2571.108565][T21664] ? rmqueue_pcplist+0x157/0x1f0 [ 2571.113489][T21664] ? rmqueue+0x4a/0xd20 [ 2571.117711][T21664] ? __rcu_read_unlock+0x5c/0x290 [ 2571.122792][T21664] nf_setsockopt+0x1a6/0x1c0 [ 2571.127365][T21664] ip_setsockopt+0x2815/0x2c80 [ 2571.132113][T21664] ? _raw_spin_unlock+0x2e/0x50 [ 2571.137005][T21664] ? finish_task_switch+0xd0/0x280 [ 2571.142099][T21664] ? __schedule+0x44a/0x6a0 [ 2571.146588][T21664] ? __rcu_read_unlock+0x5c/0x290 [ 2571.151596][T21664] ? schedule+0x8b/0xb0 [ 2571.155731][T21664] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2571.161150][T21664] ? avc_has_perm+0x70/0x160 [ 2571.165787][T21664] ? avc_has_perm+0xd5/0x160 [ 2571.170441][T21664] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2571.176779][T21664] ? selinux_socket_setsockopt+0x145/0x170 [ 2571.182567][T21664] udp_setsockopt+0x83/0x90 [ 2571.187047][T21664] sock_common_setsockopt+0x5d/0x70 [ 2571.192251][T21664] ? sock_common_recvmsg+0xe0/0xe0 [ 2571.197342][T21664] __sys_setsockopt+0x209/0x2a0 [ 2571.202269][T21664] __x64_sys_setsockopt+0x62/0x70 [ 2571.207278][T21664] do_syscall_64+0x44/0xd0 [ 2571.211674][T21664] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2571.217580][T21664] RIP: 0033:0x7ff9d4f80e99 [ 2571.222051][T21664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2571.241751][T21664] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2571.250178][T21664] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2571.258127][T21664] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2571.266097][T21664] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2571.274083][T21664] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2571.282033][T21664] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2571.290274][T21664] [ 2571.293407][T21664] Mem-Info: [ 2571.296504][T21664] active_anon:288 inactive_anon:98635 isolated_anon:0 [ 2571.296504][T21664] active_file:4151 inactive_file:62949 isolated_file:0 [ 2571.296504][T21664] unevictable:0 dirty:0 writeback:0 [ 2571.296504][T21664] slab_reclaimable:5622 slab_unreclaimable:15892 [ 2571.296504][T21664] mapped:27489 shmem:564 pagetables:1188 bounce:0 [ 2571.296504][T21664] kernel_misc_reclaimable:0 [ 2571.296504][T21664] free:1717377 free_pcp:3099 free_cma:0 [ 2571.337668][T21664] Node 0 active_anon:1152kB inactive_anon:394540kB active_file:16604kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2256kB writeback_tmp:0kB kernel_stack:3568kB pagetables:4752kB all_unreclaimable? no [ 2571.364002][T21664] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2571.390850][T21664] lowmem_reserve[]: 0 2896 7874 7874 [ 2571.396140][T21664] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2571.424926][T21664] lowmem_reserve[]: 0 0 4978 4978 [ 2571.429968][T21664] Node 0 Normal free:3888432kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1152kB inactive_anon:394540kB active_file:16604kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:7352kB local_pcp:1324kB free_cma:0kB [ 2571.460265][T21664] lowmem_reserve[]: 0 0 0 0 [ 2571.464772][T21664] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2571.477438][T21664] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2571.493554][T21664] Node 0 Normal: 64*4kB (UME) 22*8kB (UME) 14*16kB (UME) 43*32kB (UME) 27*64kB (ME) 25*128kB (UME) 24*256kB (ME) 65*512kB (UME) 190*1024kB (UME) 57*2048kB (UME) 862*4096kB (UM) = 3888432kB [ 2571.512493][T21664] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2571.521831][T21664] 11585 total pagecache pages [ 2571.526486][T21664] 0 pages in swap cache [ 2571.530629][T21664] Swap cache stats: add 0, delete 0, find 0/0 [ 2571.536742][T21664] Free swap = 0kB [ 2571.540457][T21664] Total swap = 0kB [ 2571.544160][T21664] 2097051 pages RAM [ 2571.548001][T21664] 0 pages HighMem/MovableOnly [ 2571.552667][T21664] 75959 pages reserved 22:05:59 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864021bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:05:59 executing program 5: sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) getrlimit(0xc, &(0x7f0000000080)) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0xee01, 0xee00}}, './file0\x00'}) ioctl$SG_IO(r3, 0x2285, &(0x7f00000008c0)={0x0, 0xfffffffffffffffe, 0x51, 0x20, @scatter={0x7, 0x0, &(0x7f00000006c0)=[{&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000340)=""/247, 0xf7}, {&(0x7f0000000200)=""/179, 0xb3}, {&(0x7f0000000480)=""/163, 0xa3}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000580)}, {&(0x7f00000005c0)=""/212, 0xd4}]}, &(0x7f0000000740)="6bc206b2d60ffc36c3a6ec8f8a2754a529d870733f2b29029579be4032a0a53e2ea8b8930bb9f70fa6afc96382039ffc3b267290c5ea98421b33c08bde529b82fb4cb0b0f5d5cdab423a2304ab36c8e877", &(0x7f00000007c0)=""/150, 0x0, 0x10030, 0x3, &(0x7f0000000880)}) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:05:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140), 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:05:59 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfbffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:59 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x604) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:05:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) getrlimit(0xc, &(0x7f0000000080)) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0xee01, 0xee00}}, './file0\x00'}) ioctl$SG_IO(r3, 0x2285, &(0x7f00000008c0)={0x0, 0xfffffffffffffffe, 0x51, 0x20, @scatter={0x7, 0x0, &(0x7f00000006c0)=[{&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000340)=""/247, 0xf7}, {&(0x7f0000000200)=""/179, 0xb3}, {&(0x7f0000000480)=""/163, 0xa3}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000580)}, {&(0x7f00000005c0)=""/212, 0xd4}]}, &(0x7f0000000740)="6bc206b2d60ffc36c3a6ec8f8a2754a529d870733f2b29029579be4032a0a53e2ea8b8930bb9f70fa6afc96382039ffc3b267290c5ea98421b33c08bde529b82fb4cb0b0f5d5cdab423a2304ab36c8e877", &(0x7f00000007c0)=""/150, 0x0, 0x10030, 0x3, &(0x7f0000000880)}) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) getrlimit(0xc, &(0x7f0000000080)) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0xee01, 0xee00}}, './file0\x00'}) (async) ioctl$SG_IO(r3, 0x2285, &(0x7f00000008c0)={0x0, 0xfffffffffffffffe, 0x51, 0x20, @scatter={0x7, 0x0, &(0x7f00000006c0)=[{&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000340)=""/247, 0xf7}, {&(0x7f0000000200)=""/179, 0xb3}, {&(0x7f0000000480)=""/163, 0xa3}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000580)}, {&(0x7f00000005c0)=""/212, 0xd4}]}, &(0x7f0000000740)="6bc206b2d60ffc36c3a6ec8f8a2754a529d870733f2b29029579be4032a0a53e2ea8b8930bb9f70fa6afc96382039ffc3b267290c5ea98421b33c08bde529b82fb4cb0b0f5d5cdab423a2304ab36c8e877", &(0x7f00000007c0)=""/150, 0x0, 0x10030, 0x3, &(0x7f0000000880)}) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:05:59 executing program 5: sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) getrlimit(0xc, &(0x7f0000000080)) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0xee01, 0xee00}}, './file0\x00'}) ioctl$SG_IO(r3, 0x2285, &(0x7f00000008c0)={0x0, 0xfffffffffffffffe, 0x51, 0x20, @scatter={0x7, 0x0, &(0x7f00000006c0)=[{&(0x7f00000001c0)=""/33, 0x21}, {&(0x7f0000000340)=""/247, 0xf7}, {&(0x7f0000000200)=""/179, 0xb3}, {&(0x7f0000000480)=""/163, 0xa3}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000580)}, {&(0x7f00000005c0)=""/212, 0xd4}]}, &(0x7f0000000740)="6bc206b2d60ffc36c3a6ec8f8a2754a529d870733f2b29029579be4032a0a53e2ea8b8930bb9f70fa6afc96382039ffc3b267290c5ea98421b33c08bde529b82fb4cb0b0f5d5cdab423a2304ab36c8e877", &(0x7f00000007c0)=""/150, 0x0, 0x10030, 0x3, &(0x7f0000000880)}) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:05:59 executing program 5: prlimit64(0x0, 0x0, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:05:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r1, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r0, 0x0, r1, 0x2) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x6, 0x80, 0x3, 0x8, 0x7, 0x7f, 0x20, 0x7, 0x9}, 0x0) r2 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x7d}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r2, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:05:59 executing program 5: prlimit64(0x0, 0x0, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) [ 2584.318712][T21707] syz-executor.2: vmalloc error: size 314159104, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2584.335459][T21707] CPU: 1 PID: 21707 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2584.344215][T21707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2584.354253][T21707] Call Trace: [ 2584.357604][T21707] [ 2584.360512][T21707] dump_stack_lvl+0xd6/0x122 [ 2584.365175][T21707] dump_stack+0x11/0x1b [ 2584.369308][T21707] warn_alloc+0x132/0x190 [ 2584.373622][T21707] ? alloc_page_interleave+0x104/0x120 [ 2584.379124][T21707] __vmalloc_node_range+0x58b/0x690 [ 2584.384307][T21707] ? xt_alloc_table_info+0x39/0x70 [ 2584.389402][T21707] __vmalloc_node+0x61/0x70 [ 2584.393918][T21707] ? xt_alloc_table_info+0x39/0x70 [ 2584.399057][T21707] kvmalloc_node+0xd2/0x110 [ 2584.403544][T21707] xt_alloc_table_info+0x39/0x70 [ 2584.408527][T21707] do_ipt_set_ctl+0x649/0x1710 [ 2584.413384][T21707] ? rmqueue_pcplist+0x157/0x1f0 [ 2584.418305][T21707] ? rmqueue+0x4a/0xd20 [ 2584.422487][T21707] ? __rcu_read_unlock+0x5c/0x290 [ 2584.427494][T21707] nf_setsockopt+0x1a6/0x1c0 [ 2584.432062][T21707] ip_setsockopt+0x2815/0x2c80 [ 2584.436871][T21707] ? enqueue_entity+0x4bf/0x6c0 [ 2584.441848][T21707] ? reweight_entity+0x22/0xf0 [ 2584.446592][T21707] ? enqueue_task_fair+0x443/0x520 [ 2584.451827][T21707] ? __rcu_read_unlock+0x5c/0x290 [ 2584.456831][T21707] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2584.462223][T21707] ? avc_has_perm+0x70/0x160 [ 2584.466799][T21707] ? avc_has_perm+0xd5/0x160 [ 2584.471369][T21707] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2584.477680][T21707] ? selinux_socket_setsockopt+0x145/0x170 [ 2584.483491][T21707] udp_setsockopt+0x83/0x90 [ 2584.488106][T21707] sock_common_setsockopt+0x5d/0x70 [ 2584.493311][T21707] ? sock_common_recvmsg+0xe0/0xe0 [ 2584.498420][T21707] __sys_setsockopt+0x209/0x2a0 [ 2584.503262][T21707] __x64_sys_setsockopt+0x62/0x70 [ 2584.508401][T21707] do_syscall_64+0x44/0xd0 [ 2584.512794][T21707] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2584.518760][T21707] RIP: 0033:0x7ff9d4f80e99 [ 2584.523151][T21707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2584.542733][T21707] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2584.551120][T21707] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2584.559122][T21707] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2584.567076][T21707] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2584.575025][T21707] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2584.583090][T21707] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2584.591046][T21707] [ 2584.594240][T21707] Mem-Info: [ 2584.597418][T21707] active_anon:291 inactive_anon:98474 isolated_anon:0 [ 2584.597418][T21707] active_file:4154 inactive_file:62949 isolated_file:0 [ 2584.597418][T21707] unevictable:0 dirty:0 writeback:0 [ 2584.597418][T21707] slab_reclaimable:5623 slab_unreclaimable:15917 [ 2584.597418][T21707] mapped:27425 shmem:566 pagetables:1166 bounce:0 [ 2584.597418][T21707] kernel_misc_reclaimable:0 [ 2584.597418][T21707] free:1717867 free_pcp:2753 free_cma:0 [ 2584.638656][T21707] Node 0 active_anon:1164kB inactive_anon:393896kB active_file:16616kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2264kB writeback_tmp:0kB kernel_stack:3536kB pagetables:4664kB all_unreclaimable? no [ 2584.665042][T21707] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2584.691955][T21707] lowmem_reserve[]: 0 2896 7874 7874 [ 2584.697369][T21707] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2584.726280][T21707] lowmem_reserve[]: 0 0 4978 4978 [ 2584.731337][T21707] Node 0 Normal free:3890392kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1164kB inactive_anon:393896kB active_file:16616kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:5964kB local_pcp:4656kB free_cma:0kB [ 2584.761710][T21707] lowmem_reserve[]: 0 0 0 0 [ 2584.766300][T21707] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2584.778896][T21707] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2584.794928][T21707] Node 0 Normal: 56*4kB (E) 53*8kB (UME) 107*16kB (UME) 41*32kB (UME) 30*64kB (UME) 26*128kB (UME) 24*256kB (ME) 65*512kB (UME) 190*1024kB (UME) 57*2048kB (UME) 862*4096kB (UM) = 3890392kB [ 2584.813697][T21707] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2584.822994][T21707] 11590 total pagecache pages [ 2584.827652][T21707] 0 pages in swap cache [ 2584.831873][T21707] Swap cache stats: add 0, delete 0, find 0/0 [ 2584.837929][T21707] Free swap = 0kB [ 2584.841640][T21707] Total swap = 0kB [ 2584.845345][T21707] 2097051 pages RAM [ 2584.849149][T21707] 0 pages HighMem/MovableOnly [ 2584.853837][T21707] 75959 pages reserved 22:06:08 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864022bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:06:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r1, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r0, 0x0, r1, 0x2) (async) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x6, 0x80, 0x3, 0x8, 0x7, 0x7f, 0x20, 0x7, 0x9}, 0x0) (async) r2 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x7d}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r2, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:06:08 executing program 5: prlimit64(0x0, 0x0, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:08 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfcffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:06:08 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x700) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:08 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r1, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r0, 0x0, r1, 0x2) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x6, 0x80, 0x3, 0x8, 0x7, 0x7f, 0x20, 0x7, 0x9}, 0x0) r2 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x7d}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r2, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) (async) write$binfmt_elf32(r1, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r0, 0x0, r1, 0x2) (async) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x6, 0x80, 0x3, 0x8, 0x7, 0x7f, 0x20, 0x7, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x7d}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r2, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:06:08 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/softnet_stat\x00') io_uring_enter(r3, 0x362c, 0xea9d, 0x3, &(0x7f0000000180)={[0x9]}, 0x8) 22:06:08 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 64) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (rerun: 64) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) (async) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/softnet_stat\x00') io_uring_enter(r3, 0x362c, 0xea9d, 0x3, &(0x7f0000000180)={[0x9]}, 0x8) [ 2597.688744][T21770] syz-executor.2: vmalloc error: size 314191872, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2597.705413][T21770] CPU: 0 PID: 21770 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2597.714166][T21770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2597.724358][T21770] Call Trace: [ 2597.727763][T21770] [ 2597.730704][T21770] dump_stack_lvl+0xd6/0x122 [ 2597.735278][T21770] dump_stack+0x11/0x1b [ 2597.739418][T21770] warn_alloc+0x132/0x190 [ 2597.743751][T21770] ? alloc_page_interleave+0x104/0x120 [ 2597.749260][T21770] __vmalloc_node_range+0x58b/0x690 [ 2597.754470][T21770] ? xt_alloc_table_info+0x39/0x70 [ 2597.759627][T21770] __vmalloc_node+0x61/0x70 [ 2597.764188][T21770] ? xt_alloc_table_info+0x39/0x70 [ 2597.769280][T21770] kvmalloc_node+0xd2/0x110 [ 2597.773763][T21770] xt_alloc_table_info+0x39/0x70 [ 2597.778714][T21770] do_ipt_set_ctl+0x649/0x1710 [ 2597.783478][T21770] ? rmqueue_pcplist+0x157/0x1f0 [ 2597.788414][T21770] ? __this_cpu_preempt_check+0x18/0x20 [ 2597.793940][T21770] ? __rcu_read_unlock+0x5c/0x290 [ 2597.798944][T21770] ? sysvec_apic_timer_interrupt+0x4a/0xb0 [ 2597.804762][T21770] nf_setsockopt+0x1a6/0x1c0 [ 2597.809398][T21770] ip_setsockopt+0x2815/0x2c80 [ 2597.814190][T21770] ? _raw_spin_unlock+0x2e/0x50 [ 2597.819020][T21770] ? finish_task_switch+0xd0/0x280 [ 2597.824125][T21770] ? __schedule+0x44a/0x6a0 [ 2597.828617][T21770] ? __rcu_read_unlock+0x5c/0x290 [ 2597.833699][T21770] ? schedule+0x8b/0xb0 [ 2597.837841][T21770] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2597.843243][T21770] ? avc_has_perm+0x70/0x160 [ 2597.847822][T21770] ? avc_has_perm+0xd5/0x160 [ 2597.852402][T21770] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2597.858878][T21770] ? selinux_socket_setsockopt+0x145/0x170 [ 2597.864813][T21770] udp_setsockopt+0x83/0x90 [ 2597.869295][T21770] sock_common_setsockopt+0x5d/0x70 [ 2597.874474][T21770] ? sock_common_recvmsg+0xe0/0xe0 [ 2597.879633][T21770] __sys_setsockopt+0x209/0x2a0 [ 2597.884553][T21770] __x64_sys_setsockopt+0x62/0x70 [ 2597.889568][T21770] do_syscall_64+0x44/0xd0 [ 2597.894034][T21770] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2597.899906][T21770] RIP: 0033:0x7ff9d4f80e99 [ 2597.904302][T21770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2597.923886][T21770] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2597.932272][T21770] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2597.940260][T21770] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2597.948207][T21770] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2597.956157][T21770] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2597.964169][T21770] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2597.972189][T21770] [ 2597.975288][T21770] Mem-Info: [ 2597.978436][T21770] active_anon:293 inactive_anon:98474 isolated_anon:0 [ 2597.978436][T21770] active_file:4160 inactive_file:62949 isolated_file:0 [ 2597.978436][T21770] unevictable:0 dirty:0 writeback:0 [ 2597.978436][T21770] slab_reclaimable:5618 slab_unreclaimable:15881 [ 2597.978436][T21770] mapped:27425 shmem:568 pagetables:1166 bounce:0 [ 2597.978436][T21770] kernel_misc_reclaimable:0 [ 2597.978436][T21770] free:1717440 free_pcp:3215 free_cma:0 [ 2598.019682][T21770] Node 0 active_anon:1172kB inactive_anon:393896kB active_file:16640kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2272kB writeback_tmp:0kB kernel_stack:3536kB pagetables:4664kB all_unreclaimable? no [ 2598.046127][T21770] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2598.072999][T21770] lowmem_reserve[]: 0 2896 7874 7874 [ 2598.078343][T21770] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2598.106954][T21770] lowmem_reserve[]: 0 0 4978 4978 [ 2598.112143][T21770] Node 0 Normal free:3888684kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1172kB inactive_anon:393896kB active_file:16640kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:7812kB local_pcp:3760kB free_cma:0kB [ 2598.142558][T21770] lowmem_reserve[]: 0 0 0 0 [ 2598.147114][T21770] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2598.159777][T21770] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2598.176129][T21770] Node 0 Normal: 57*4kB (E) 19*8kB (ME) 39*16kB (UME) 40*32kB (ME) 29*64kB (ME) 26*128kB (UME) 25*256kB (UME) 64*512kB (UME) 190*1024kB (UME) 57*2048kB (UME) 862*4096kB (UM) = 3888684kB [ 2598.194538][T21770] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2598.203887][T21770] 11598 total pagecache pages [ 2598.208546][T21770] 0 pages in swap cache [ 2598.212773][T21770] Swap cache stats: add 0, delete 0, find 0/0 [ 2598.218873][T21770] Free swap = 0kB [ 2598.222577][T21770] Total swap = 0kB [ 2598.226268][T21770] 2097051 pages RAM [ 2598.230078][T21770] 0 pages HighMem/MovableOnly [ 2598.234738][T21770] 75959 pages reserved 22:06:19 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864023bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:06:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 64) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 64) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) (async) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/softnet_stat\x00') io_uring_enter(r3, 0x362c, 0xea9d, 0x3, &(0x7f0000000180)={[0x9]}, 0x8) 22:06:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:19 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfeffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:06:19 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x900) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000180)={0x0, @xdp={0x2c, 0x0, 0x0, 0x22}, @nl=@unspec, @can={0x1d, 0x0}, 0xf349, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000080)='xfrm0\x00', 0x2, 0xfffffffffffffff8, 0x101}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'syztnl2\x00', r5, 0x7, 0x8000, 0xffffffff, 0xffffffff, {{0x13, 0x4, 0x3, 0x3, 0x4c, 0x66, 0x0, 0x6a, 0x29, 0x0, @remote, @broadcast, {[@lsrr={0x83, 0x1b, 0x8a, [@private=0xa010102, @multicast1, @dev={0xac, 0x14, 0x14, 0x1f}, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @multicast1]}, @cipso={0x86, 0x1c, 0x3, [{0x1, 0xc, "ed0fc3ccc687917efa30"}, {0x5, 0xa, "b160eca113311ac5"}]}]}}}}}) 22:06:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000180)={0x0, @xdp={0x2c, 0x0, 0x0, 0x22}, @nl=@unspec, @can={0x1d, 0x0}, 0xf349, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000080)='xfrm0\x00', 0x2, 0xfffffffffffffff8, 0x101}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'syztnl2\x00', r5, 0x7, 0x8000, 0xffffffff, 0xffffffff, {{0x13, 0x4, 0x3, 0x3, 0x4c, 0x66, 0x0, 0x6a, 0x29, 0x0, @remote, @broadcast, {[@lsrr={0x83, 0x1b, 0x8a, [@private=0xa010102, @multicast1, @dev={0xac, 0x14, 0x14, 0x1f}, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @multicast1]}, @cipso={0x86, 0x1c, 0x3, [{0x1, 0xc, "ed0fc3ccc687917efa30"}, {0x5, 0xa, "b160eca113311ac5"}]}]}}}}}) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000180)={0x0, @xdp={0x2c, 0x0, 0x0, 0x22}, @nl=@unspec, @can, 0xf349, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000080)='xfrm0\x00', 0x2, 0xfffffffffffffff8, 0x101}) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'syztnl2\x00', r5, 0x7, 0x8000, 0xffffffff, 0xffffffff, {{0x13, 0x4, 0x3, 0x3, 0x4c, 0x66, 0x0, 0x6a, 0x29, 0x0, @remote, @broadcast, {[@lsrr={0x83, 0x1b, 0x8a, [@private=0xa010102, @multicast1, @dev={0xac, 0x14, 0x14, 0x1f}, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @multicast1]}, @cipso={0x86, 0x1c, 0x3, [{0x1, 0xc, "ed0fc3ccc687917efa30"}, {0x5, 0xa, "b160eca113311ac5"}]}]}}}}}) (async) 22:06:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:32 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864024bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:06:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000180)={0x0, @xdp={0x2c, 0x0, 0x0, 0x22}, @nl=@unspec, @can={0x1d, 0x0}, 0xf349, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000080)='xfrm0\x00', 0x2, 0xfffffffffffffff8, 0x101}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'syztnl2\x00', r5, 0x7, 0x8000, 0xffffffff, 0xffffffff, {{0x13, 0x4, 0x3, 0x3, 0x4c, 0x66, 0x0, 0x6a, 0x29, 0x0, @remote, @broadcast, {[@lsrr={0x83, 0x1b, 0x8a, [@private=0xa010102, @multicast1, @dev={0xac, 0x14, 0x14, 0x1f}, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @multicast1]}, @cipso={0x86, 0x1c, 0x3, [{0x1, 0xc, "ed0fc3ccc687917efa30"}, {0x5, 0xa, "b160eca113311ac5"}]}]}}}}}) 22:06:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:06:32 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xa00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:32 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xff0f0000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000180)=0xc) sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x3, 0x40, 0xc52, 0x6, 0x100000000, 0x1000, 0x8000, 0xff, 0x16ed}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:06:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (async) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000180)=0xc) sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x3, 0x40, 0xc52, 0x6, 0x100000000, 0x1000, 0x8000, 0xff, 0x16ed}, 0x0) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:06:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000180)=0xc) sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x3, 0x40, 0xc52, 0x6, 0x100000000, 0x1000, 0x8000, 0xff, 0x16ed}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000180)=0xc) (async) sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x3, 0x40, 0xc52, 0x6, 0x100000000, 0x1000, 0x8000, 0xff, 0x16ed}, 0x0) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) [ 2617.078679][T21893] warn_alloc: 1 callbacks suppressed [ 2617.078696][T21893] syz-executor.2: vmalloc error: size 314191872, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2617.100600][T21893] CPU: 1 PID: 21893 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2617.109372][T21893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2617.119407][T21893] Call Trace: [ 2617.122705][T21893] [ 2617.125625][T21893] dump_stack_lvl+0xd6/0x122 [ 2617.130203][T21893] dump_stack+0x11/0x1b [ 2617.134344][T21893] warn_alloc+0x132/0x190 [ 2617.138724][T21893] __vmalloc_node_range+0x58b/0x690 [ 2617.143908][T21893] ? xt_alloc_table_info+0x39/0x70 [ 2617.149075][T21893] __vmalloc_node+0x61/0x70 [ 2617.153603][T21893] ? xt_alloc_table_info+0x39/0x70 [ 2617.158712][T21893] kvmalloc_node+0xd2/0x110 [ 2617.163201][T21893] xt_alloc_table_info+0x39/0x70 [ 2617.168145][T21893] do_ipt_set_ctl+0x649/0x1710 [ 2617.172940][T21893] ? rmqueue_pcplist+0x157/0x1f0 [ 2617.177857][T21893] ? rmqueue+0x4a/0xd20 [ 2617.182033][T21893] ? __rcu_read_unlock+0x5c/0x290 [ 2617.187103][T21893] nf_setsockopt+0x1a6/0x1c0 [ 2617.191689][T21893] ip_setsockopt+0x2815/0x2c80 [ 2617.196445][T21893] ? _raw_spin_unlock+0x2e/0x50 [ 2617.201273][T21893] ? finish_task_switch+0xd0/0x280 [ 2617.206405][T21893] ? __schedule+0x44a/0x6a0 [ 2617.210888][T21893] ? __rcu_read_unlock+0x5c/0x290 [ 2617.215891][T21893] ? schedule+0x8b/0xb0 [ 2617.220025][T21893] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2617.225458][T21893] ? avc_has_perm+0x70/0x160 [ 2617.230065][T21893] ? avc_has_perm+0xd5/0x160 [ 2617.234672][T21893] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2617.241014][T21893] ? selinux_socket_setsockopt+0x145/0x170 [ 2617.246871][T21893] udp_setsockopt+0x83/0x90 [ 2617.251353][T21893] sock_common_setsockopt+0x5d/0x70 [ 2617.256542][T21893] ? sock_common_recvmsg+0xe0/0xe0 [ 2617.261657][T21893] __sys_setsockopt+0x209/0x2a0 [ 2617.266490][T21893] __x64_sys_setsockopt+0x62/0x70 [ 2617.271609][T21893] do_syscall_64+0x44/0xd0 [ 2617.276083][T21893] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2617.281955][T21893] RIP: 0033:0x7ff9d4f80e99 [ 2617.286438][T21893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2617.306022][T21893] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2617.314408][T21893] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2617.322425][T21893] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2617.330372][T21893] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2617.338385][T21893] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2617.346422][T21893] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2617.354393][T21893] [ 2617.357544][T21893] Mem-Info: [ 2617.360659][T21893] active_anon:295 inactive_anon:98474 isolated_anon:0 [ 2617.360659][T21893] active_file:4163 inactive_file:62949 isolated_file:0 [ 2617.360659][T21893] unevictable:0 dirty:0 writeback:0 [ 2617.360659][T21893] slab_reclaimable:5618 slab_unreclaimable:15935 [ 2617.360659][T21893] mapped:27425 shmem:570 pagetables:1166 bounce:0 [ 2617.360659][T21893] kernel_misc_reclaimable:0 [ 2617.360659][T21893] free:1717579 free_pcp:3031 free_cma:0 [ 2617.401895][T21893] Node 0 active_anon:1180kB inactive_anon:393896kB active_file:16652kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2280kB writeback_tmp:0kB kernel_stack:3552kB pagetables:4664kB all_unreclaimable? no [ 2617.428236][T21893] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2617.455208][T21893] lowmem_reserve[]: 0 2896 7874 7874 [ 2617.460513][T21893] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2617.489097][T21893] lowmem_reserve[]: 0 0 4978 4978 [ 2617.494646][T21893] Node 0 Normal free:3889240kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1180kB inactive_anon:393896kB active_file:16652kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:7076kB local_pcp:5772kB free_cma:0kB [ 2617.524981][T21893] lowmem_reserve[]: 0 0 0 0 [ 2617.529683][T21893] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2617.542332][T21893] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2617.558345][T21893] Node 0 Normal: 60*4kB (E) 3*8kB (ME) 57*16kB (ME) 42*32kB (ME) 30*64kB (UME) 26*128kB (ME) 24*256kB (ME) 63*512kB (UME) 191*1024kB (UME) 57*2048kB (UME) 862*4096kB (UM) = 3889240kB [ 2617.576678][T21893] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2617.585965][T21893] 11605 total pagecache pages [ 2617.590727][T21893] 0 pages in swap cache [ 2617.594855][T21893] Swap cache stats: add 0, delete 0, find 0/0 [ 2617.600918][T21893] Free swap = 0kB [ 2617.604619][T21893] Total swap = 0kB [ 2617.608308][T21893] 2097051 pages RAM [ 2617.612114][T21893] 0 pages HighMem/MovableOnly [ 2617.616775][T21893] 75959 pages reserved 22:06:45 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864025bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:06:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:45 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xb00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:45 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x9e040, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r2, &(0x7f0000000cc0)=ANY=[@ANYBLOB="7f454c46023fff0701000080000000000200060001800000030200003800000091010000030000000300200002000000b60003009336c2651119cf784b1b0d6e0000000003000000000100000004000034070000c12fd71506000000ff03000076400000030000000000000009000000010000000600000001010000ff010000800000009a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e9720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001429000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000914985d20944659cd5e4cedcbe5fc59d3a61c2c65f2da92f11ab3a394bdf4263b1e71e0d8f05144faa10da0e8486a2d9d150db2d00918a4c9df2966bd89a142a"], 0x661) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000001380)={{0x0, 0x3, 0x6, 0x22, 0x23f, 0x2, 0x5, 0x9, 0x9, 0x97, 0x20, 0x0, 0xeee, 0xffff, 0x2}}) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r1, 0x0, r2, 0x2) fcntl$lock(r0, 0x7, &(0x7f0000000240)={0x1, 0x0, 0xfffffffffffffff8, 0x2, r1}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0xfffffffffffffffe, &(0x7f0000000180)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r4 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r4, 0x53e4, 0xd6ed, 0x2, &(0x7f0000000080), 0x8) io_uring_enter(r4, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:06:45 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xffffff7f, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:45 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:06:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:45 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x9e040, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r2, &(0x7f0000000cc0)=ANY=[@ANYBLOB="7f454c46023fff0701000080000000000200060001800000030200003800000091010000030000000300200002000000b60003009336c2651119cf784b1b0d6e0000000003000000000100000004000034070000c12fd71506000000ff03000076400000030000000000000009000000010000000600000001010000ff010000800000009a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e9720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001429000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000914985d20944659cd5e4cedcbe5fc59d3a61c2c65f2da92f11ab3a394bdf4263b1e71e0d8f05144faa10da0e8486a2d9d150db2d00918a4c9df2966bd89a142a"], 0x661) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000001380)={{0x0, 0x3, 0x6, 0x22, 0x23f, 0x2, 0x5, 0x9, 0x9, 0x97, 0x20, 0x0, 0xeee, 0xffff, 0x2}}) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r1, 0x0, r2, 0x2) fcntl$lock(r0, 0x7, &(0x7f0000000240)={0x1, 0x0, 0xfffffffffffffff8, 0x2, r1}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0xfffffffffffffffe, &(0x7f0000000180)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r4 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r4, 0x53e4, 0xd6ed, 0x2, &(0x7f0000000080), 0x8) io_uring_enter(r4, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x9e040, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) (async) write$binfmt_elf32(r2, &(0x7f0000000cc0)=ANY=[@ANYBLOB="7f454c46023fff0701000080000000000200060001800000030200003800000091010000030000000300200002000000b60003009336c2651119cf784b1b0d6e0000000003000000000100000004000034070000c12fd71506000000ff03000076400000030000000000000009000000010000000600000001010000ff010000800000009a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e9720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001429000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000914985d20944659cd5e4cedcbe5fc59d3a61c2c65f2da92f11ab3a394bdf4263b1e71e0d8f05144faa10da0e8486a2d9d150db2d00918a4c9df2966bd89a142a"], 0x661) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000001380)={{0x0, 0x3, 0x6, 0x22, 0x23f, 0x2, 0x5, 0x9, 0x9, 0x97, 0x20, 0x0, 0xeee, 0xffff, 0x2}}) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r1, 0x0, r2, 0x2) (async) fcntl$lock(r0, 0x7, &(0x7f0000000240)={0x1, 0x0, 0xfffffffffffffff8, 0x2, r1}) (async) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0xfffffffffffffffe, &(0x7f0000000180)) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r4, 0x53e4, 0xd6ed, 0x2, &(0x7f0000000080), 0x8) (async) io_uring_enter(r4, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:06:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:45 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x9e040, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r2, &(0x7f0000000cc0)=ANY=[@ANYBLOB="7f454c46023fff0701000080000000000200060001800000030200003800000091010000030000000300200002000000b60003009336c2651119cf784b1b0d6e0000000003000000000100000004000034070000c12fd71506000000ff03000076400000030000000000000009000000010000000600000001010000ff010000800000009a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e9720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001429000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000914985d20944659cd5e4cedcbe5fc59d3a61c2c65f2da92f11ab3a394bdf4263b1e71e0d8f05144faa10da0e8486a2d9d150db2d00918a4c9df2966bd89a142a"], 0x661) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000001380)={{0x0, 0x3, 0x6, 0x22, 0x23f, 0x2, 0x5, 0x9, 0x9, 0x97, 0x20, 0x0, 0xeee, 0xffff, 0x2}}) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r1, 0x0, r2, 0x2) fcntl$lock(r0, 0x7, &(0x7f0000000240)={0x1, 0x0, 0xfffffffffffffff8, 0x2, r1}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0xfffffffffffffffe, &(0x7f0000000180)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r4 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r4, 0x53e4, 0xd6ed, 0x2, &(0x7f0000000080), 0x8) io_uring_enter(r4, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x9e040, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) (async) write$binfmt_elf32(r2, &(0x7f0000000cc0)=ANY=[@ANYBLOB="7f454c46023fff0701000080000000000200060001800000030200003800000091010000030000000300200002000000b60003009336c2651119cf784b1b0d6e0000000003000000000100000004000034070000c12fd71506000000ff03000076400000030000000000000009000000010000000600000001010000ff010000800000009a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e9720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001429000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000914985d20944659cd5e4cedcbe5fc59d3a61c2c65f2da92f11ab3a394bdf4263b1e71e0d8f05144faa10da0e8486a2d9d150db2d00918a4c9df2966bd89a142a"], 0x661) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000001380)={{0x0, 0x3, 0x6, 0x22, 0x23f, 0x2, 0x5, 0x9, 0x9, 0x97, 0x20, 0x0, 0xeee, 0xffff, 0x2}}) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r1, 0x0, r2, 0x2) (async) fcntl$lock(r0, 0x7, &(0x7f0000000240)={0x1, 0x0, 0xfffffffffffffff8, 0x2, r1}) (async) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0xfffffffffffffffe, &(0x7f0000000180)) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r4, 0x53e4, 0xd6ed, 0x2, &(0x7f0000000080), 0x8) (async) io_uring_enter(r4, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:06:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) [ 2630.458681][T21959] syz-executor.2: vmalloc error: size 314183680, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2630.475408][T21959] CPU: 1 PID: 21959 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2630.484251][T21959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2630.494344][T21959] Call Trace: [ 2630.497605][T21959] [ 2630.500517][T21959] dump_stack_lvl+0xd6/0x122 [ 2630.505111][T21959] dump_stack+0x11/0x1b [ 2630.509254][T21959] warn_alloc+0x132/0x190 [ 2630.513570][T21959] ? alloc_page_interleave+0x104/0x120 [ 2630.519024][T21959] __vmalloc_node_range+0x58b/0x690 [ 2630.524275][T21959] ? xt_alloc_table_info+0x39/0x70 [ 2630.529406][T21959] __vmalloc_node+0x61/0x70 [ 2630.533889][T21959] ? xt_alloc_table_info+0x39/0x70 [ 2630.538982][T21959] kvmalloc_node+0xd2/0x110 [ 2630.543464][T21959] xt_alloc_table_info+0x39/0x70 [ 2630.548382][T21959] do_ipt_set_ctl+0x649/0x1710 [ 2630.553126][T21959] ? rmqueue_pcplist+0x157/0x1f0 [ 2630.558043][T21959] ? rmqueue+0x4a/0xd20 [ 2630.562177][T21959] ? __rcu_read_unlock+0x5c/0x290 [ 2630.567206][T21959] nf_setsockopt+0x1a6/0x1c0 [ 2630.571827][T21959] ip_setsockopt+0x2815/0x2c80 [ 2630.576600][T21959] ? _raw_spin_unlock+0x2e/0x50 [ 2630.581427][T21959] ? finish_task_switch+0xd0/0x280 [ 2630.586552][T21959] ? __schedule+0x44a/0x6a0 [ 2630.591115][T21959] ? __rcu_read_unlock+0x5c/0x290 [ 2630.596117][T21959] ? schedule+0x8b/0xb0 [ 2630.600304][T21959] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2630.605737][T21959] ? avc_has_perm+0x70/0x160 [ 2630.610390][T21959] ? avc_has_perm+0xd5/0x160 [ 2630.614960][T21959] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2630.621319][T21959] ? selinux_socket_setsockopt+0x145/0x170 [ 2630.627177][T21959] udp_setsockopt+0x83/0x90 [ 2630.631678][T21959] sock_common_setsockopt+0x5d/0x70 [ 2630.636957][T21959] ? sock_common_recvmsg+0xe0/0xe0 [ 2630.642045][T21959] __sys_setsockopt+0x209/0x2a0 [ 2630.646904][T21959] __x64_sys_setsockopt+0x62/0x70 [ 2630.652003][T21959] do_syscall_64+0x44/0xd0 [ 2630.656438][T21959] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2630.662311][T21959] RIP: 0033:0x7ff9d4f80e99 [ 2630.666704][T21959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2630.686286][T21959] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2630.694674][T21959] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2630.702624][T21959] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2630.710706][T21959] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2630.718665][T21959] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2630.726725][T21959] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2630.734719][T21959] [ 2630.737841][T21959] Mem-Info: [ 2630.741048][T21959] active_anon:297 inactive_anon:98476 isolated_anon:0 [ 2630.741048][T21959] active_file:4166 inactive_file:62949 isolated_file:0 [ 2630.741048][T21959] unevictable:0 dirty:0 writeback:0 [ 2630.741048][T21959] slab_reclaimable:5617 slab_unreclaimable:15951 [ 2630.741048][T21959] mapped:27425 shmem:572 pagetables:1166 bounce:0 [ 2630.741048][T21959] kernel_misc_reclaimable:0 [ 2630.741048][T21959] free:1717572 free_pcp:2998 free_cma:0 [ 2630.782351][T21959] Node 0 active_anon:1188kB inactive_anon:393904kB active_file:16664kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2288kB writeback_tmp:0kB kernel_stack:3552kB pagetables:4664kB all_unreclaimable? no [ 2630.808732][T21959] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2630.835557][T21959] lowmem_reserve[]: 0 2896 7874 7874 [ 2630.840879][T21959] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2630.869605][T21959] lowmem_reserve[]: 0 0 4978 4978 [ 2630.874622][T21959] Node 0 Normal free:3889212kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1188kB inactive_anon:393904kB active_file:16664kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:6940kB local_pcp:1972kB free_cma:0kB [ 2630.904889][T21959] lowmem_reserve[]: 0 0 0 0 [ 2630.909511][T21959] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2630.922156][T21959] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2630.938206][T21959] Node 0 Normal: 1*4kB (U) 25*8kB (UME) 127*16kB (UME) 42*32kB (ME) 29*64kB (ME) 26*128kB (ME) 24*256kB (ME) 61*512kB (UME) 191*1024kB (UME) 57*2048kB (UME) 862*4096kB (UM) = 3889212kB [ 2630.956629][T21959] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2630.965984][T21959] 11608 total pagecache pages [ 2630.970669][T21959] 0 pages in swap cache [ 2630.975001][T21959] Swap cache stats: add 0, delete 0, find 0/0 [ 2630.981071][T21959] Free swap = 0kB [ 2630.984774][T21959] Total swap = 0kB [ 2630.988468][T21959] 2097051 pages RAM [ 2630.992268][T21959] 0 pages HighMem/MovableOnly [ 2630.996925][T21959] 75959 pages reserved 22:06:59 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864026bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:06:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) pipe(&(0x7f0000000040)) 22:06:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x0, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:59 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xffffffe4, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:59 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xc00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:06:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:06:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x0, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:06:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x0, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:06:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, 0x0) 22:06:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) pipe(&(0x7f0000000040)) 22:06:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, 0x0) [ 2643.768697][T22012] syz-executor.2: vmalloc error: size 314085376, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2643.785370][T22012] CPU: 1 PID: 22012 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2643.794131][T22012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2643.804166][T22012] Call Trace: [ 2643.807425][T22012] [ 2643.810333][T22012] dump_stack_lvl+0xd6/0x122 [ 2643.814907][T22012] dump_stack+0x11/0x1b [ 2643.819038][T22012] warn_alloc+0x132/0x190 [ 2643.823498][T22012] ? alloc_page_interleave+0x104/0x120 [ 2643.828936][T22012] __vmalloc_node_range+0x58b/0x690 [ 2643.834180][T22012] ? xt_alloc_table_info+0x39/0x70 [ 2643.839329][T22012] __vmalloc_node+0x61/0x70 [ 2643.843857][T22012] ? xt_alloc_table_info+0x39/0x70 [ 2643.848952][T22012] kvmalloc_node+0xd2/0x110 [ 2643.853516][T22012] xt_alloc_table_info+0x39/0x70 [ 2643.858510][T22012] do_ipt_set_ctl+0x649/0x1710 [ 2643.863289][T22012] ? rmqueue_pcplist+0x157/0x1f0 [ 2643.868212][T22012] ? rmqueue+0x4a/0xd20 [ 2643.872383][T22012] ? __rcu_read_unlock+0x5c/0x290 [ 2643.877389][T22012] nf_setsockopt+0x1a6/0x1c0 [ 2643.881982][T22012] ip_setsockopt+0x2815/0x2c80 [ 2643.886731][T22012] ? _raw_spin_unlock+0x2e/0x50 [ 2643.891578][T22012] ? finish_task_switch+0xd0/0x280 [ 2643.896728][T22012] ? __schedule+0x44a/0x6a0 [ 2643.901298][T22012] ? __rcu_read_unlock+0x5c/0x290 [ 2643.906305][T22012] ? schedule+0x8b/0xb0 [ 2643.910526][T22012] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2643.915977][T22012] ? avc_has_perm+0x70/0x160 [ 2643.920948][T22012] ? avc_has_perm+0xd5/0x160 [ 2643.925590][T22012] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2643.931910][T22012] ? selinux_socket_setsockopt+0x145/0x170 [ 2643.937709][T22012] udp_setsockopt+0x83/0x90 [ 2643.942246][T22012] sock_common_setsockopt+0x5d/0x70 [ 2643.947473][T22012] ? sock_common_recvmsg+0xe0/0xe0 [ 2643.952746][T22012] __sys_setsockopt+0x209/0x2a0 [ 2643.957647][T22012] __x64_sys_setsockopt+0x62/0x70 [ 2643.962706][T22012] do_syscall_64+0x44/0xd0 [ 2643.967102][T22012] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2643.972983][T22012] RIP: 0033:0x7ff9d4f80e99 [ 2643.977377][T22012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2643.996982][T22012] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2644.005372][T22012] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2644.013408][T22012] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2644.021357][T22012] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2644.029307][T22012] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2644.037328][T22012] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2644.045282][T22012] [ 2644.048386][T22012] Mem-Info: [ 2644.051498][T22012] active_anon:300 inactive_anon:98554 isolated_anon:0 [ 2644.051498][T22012] active_file:4169 inactive_file:62949 isolated_file:0 [ 2644.051498][T22012] unevictable:0 dirty:0 writeback:0 [ 2644.051498][T22012] slab_reclaimable:5616 slab_unreclaimable:15921 [ 2644.051498][T22012] mapped:27489 shmem:575 pagetables:1177 bounce:0 [ 2644.051498][T22012] kernel_misc_reclaimable:0 [ 2644.051498][T22012] free:1717634 free_pcp:2889 free_cma:0 [ 2644.092771][T22012] Node 0 active_anon:1200kB inactive_anon:394216kB active_file:16676kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2300kB writeback_tmp:0kB kernel_stack:3568kB pagetables:4708kB all_unreclaimable? no [ 2644.119190][T22012] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2644.146052][T22012] lowmem_reserve[]: 0 2896 7874 7874 [ 2644.151347][T22012] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2644.179993][T22012] lowmem_reserve[]: 0 0 4978 4978 [ 2644.185003][T22012] Node 0 Normal free:3889460kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1200kB inactive_anon:394216kB active_file:16676kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:6512kB local_pcp:1032kB free_cma:0kB [ 2644.215303][T22012] lowmem_reserve[]: 0 0 0 0 [ 2644.219829][T22012] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2644.232451][T22012] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2644.248455][T22012] Node 0 Normal: 1*4kB (M) 14*8kB (E) 46*16kB (UME) 43*32kB (ME) 30*64kB (UME) 26*128kB (ME) 24*256kB (ME) 64*512kB (UME) 191*1024kB (UME) 57*2048kB (UME) 862*4096kB (UM) = 3889460kB [ 2644.266707][T22012] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2644.276087][T22012] 11614 total pagecache pages [ 2644.280768][T22012] 0 pages in swap cache [ 2644.285077][T22012] Swap cache stats: add 0, delete 0, find 0/0 [ 2644.291177][T22012] Free swap = 0kB [ 2644.294879][T22012] Total swap = 0kB [ 2644.298568][T22012] 2097051 pages RAM [ 2644.302405][T22012] 0 pages HighMem/MovableOnly [ 2644.307048][T22012] 75959 pages reserved 22:07:12 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864027bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="7f454c46023fff0701000080000000000200060001800000030200003800000091010000030000000300200002000000b60003000000000003000000000100000004000034070000c12fd71506000000ff03000076400000030000000000000009000000010000000600000001010000ff010000800000009a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e97200"/1633], 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r1, 0x0, r2, 0x2) sched_setattr(r1, &(0x7f0000000180)={0x38, 0x2, 0x5, 0x2, 0xffffffff, 0xbcd3, 0x80000000007, 0x9, 0x7ffe, 0xd0b8}, 0x0) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000740)=0xc) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000200)={'gre0\x00', &(0x7f0000000380)={'syztnl0\x00', 0x0, 0x80, 0x20, 0x3, 0x2, {{0xf, 0x4, 0x2, 0x30, 0x3c, 0x67, 0x0, 0xcd, 0x4, 0x0, @loopback, @empty, {[@lsrr={0x83, 0x17, 0x1c, [@multicast1, @dev={0xac, 0x14, 0x14, 0x35}, @dev={0xac, 0x14, 0x14, 0x2a}, @private=0xa010102, @multicast1]}, @rr={0x7, 0xf, 0x9d, [@multicast2, @local, @multicast1]}]}}}}}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000c80)={0x128, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, 0x0) 22:07:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:07:12 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfffffff0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:12 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xd00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)) 22:07:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 64) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000340)=0x0) (async, rerun: 64) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) (rerun: 64) write$binfmt_elf32(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="7f454c46023fff0701000080000000000200060001800000030200003800000091010000030000000300200002000000b60003000000000003000000000100000004000034070000c12fd71506000000ff03000076400000030000000000000009000000010000000600000001010000ff010000800000009a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e97200"/1633], 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r1, 0x0, r2, 0x2) sched_setattr(r1, &(0x7f0000000180)={0x38, 0x2, 0x5, 0x2, 0xffffffff, 0xbcd3, 0x80000000007, 0x9, 0x7ffe, 0xd0b8}, 0x0) (async, rerun: 64) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (rerun: 64) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000740)=0xc) (async) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0) (async, rerun: 32) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000200)={'gre0\x00', &(0x7f0000000380)={'syztnl0\x00', 0x0, 0x80, 0x20, 0x3, 0x2, {{0xf, 0x4, 0x2, 0x30, 0x3c, 0x67, 0x0, 0xcd, 0x4, 0x0, @loopback, @empty, {[@lsrr={0x83, 0x17, 0x1c, [@multicast1, @dev={0xac, 0x14, 0x14, 0x35}, @dev={0xac, 0x14, 0x14, 0x2a}, @private=0xa010102, @multicast1]}, @rr={0x7, 0xf, 0x9d, [@multicast2, @local, @multicast1]}]}}}}}) (rerun: 32) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000c80)={0x128, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000) (async, rerun: 64) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 64) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:07:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)) 22:07:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)) 22:07:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="7f454c46023fff0701000080000000000200060001800000030200003800000091010000030000000300200002000000b60003000000000003000000000100000004000034070000c12fd71506000000ff03000076400000030000000000000009000000010000000600000001010000ff010000800000009a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e97200"/1633], 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r1, 0x0, r2, 0x2) sched_setattr(r1, &(0x7f0000000180)={0x38, 0x2, 0x5, 0x2, 0xffffffff, 0xbcd3, 0x80000000007, 0x9, 0x7ffe, 0xd0b8}, 0x0) (async) r3 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x1) (async) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000740)=0xc) (async) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000200)={'gre0\x00', &(0x7f0000000380)={'syztnl0\x00', 0x0, 0x80, 0x20, 0x3, 0x2, {{0xf, 0x4, 0x2, 0x30, 0x3c, 0x67, 0x0, 0xcd, 0x4, 0x0, @loopback, @empty, {[@lsrr={0x83, 0x17, 0x1c, [@multicast1, @dev={0xac, 0x14, 0x14, 0x35}, @dev={0xac, 0x14, 0x14, 0x2a}, @private=0xa010102, @multicast1]}, @rr={0x7, 0xf, 0x9d, [@multicast2, @local, @multicast1]}]}}}}}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000c80)={0x128, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000) (async) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r3, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:07:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xb00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2657.168692][T22045] syz-executor.2: vmalloc error: size 314191872, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2657.185337][T22045] CPU: 0 PID: 22045 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2657.194136][T22045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2657.204174][T22045] Call Trace: [ 2657.207438][T22045] [ 2657.210353][T22045] dump_stack_lvl+0xd6/0x122 [ 2657.214936][T22045] dump_stack+0x11/0x1b [ 2657.219092][T22045] warn_alloc+0x132/0x190 [ 2657.223433][T22045] ? alloc_page_interleave+0x104/0x120 [ 2657.228874][T22045] __vmalloc_node_range+0x58b/0x690 [ 2657.234070][T22045] ? xt_alloc_table_info+0x39/0x70 [ 2657.239240][T22045] __vmalloc_node+0x61/0x70 [ 2657.243755][T22045] ? xt_alloc_table_info+0x39/0x70 [ 2657.248902][T22045] kvmalloc_node+0xd2/0x110 [ 2657.253386][T22045] xt_alloc_table_info+0x39/0x70 [ 2657.258419][T22045] do_ipt_set_ctl+0x649/0x1710 [ 2657.263168][T22045] ? __this_cpu_preempt_check+0x18/0x20 [ 2657.268737][T22045] ? __perf_event_task_sched_in+0x898/0x8d0 [ 2657.274612][T22045] ? __this_cpu_preempt_check+0x18/0x20 [ 2657.280189][T22045] ? xfd_validate_state+0x4e/0xf0 [ 2657.285299][T22045] ? save_fpregs_to_fpstate+0xf5/0x140 [ 2657.290743][T22045] ? _raw_spin_unlock+0x2e/0x50 [ 2657.295572][T22045] ? finish_task_switch+0xd0/0x280 [ 2657.300665][T22045] ? __rcu_read_unlock+0x5c/0x290 [ 2657.305674][T22045] nf_setsockopt+0x1a6/0x1c0 [ 2657.310245][T22045] ip_setsockopt+0x2815/0x2c80 [ 2657.314988][T22045] ? _raw_spin_unlock+0x2e/0x50 [ 2657.319827][T22045] ? finish_task_switch+0xd0/0x280 [ 2657.324935][T22045] ? preempt_count_add+0x41/0x90 [ 2657.329856][T22045] ? sysvec_reschedule_ipi+0x58/0x100 [ 2657.335275][T22045] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 2657.340885][T22045] ? avc_has_perm_noaudit+0xf3/0x270 [ 2657.346210][T22045] ? __rcu_read_unlock+0x5c/0x290 [ 2657.351214][T22045] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2657.356585][T22045] ? avc_has_perm+0x70/0x160 [ 2657.361256][T22045] ? avc_has_perm+0xd5/0x160 [ 2657.365938][T22045] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2657.372452][T22045] ? selinux_socket_setsockopt+0x145/0x170 [ 2657.378243][T22045] udp_setsockopt+0x83/0x90 [ 2657.382818][T22045] sock_common_setsockopt+0x5d/0x70 [ 2657.388038][T22045] ? sock_common_recvmsg+0xe0/0xe0 [ 2657.393346][T22045] __sys_setsockopt+0x209/0x2a0 [ 2657.398385][T22045] __x64_sys_setsockopt+0x62/0x70 [ 2657.403613][T22045] do_syscall_64+0x44/0xd0 [ 2657.408279][T22045] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2657.414229][T22045] RIP: 0033:0x7ff9d4f80e99 [ 2657.418710][T22045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2657.438393][T22045] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2657.446795][T22045] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2657.454750][T22045] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2657.462811][T22045] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2657.470770][T22045] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2657.478757][T22045] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2657.486735][T22045] [ 2657.489816][T22045] Mem-Info: [ 2657.492918][T22045] active_anon:302 inactive_anon:98635 isolated_anon:0 [ 2657.492918][T22045] active_file:4172 inactive_file:62949 isolated_file:0 [ 2657.492918][T22045] unevictable:0 dirty:0 writeback:0 [ 2657.492918][T22045] slab_reclaimable:5652 slab_unreclaimable:15939 [ 2657.492918][T22045] mapped:27489 shmem:577 pagetables:1188 bounce:0 [ 2657.492918][T22045] kernel_misc_reclaimable:0 [ 2657.492918][T22045] free:1716382 free_pcp:3952 free_cma:0 [ 2657.534244][T22045] Node 0 active_anon:1208kB inactive_anon:394540kB active_file:16688kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2308kB writeback_tmp:0kB kernel_stack:3680kB pagetables:4752kB all_unreclaimable? no [ 2657.560582][T22045] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2657.587537][T22045] lowmem_reserve[]: 0 2896 7874 7874 [ 2657.592936][T22045] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2657.621543][T22045] lowmem_reserve[]: 0 0 4978 4978 [ 2657.626613][T22045] Node 0 Normal free:3884452kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1208kB inactive_anon:394540kB active_file:16688kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:10760kB local_pcp:5396kB free_cma:0kB [ 2657.657293][T22045] lowmem_reserve[]: 0 0 0 0 [ 2657.661929][T22045] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2657.674562][T22045] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2657.690667][T22045] Node 0 Normal: 189*4kB (UME) 10*8kB (UME) 10*16kB (UME) 12*32kB (ME) 9*64kB (UME) 26*128kB (ME) 25*256kB (UME) 58*512kB (UME) 191*1024kB (UME) 57*2048kB (UME) 862*4096kB (UM) = 3884452kB [ 2657.709459][T22045] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2657.719146][T22045] 11619 total pagecache pages [ 2657.723824][T22045] 0 pages in swap cache [ 2657.727955][T22045] Swap cache stats: add 0, delete 0, find 0/0 [ 2657.734151][T22045] Free swap = 0kB [ 2657.737898][T22045] Total swap = 0kB [ 2657.741710][T22045] 2097051 pages RAM [ 2657.745503][T22045] 0 pages HighMem/MovableOnly [ 2657.750176][T22045] 75959 pages reserved 22:07:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, 0x0, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:07:20 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864028bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x68f7, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = fcntl$dupfd(r0, 0x406, r0) r4 = dup(0xffffffffffffffff) io_uring_enter(r4, 0x1132, 0xafe2, 0x3, &(0x7f0000000480)={[0x2]}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000634000/0x1000)=nil, 0x1000, 0x300000f, 0x4010, r3, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r5 = io_uring_setup(0x187a, &(0x7f00000000c0)={0x0, 0xe09c, 0x20, 0x0, 0x23f}) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f00006d5000/0x3000)=nil, 0x3000, 0x300000a, 0x40010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000001540)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r0}, 0x800) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) r8 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x13, 0x200000ce, r7) syz_io_uring_submit(r6, r2, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001500)={&(0x7f0000000180)=@caif=@dbg, 0x80, &(0x7f0000001480)=[{&(0x7f0000000200)=""/72, 0x48}, {&(0x7f0000002580)=""/102400, 0x19000}, {&(0x7f0000000280)=""/36, 0x24}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000000340)=""/240, 0xf0}], 0x5}, 0x0, 0x100, 0x1, {0x2, r7}}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:20 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfffffff2, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:20 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xa00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:20 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xe00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x68f7, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = fcntl$dupfd(r0, 0x406, r0) r4 = dup(0xffffffffffffffff) io_uring_enter(r4, 0x1132, 0xafe2, 0x3, &(0x7f0000000480)={[0x2]}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000634000/0x1000)=nil, 0x1000, 0x300000f, 0x4010, r3, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r5 = io_uring_setup(0x187a, &(0x7f00000000c0)={0x0, 0xe09c, 0x20, 0x0, 0x23f}) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f00006d5000/0x3000)=nil, 0x3000, 0x300000a, 0x40010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000001540)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r0}, 0x800) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) r8 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x13, 0x200000ce, r7) syz_io_uring_submit(r6, r2, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001500)={&(0x7f0000000180)=@caif=@dbg, 0x80, &(0x7f0000001480)=[{&(0x7f0000000200)=""/72, 0x48}, {&(0x7f0000002580)=""/102400, 0x19000}, {&(0x7f0000000280)=""/36, 0x24}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000000340)=""/240, 0xf0}], 0x5}, 0x0, 0x100, 0x1, {0x2, r7}}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x68f7, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) fcntl$dupfd(r0, 0x406, r0) (async) dup(0xffffffffffffffff) (async) io_uring_enter(r4, 0x1132, 0xafe2, 0x3, &(0x7f0000000480)={[0x2]}, 0x8) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000634000/0x1000)=nil, 0x1000, 0x300000f, 0x4010, r3, 0x0) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) io_uring_setup(0x187a, &(0x7f00000000c0)={0x0, 0xe09c, 0x20, 0x0, 0x23f}) (async) mmap$IORING_OFF_SQ_RING(&(0x7f00006d5000/0x3000)=nil, 0x3000, 0x300000a, 0x40010, 0xffffffffffffffff, 0x0) (async) syz_io_uring_submit(r6, 0x0, &(0x7f0000001540)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r0}, 0x800) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) (async) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (async) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x13, 0x200000ce, r7) (async) syz_io_uring_submit(r6, r2, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001500)={&(0x7f0000000180)=@caif=@dbg, 0x80, &(0x7f0000001480)=[{&(0x7f0000000200)=""/72, 0x48}, {&(0x7f0000002580)=""/102400, 0x19000}, {&(0x7f0000000280)=""/36, 0x24}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000000340)=""/240, 0xf0}], 0x5}, 0x0, 0x100, 0x1, {0x2, r7}}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:07:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x68f7, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = fcntl$dupfd(r0, 0x406, r0) (async) r4 = dup(0xffffffffffffffff) io_uring_enter(r4, 0x1132, 0xafe2, 0x3, &(0x7f0000000480)={[0x2]}, 0x8) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000634000/0x1000)=nil, 0x1000, 0x300000f, 0x4010, r3, 0x0) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) r5 = io_uring_setup(0x187a, &(0x7f00000000c0)={0x0, 0xe09c, 0x20, 0x0, 0x23f}) (async) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f00006d5000/0x3000)=nil, 0x3000, 0x300000a, 0x40010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000001540)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r0}, 0x800) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) (async) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) (async) r8 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x13, 0x200000ce, r7) syz_io_uring_submit(r6, r2, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001500)={&(0x7f0000000180)=@caif=@dbg, 0x80, &(0x7f0000001480)=[{&(0x7f0000000200)=""/72, 0x48}, {&(0x7f0000002580)=""/102400, 0x19000}, {&(0x7f0000000280)=""/36, 0x24}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000000340)=""/240, 0xf0}], 0x5}, 0x0, 0x100, 0x1, {0x2, r7}}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:07:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="4a6855a1a459c37bc18c1f2a5fbe6eb7dcd4d975a53495c676bf5a9e7542e805b9e70bca6496c4d5a09e1ebc563708bb3f989933c36eaa37a4206907182a415d9f04454901b5be70097283e1a6", 0x4d}], 0x1, 0x8) 22:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="4a6855a1a459c37bc18c1f2a5fbe6eb7dcd4d975a53495c676bf5a9e7542e805b9e70bca6496c4d5a09e1ebc563708bb3f989933c36eaa37a4206907182a415d9f04454901b5be70097283e1a6", 0x4d}], 0x1, 0x8) 22:07:22 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864029bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="4a6855a1a459c37bc18c1f2a5fbe6eb7dcd4d975a53495c676bf5a9e7542e805b9e70bca6496c4d5a09e1ebc563708bb3f989933c36eaa37a4206907182a415d9f04454901b5be70097283e1a6", 0x4d}], 0x1, 0x8) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="4a6855a1a459c37bc18c1f2a5fbe6eb7dcd4d975a53495c676bf5a9e7542e805b9e70bca6496c4d5a09e1ebc563708bb3f989933c36eaa37a4206907182a415d9f04454901b5be70097283e1a6", 0x4d}], 0x1, 0x8) (async) 22:07:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, 0x0, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x400000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:22 executing program 5: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864027bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:22 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfffffff4, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x400000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:22 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xf00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x400000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x400000}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) r8 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x13, 0x200000ce, r7) syz_io_uring_submit(r1, r5, &(0x7f0000000280)=@IORING_OP_STATX={0x15, 0x5, 0x0, 0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x7ff, 0x0, 0x0, {0x0, r7}}, 0xea29) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x1, 0x10000000, 0x5, 0x5, 0x100, 0xdb, 0x80000000, 0x200, 0x80000001}, 0x0) pipe(&(0x7f0000000040)) 22:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async, rerun: 32) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) r6 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) (async, rerun: 64) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) (rerun: 64) r8 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x13, 0x200000ce, r7) (async) syz_io_uring_submit(r1, r5, &(0x7f0000000280)=@IORING_OP_STATX={0x15, 0x5, 0x0, 0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x7ff, 0x0, 0x0, {0x0, r7}}, 0xea29) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x1, 0x10000000, 0x5, 0x5, 0x100, 0xdb, 0x80000000, 0x200, 0x80000001}, 0x0) pipe(&(0x7f0000000040)) 22:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 64) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 64) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) r6 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) (async) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) r8 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x13, 0x200000ce, r7) (async) syz_io_uring_submit(r1, r5, &(0x7f0000000280)=@IORING_OP_STATX={0x15, 0x5, 0x0, 0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x7ff, 0x0, 0x0, {0x0, r7}}, 0xea29) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x1, 0x10000000, 0x5, 0x5, 0x100, 0xdb, 0x80000000, 0x200, 0x80000001}, 0x0) (async, rerun: 64) pipe(&(0x7f0000000040)) (rerun: 64) 22:07:34 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86402abc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f00006d5000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, 0x0, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:07:34 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfffffff5, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:34 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1100) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:34 executing program 5: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864027bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 64) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 64) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f00006d5000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:07:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f00006d5000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async, rerun: 32) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (rerun: 32) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:07:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x20}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x20}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x20}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:07:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = accept$nfc_llcp(0xffffffffffffffff, 0x0, &(0x7f0000000080)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000180)=@IORING_OP_WRITE_FIXED={0x5, 0x5, 0x2000, @fd=r6, 0x0, 0xff, 0x9, 0x8, 0x0, {0x3, r7}}, 0x8) pipe(&(0x7f0000000040)) [ 2678.728804][T22212] warn_alloc: 3 callbacks suppressed [ 2678.728824][T22212] syz-executor.2: vmalloc error: size 314191872, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2678.750918][T22212] CPU: 1 PID: 22212 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2678.759735][T22212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2678.769870][T22212] Call Trace: [ 2678.773170][T22212] [ 2678.776092][T22212] dump_stack_lvl+0xd6/0x122 [ 2678.780697][T22212] dump_stack+0x11/0x1b [ 2678.784851][T22212] warn_alloc+0x132/0x190 [ 2678.789234][T22212] ? alloc_page_interleave+0x104/0x120 [ 2678.794719][T22212] __vmalloc_node_range+0x58b/0x690 [ 2678.799917][T22212] ? xt_alloc_table_info+0x39/0x70 [ 2678.805086][T22212] __vmalloc_node+0x61/0x70 [ 2678.809667][T22212] ? xt_alloc_table_info+0x39/0x70 [ 2678.814926][T22212] kvmalloc_node+0xd2/0x110 [ 2678.819477][T22212] xt_alloc_table_info+0x39/0x70 [ 2678.824423][T22212] do_ipt_set_ctl+0x649/0x1710 [ 2678.829185][T22212] ? rmqueue_pcplist+0x157/0x1f0 [ 2678.834131][T22212] ? rmqueue+0x4a/0xd20 [ 2678.838290][T22212] ? __rcu_read_unlock+0x5c/0x290 [ 2678.843317][T22212] nf_setsockopt+0x1a6/0x1c0 [ 2678.847886][T22212] ip_setsockopt+0x2815/0x2c80 [ 2678.852731][T22212] ? _raw_spin_unlock+0x2e/0x50 [ 2678.857573][T22212] ? finish_task_switch+0xd0/0x280 [ 2678.862719][T22212] ? __schedule+0x44a/0x6a0 [ 2678.867302][T22212] ? __rcu_read_unlock+0x5c/0x290 [ 2678.872425][T22212] ? schedule+0x8b/0xb0 [ 2678.876603][T22212] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2678.881972][T22212] ? avc_has_perm+0x70/0x160 [ 2678.886553][T22212] ? avc_has_perm+0xd5/0x160 [ 2678.891124][T22212] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2678.897562][T22212] ? selinux_socket_setsockopt+0x145/0x170 [ 2678.903352][T22212] udp_setsockopt+0x83/0x90 [ 2678.907854][T22212] sock_common_setsockopt+0x5d/0x70 [ 2678.913108][T22212] ? sock_common_recvmsg+0xe0/0xe0 [ 2678.918205][T22212] __sys_setsockopt+0x209/0x2a0 [ 2678.923110][T22212] __x64_sys_setsockopt+0x62/0x70 [ 2678.928232][T22212] do_syscall_64+0x44/0xd0 [ 2678.932635][T22212] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2678.938524][T22212] RIP: 0033:0x7ff9d4f80e99 [ 2678.942918][T22212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2678.962504][T22212] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2678.970915][T22212] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2678.978956][T22212] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2678.986905][T22212] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2678.994930][T22212] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2679.002880][T22212] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2679.010870][T22212] [ 2679.014185][T22212] Mem-Info: [ 2679.017300][T22212] active_anon:304 inactive_anon:98579 isolated_anon:0 [ 2679.017300][T22212] active_file:4175 inactive_file:62950 isolated_file:0 [ 2679.017300][T22212] unevictable:0 dirty:9 writeback:0 [ 2679.017300][T22212] slab_reclaimable:5635 slab_unreclaimable:15911 [ 2679.017300][T22212] mapped:27489 shmem:579 pagetables:1197 bounce:0 [ 2679.017300][T22212] kernel_misc_reclaimable:0 [ 2679.017300][T22212] free:1717554 free_pcp:2889 free_cma:0 [ 2679.058583][T22212] Node 0 active_anon:1216kB inactive_anon:394316kB active_file:16700kB inactive_file:251800kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:36kB writeback:0kB shmem:2316kB writeback_tmp:0kB kernel_stack:3680kB pagetables:4788kB all_unreclaimable? no [ 2679.085230][T22212] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2679.112175][T22212] lowmem_reserve[]: 0 2896 7874 7874 [ 2679.117464][T22212] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2679.146218][T22212] lowmem_reserve[]: 0 0 4978 4978 [ 2679.151305][T22212] Node 0 Normal free:3889140kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1216kB inactive_anon:394316kB active_file:16700kB inactive_file:251800kB unevictable:0kB writepending:36kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:6508kB local_pcp:3364kB free_cma:0kB [ 2679.181767][T22212] lowmem_reserve[]: 0 0 0 0 [ 2679.186285][T22212] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2679.199054][T22212] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2679.215076][T22212] Node 0 Normal: 1931*4kB (UME) 1256*8kB (UME) 1101*16kB (UME) 1097*32kB (UME) 897*64kB (UME) 871*128kB (UME) 199*256kB (UME) 67*512kB (UME) 9*1024kB (UME) 12*2048kB (UME) 862*4096kB (UM) = 3889180kB [ 2679.234852][T22212] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2679.244143][T22212] 11625 total pagecache pages [ 2679.248815][T22212] 0 pages in swap cache [ 2679.252952][T22212] Swap cache stats: add 0, delete 0, find 0/0 [ 2679.259076][T22212] Free swap = 0kB [ 2679.262838][T22212] Total swap = 0kB [ 2679.266531][T22212] 2097051 pages RAM [ 2679.270392][T22212] 0 pages HighMem/MovableOnly [ 2679.275051][T22212] 75959 pages reserved 22:07:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:07:42 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86402bbc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) r6 = accept$nfc_llcp(0xffffffffffffffff, 0x0, &(0x7f0000000080)) (async) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000180)=@IORING_OP_WRITE_FIXED={0x5, 0x5, 0x2000, @fd=r6, 0x0, 0xff, 0x9, 0x8, 0x0, {0x3, r7}}, 0x8) (async) pipe(&(0x7f0000000040)) 22:07:42 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1200) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:42 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfffffffb, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:07:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/softnet_stat\x00') io_uring_enter(r3, 0x362c, 0xea9d, 0x3, &(0x7f0000000180)={[0x9]}, 0x8) 22:07:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async, rerun: 32) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) (rerun: 32) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = accept$nfc_llcp(0xffffffffffffffff, 0x0, &(0x7f0000000080)) (async) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000180)=@IORING_OP_WRITE_FIXED={0x5, 0x5, 0x2000, @fd=r6, 0x0, 0xff, 0x9, 0x8, 0x0, {0x3, r7}}, 0x8) pipe(&(0x7f0000000040)) 22:07:42 executing program 5: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864017bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000632000/0x3000)=nil, 0x3000, 0x9, 0x10, r0, 0x8000000) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x38) syz_io_uring_submit(r3, r2, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, r4, &(0x7f0000000180)={0x101000, 0x8, 0x1f}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x23456}, 0xf80000) 22:07:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000632000/0x3000)=nil, 0x3000, 0x9, 0x10, r0, 0x8000000) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x38) syz_io_uring_submit(r3, r2, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, r4, &(0x7f0000000180)={0x101000, 0x8, 0x1f}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x23456}, 0xf80000) 22:07:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000632000/0x3000)=nil, 0x3000, 0x9, 0x10, r0, 0x8000000) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x38) syz_io_uring_submit(r3, r2, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, r4, &(0x7f0000000180)={0x101000, 0x8, 0x1f}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x23456}, 0xf80000) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) mmap$IORING_OFF_CQ_RING(&(0x7f0000632000/0x3000)=nil, 0x3000, 0x9, 0x10, r0, 0x8000000) (async) creat(&(0x7f0000000080)='./file0\x00', 0x38) (async) syz_io_uring_submit(r3, r2, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, r4, &(0x7f0000000180)={0x101000, 0x8, 0x1f}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x23456}, 0xf80000) (async) 22:07:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:07:50 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86402cbc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x4, 0x18, 0x101, 0x7, 0x1, 0x4, 0x7f, 0x4, 0x4}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:07:50 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1300) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfffffffc, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 64) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (rerun: 64) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x4, 0x18, 0x101, 0x7, 0x1, 0x4, 0x7f, 0x4, 0x4}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 32) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x4}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (rerun: 32) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x4, 0x18, 0x101, 0x7, 0x1, 0x4, 0x7f, 0x4, 0x4}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:07:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) setrlimit(0x6, &(0x7f0000000380)={0x0, 0x5}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) sched_setattr(r3, &(0x7f0000000200)={0x38, 0x6, 0x5, 0x8, 0x1, 0x10000, 0x5, 0xffff, 0x7fff, 0x2}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r6 = mmap$IORING_OFF_SQES(&(0x7f0000634000/0x4000)=nil, 0x4000, 0x1800002, 0x810, r5, 0x10000000) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x7, &(0x7f0000000180)={r7, r8+10000000}}, 0x5) 22:07:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x3, 0x0, 0x4, 0x0, &(0x7f0000000100)="62d0cf7b0d22cb5fc5", 0x7, 0x0, 0x1, {0x2}}, 0xb8b) pipe(&(0x7f0000000040)) 22:07:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:07:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x3, 0x0, 0x4, 0x0, &(0x7f0000000100)="62d0cf7b0d22cb5fc5", 0x7, 0x0, 0x1, {0x2}}, 0xb8b) pipe(&(0x7f0000000040)) 22:07:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xfffffffe, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2695.068678][T22327] warn_alloc: 3 callbacks suppressed [ 2695.068694][T22327] syz-executor.2: vmalloc error: size 314171392, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2695.090642][T22327] CPU: 0 PID: 22327 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2695.099489][T22327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2695.109628][T22327] Call Trace: [ 2695.112895][T22327] [ 2695.115813][T22327] dump_stack_lvl+0xd6/0x122 [ 2695.120411][T22327] dump_stack+0x11/0x1b [ 2695.124546][T22327] warn_alloc+0x132/0x190 [ 2695.128883][T22327] ? alloc_page_interleave+0x104/0x120 [ 2695.134333][T22327] __vmalloc_node_range+0x58b/0x690 [ 2695.139618][T22327] ? xt_alloc_table_info+0x39/0x70 [ 2695.144745][T22327] __vmalloc_node+0x61/0x70 [ 2695.149236][T22327] ? xt_alloc_table_info+0x39/0x70 [ 2695.154411][T22327] kvmalloc_node+0xd2/0x110 [ 2695.158896][T22327] xt_alloc_table_info+0x39/0x70 [ 2695.163863][T22327] do_ipt_set_ctl+0x649/0x1710 [ 2695.168622][T22327] ? rmqueue_pcplist+0x157/0x1f0 [ 2695.173562][T22327] ? rmqueue+0x4a/0xd20 [ 2695.177770][T22327] ? __rcu_read_unlock+0x5c/0x290 [ 2695.182823][T22327] nf_setsockopt+0x1a6/0x1c0 [ 2695.187430][T22327] ip_setsockopt+0x2815/0x2c80 [ 2695.192353][T22327] ? _raw_spin_unlock+0x2e/0x50 [ 2695.197228][T22327] ? finish_task_switch+0xd0/0x280 [ 2695.202315][T22327] ? __schedule+0x44a/0x6a0 [ 2695.206872][T22327] ? __rcu_read_unlock+0x5c/0x290 [ 2695.211873][T22327] ? schedule+0x8b/0xb0 [ 2695.216101][T22327] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2695.221507][T22327] ? avc_has_perm+0x70/0x160 [ 2695.226078][T22327] ? avc_has_perm+0xd5/0x160 [ 2695.230683][T22327] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2695.236995][T22327] ? selinux_socket_setsockopt+0x145/0x170 [ 2695.242784][T22327] udp_setsockopt+0x83/0x90 [ 2695.247267][T22327] sock_common_setsockopt+0x5d/0x70 [ 2695.252510][T22327] ? sock_common_recvmsg+0xe0/0xe0 [ 2695.257648][T22327] __sys_setsockopt+0x209/0x2a0 [ 2695.262482][T22327] __x64_sys_setsockopt+0x62/0x70 [ 2695.267526][T22327] do_syscall_64+0x44/0xd0 [ 2695.272050][T22327] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2695.277929][T22327] RIP: 0033:0x7ff9d4f80e99 [ 2695.282324][T22327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2695.302098][T22327] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2695.310560][T22327] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2695.318529][T22327] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2695.326552][T22327] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2695.334501][T22327] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2695.342497][T22327] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2695.350608][T22327] [ 2695.353764][T22327] Mem-Info: [ 2695.356863][T22327] active_anon:307 inactive_anon:98583 isolated_anon:0 [ 2695.356863][T22327] active_file:4181 inactive_file:62948 isolated_file:0 [ 2695.356863][T22327] unevictable:0 dirty:0 writeback:0 [ 2695.356863][T22327] slab_reclaimable:5627 slab_unreclaimable:16015 [ 2695.356863][T22327] mapped:27489 shmem:582 pagetables:1177 bounce:0 [ 2695.356863][T22327] kernel_misc_reclaimable:0 [ 2695.356863][T22327] free:1716160 free_pcp:4071 free_cma:0 [ 2695.398253][T22327] Node 0 active_anon:1228kB inactive_anon:394332kB active_file:16724kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2328kB writeback_tmp:0kB kernel_stack:3968kB pagetables:4708kB all_unreclaimable? no [ 2695.424599][T22327] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2695.451569][T22327] lowmem_reserve[]: 0 2896 7874 7874 [ 2695.456855][T22327] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2695.485566][T22327] lowmem_reserve[]: 0 0 4978 4978 [ 2695.490690][T22327] Node 0 Normal free:3883564kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1228kB inactive_anon:394448kB active_file:16724kB inactive_file:251792kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:11072kB local_pcp:5448kB free_cma:0kB [ 2695.521063][T22327] lowmem_reserve[]: 0 0 0 0 [ 2695.525554][T22327] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2695.538234][T22327] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2695.554247][T22327] Node 0 Normal: 45*4kB (E) 21*8kB (UME) 15*16kB (ME) 23*32kB (UME) 26*64kB (ME) 27*128kB (UME) 25*256kB (UME) 72*512kB (UME) 196*1024kB (UME) 50*2048kB (UME) 862*4096kB (UM) = 3883564kB [ 2695.572847][T22327] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2695.582297][T22327] 11632 total pagecache pages [ 2695.587126][T22327] 0 pages in swap cache [ 2695.591284][T22327] Swap cache stats: add 0, delete 0, find 0/0 [ 2695.597351][T22327] Free swap = 0kB [ 2695.601066][T22327] Total swap = 0kB [ 2695.604785][T22327] 2097051 pages RAM [ 2695.608562][T22327] 0 pages HighMem/MovableOnly [ 2695.613324][T22327] 75959 pages reserved 22:07:58 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86402dbc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:07:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xe8030000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x3, 0x0, 0x4, 0x0, &(0x7f0000000100)="62d0cf7b0d22cb5fc5", 0x7, 0x0, 0x1, {0x2}}, 0xb8b) (async) pipe(&(0x7f0000000040)) 22:07:58 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1400) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(0xffffffffffffffff, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:07:58 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0xffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x2, 0x10000036, 0x40, 0x400, 0x1b, 0xab, 0x101, 0x10000, 0xdb}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) io_uring_enter(r0, 0x2a6e, 0x41f8, 0x0, 0x0, 0x0) syz_io_uring_setup(0x2ec, &(0x7f00000001c0)={0x0, 0xfffd, 0x8, 0x1, 0x3d}, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000634000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) pipe(&(0x7f0000000040)) 22:07:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x2, 0x10000036, 0x40, 0x400, 0x1b, 0xab, 0x101, 0x10000, 0xdb}, 0x0) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 64) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) io_uring_enter(r0, 0x2a6e, 0x41f8, 0x0, 0x0, 0x0) (async, rerun: 32) syz_io_uring_setup(0x2ec, &(0x7f00000001c0)={0x0, 0xfffd, 0x8, 0x1, 0x3d}, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000634000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) (rerun: 32) pipe(&(0x7f0000000040)) 22:07:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x2, 0x10000036, 0x40, 0x400, 0x1b, 0xab, 0x101, 0x10000, 0xdb}, 0x0) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) io_uring_enter(r0, 0x2a6e, 0x41f8, 0x0, 0x0, 0x0) (async) syz_io_uring_setup(0x2ec, &(0x7f00000001c0)={0x0, 0xfffd, 0x8, 0x1, 0x3d}, &(0x7f00006d6000/0x2000)=nil, &(0x7f0000634000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) (async) pipe(&(0x7f0000000040)) 22:07:58 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1500) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:07:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x0, 0x30, 0x2, 0x8, 0xfc3, 0x3, 0x240000000000000, 0x400, 0x4}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5}, 0x0) syz_io_uring_submit(r1, r7, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f00006d6000/0x3000)=nil, 0x3000, 0x16, 0x1}, 0xfffffff8) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:07:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x0, 0x30, 0x2, 0x8, 0xfc3, 0x3, 0x240000000000000, 0x400, 0x4}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5}, 0x0) syz_io_uring_submit(r1, r7, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f00006d6000/0x3000)=nil, 0x3000, 0x16, 0x1}, 0xfffffff8) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) (async) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) (async) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x0, 0x30, 0x2, 0x8, 0xfc3, 0x3, 0x240000000000000, 0x400, 0x4}, 0x0) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5}, 0x0) (async) syz_io_uring_submit(r1, r7, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f00006d6000/0x3000)=nil, 0x3000, 0x16, 0x1}, 0xfffffff8) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:08:06 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86402ebc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:08:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x0, 0x30, 0x2, 0x8, 0xfc3, 0x3, 0x240000000000000, 0x400, 0x4}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5}, 0x0) syz_io_uring_submit(r1, r7, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f00006d6000/0x3000)=nil, 0x3000, 0x16, 0x1}, 0xfffffff8) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:08:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(0xffffffffffffffff, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:08:06 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1600) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x461, &(0x7f0000000180), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x6}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:08:06 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x118, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x40, 0x0, 0x3f, 0xff, 0x0, 0x1, 0x80400, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffa, 0x1, @perf_config_ext={0xc3, 0x9}, 0x206, 0x1, 0x2, 0xb, 0x6, 0x80df, 0x0, 0x0, 0x6, 0x0, 0x3}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x16) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000080)={0x3, 'netpci0\x00', {0x2230}}) pipe(&(0x7f0000000040)) 22:08:06 executing program 5: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864014bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:08:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x118, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x40, 0x0, 0x3f, 0xff, 0x0, 0x1, 0x80400, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffa, 0x1, @perf_config_ext={0xc3, 0x9}, 0x206, 0x1, 0x2, 0xb, 0x6, 0x80df, 0x0, 0x0, 0x6, 0x0, 0x3}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x16) (async, rerun: 64) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000080)={0x3, 'netpci0\x00', {0x2230}}) (async, rerun: 64) pipe(&(0x7f0000000040)) 22:08:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x118, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x40, 0x0, 0x3f, 0xff, 0x0, 0x1, 0x80400, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffa, 0x1, @perf_config_ext={0xc3, 0x9}, 0x206, 0x1, 0x2, 0xb, 0x6, 0x80df, 0x0, 0x0, 0x6, 0x0, 0x3}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x16) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000080)={0x3, 'netpci0\x00', {0x2230}}) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x118, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x40, 0x0, 0x3f, 0xff, 0x0, 0x1, 0x80400, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffa, 0x1, @perf_config_ext={0xc3, 0x9}, 0x206, 0x1, 0x2, 0xb, 0x6, 0x80df, 0x0, 0x0, 0x6, 0x0, 0x3}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x16) (async) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000080)={0x3, 'netpci0\x00', {0x2230}}) (async) pipe(&(0x7f0000000040)) (async) 22:08:07 executing program 1: ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) getrlimit(0x5, &(0x7f0000000080)) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) mmap$IORING_OFF_SQES(&(0x7f00006d4000/0x4000)=nil, 0x4000, 0x5000008, 0x2010, r3, 0x10000000) 22:08:07 executing program 1: ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) getrlimit(0x5, &(0x7f0000000080)) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) mmap$IORING_OFF_SQES(&(0x7f00006d4000/0x4000)=nil, 0x4000, 0x5000008, 0x2010, r3, 0x10000000) [ 2711.478684][T22481] warn_alloc: 1 callbacks suppressed [ 2711.478694][T22481] syz-executor.2: vmalloc error: size 314195968, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2711.500686][T22481] CPU: 0 PID: 22481 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2711.509470][T22481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2711.519742][T22481] Call Trace: [ 2711.523003][T22481] [ 2711.525916][T22481] dump_stack_lvl+0xd6/0x122 [ 2711.530496][T22481] dump_stack+0x11/0x1b [ 2711.534662][T22481] warn_alloc+0x132/0x190 [ 2711.538999][T22481] ? alloc_page_interleave+0x104/0x120 [ 2711.544538][T22481] __vmalloc_node_range+0x58b/0x690 [ 2711.549859][T22481] ? xt_alloc_table_info+0x39/0x70 [ 2711.554957][T22481] __vmalloc_node+0x61/0x70 [ 2711.559440][T22481] ? xt_alloc_table_info+0x39/0x70 [ 2711.564598][T22481] kvmalloc_node+0xd2/0x110 [ 2711.569087][T22481] xt_alloc_table_info+0x39/0x70 [ 2711.574118][T22481] do_ipt_set_ctl+0x649/0x1710 [ 2711.578862][T22481] ? rmqueue_pcplist+0x157/0x1f0 [ 2711.583781][T22481] ? rmqueue+0x4a/0xd20 [ 2711.587922][T22481] ? __rcu_read_unlock+0x5c/0x290 [ 2711.592933][T22481] nf_setsockopt+0x1a6/0x1c0 [ 2711.597513][T22481] ip_setsockopt+0x2815/0x2c80 [ 2711.602356][T22481] ? enqueue_entity+0x4bf/0x6c0 [ 2711.607264][T22481] ? reweight_entity+0x22/0xf0 [ 2711.612011][T22481] ? enqueue_task_fair+0x443/0x520 [ 2711.617184][T22481] ? __rcu_read_unlock+0x5c/0x290 [ 2711.622262][T22481] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2711.627650][T22481] ? avc_has_perm+0x70/0x160 [ 2711.632221][T22481] ? avc_has_perm+0xd5/0x160 [ 2711.636891][T22481] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2711.643263][T22481] ? selinux_socket_setsockopt+0x145/0x170 [ 2711.649063][T22481] udp_setsockopt+0x83/0x90 [ 2711.653562][T22481] sock_common_setsockopt+0x5d/0x70 [ 2711.658751][T22481] ? sock_common_recvmsg+0xe0/0xe0 [ 2711.663844][T22481] __sys_setsockopt+0x209/0x2a0 [ 2711.668764][T22481] __x64_sys_setsockopt+0x62/0x70 [ 2711.673804][T22481] do_syscall_64+0x44/0xd0 [ 2711.678207][T22481] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2711.684143][T22481] RIP: 0033:0x7ff9d4f80e99 [ 2711.688541][T22481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2711.708552][T22481] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2711.716999][T22481] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2711.724951][T22481] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2711.732906][T22481] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2711.740857][T22481] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2711.748815][T22481] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2711.756811][T22481] [ 2711.759982][T22481] Mem-Info: [ 2711.763086][T22481] active_anon:309 inactive_anon:98500 isolated_anon:0 [ 2711.763086][T22481] active_file:4185 inactive_file:62950 isolated_file:0 [ 2711.763086][T22481] unevictable:0 dirty:0 writeback:0 [ 2711.763086][T22481] slab_reclaimable:5631 slab_unreclaimable:16053 [ 2711.763086][T22481] mapped:27425 shmem:584 pagetables:1186 bounce:0 [ 2711.763086][T22481] kernel_misc_reclaimable:0 [ 2711.763086][T22481] free:1640467 free_pcp:2930 free_cma:0 [ 2711.804334][T22481] Node 0 active_anon:1236kB inactive_anon:394000kB active_file:16740kB inactive_file:251800kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2336kB writeback_tmp:0kB kernel_stack:3920kB pagetables:4744kB all_unreclaimable? no [ 2711.830909][T22481] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2711.857796][T22481] lowmem_reserve[]: 0 2896 7874 7874 [ 2711.863100][T22481] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2711.891797][T22481] lowmem_reserve[]: 0 0 4978 4978 [ 2711.896908][T22481] Node 0 Normal free:3891096kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1236kB inactive_anon:394000kB active_file:16740kB inactive_file:251800kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:4136kB local_pcp:1592kB free_cma:0kB [ 2711.927178][T22481] lowmem_reserve[]: 0 0 0 0 [ 2711.931774][T22481] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2711.944369][T22481] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2711.960381][T22481] Node 0 Normal: 1330*4kB (UME) 1081*8kB (UME) 880*16kB (UME) 1049*32kB (UME) 946*64kB (UME) 987*128kB (UME) 171*256kB (UME) 21*512kB (UME) 12*1024kB (UME) 22*2048kB (UME) 862*4096kB (UM) = 3891120kB [ 2711.980193][T22481] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2711.989491][T22481] 11640 total pagecache pages [ 2711.994152][T22481] 0 pages in swap cache [ 2711.998292][T22481] Swap cache stats: add 0, delete 0, find 0/0 [ 2712.004390][T22481] Free swap = 0kB [ 2712.008098][T22481] Total swap = 0kB [ 2712.011817][T22481] 2097051 pages RAM [ 2712.015663][T22481] 0 pages HighMem/MovableOnly [ 2712.020342][T22481] 75959 pages reserved 22:08:15 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d86402fbc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:08:15 executing program 1: ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) getrlimit(0x5, &(0x7f0000000080)) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) mmap$IORING_OFF_SQES(&(0x7f00006d4000/0x4000)=nil, 0x4000, 0x5000008, 0x2010, r3, 0x10000000) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) getrlimit(0x5, &(0x7f0000000080)) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0) (async) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) mmap$IORING_OFF_SQES(&(0x7f00006d4000/0x4000)=nil, 0x4000, 0x5000008, 0x2010, r3, 0x10000000) (async) 22:08:15 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1700) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(0xffffffffffffffff, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket(0x10, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:08:15 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:15 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r7, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r6, &(0x7f00000001c0), r7, 0x1, 0x0, 0x1, {0x0, r8}}, 0x0) pipe(&(0x7f0000000040)) io_uring_enter(0xffffffffffffffff, 0x4708, 0xc802, 0x0, &(0x7f0000000080)={[0x6]}, 0x8) 22:08:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) (async) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r7, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r6, &(0x7f00000001c0), r7, 0x1, 0x0, 0x1, {0x0, r8}}, 0x0) (async) pipe(&(0x7f0000000040)) io_uring_enter(0xffffffffffffffff, 0x4708, 0xc802, 0x0, &(0x7f0000000080)={[0x6]}, 0x8) 22:08:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r7, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r6, &(0x7f00000001c0), r7, 0x1, 0x0, 0x1, {0x0, r8}}, 0x0) pipe(&(0x7f0000000040)) io_uring_enter(0xffffffffffffffff, 0x4708, 0xc802, 0x0, &(0x7f0000000080)={[0x6]}, 0x8) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r7, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) (async) syz_io_uring_submit(r4, r2, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r6, &(0x7f00000001c0), r7, 0x1, 0x0, 0x1, {0x0, r8}}, 0x0) (async) pipe(&(0x7f0000000040)) (async) io_uring_enter(0xffffffffffffffff, 0x4708, 0xc802, 0x0, &(0x7f0000000080)={[0x6]}, 0x8) (async) 22:08:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000080)={0x38, 0x6, 0x31, 0x6, 0x20, 0xffffffffffffffc1, 0x7fff, 0xfa4, 0x42, 0x800}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:08:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000080)={0x38, 0x6, 0x31, 0x6, 0x20, 0xffffffffffffffc1, 0x7fff, 0xfa4, 0x42, 0x800}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) sched_setattr(0xffffffffffffffff, &(0x7f0000000080)={0x38, 0x6, 0x31, 0x6, 0x20, 0xffffffffffffffc1, 0x7fff, 0xfa4, 0x42, 0x800}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:08:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000080)={0x38, 0x6, 0x31, 0x6, 0x20, 0xffffffffffffffc1, 0x7fff, 0xfa4, 0x42, 0x800}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:08:23 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x63010000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:23 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864030bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:08:23 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1800) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:08:23 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x8, 0x1) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f00000038c0)=ANY=[@ANYBLOB="0100000001000000903a66c0a8e2c818000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) statfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)=""/240) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r2, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) sendmsg$nl_route_sched(r2, &(0x7f0000003880)={&(0x7f0000003780)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000003840)={&(0x7f00000037c0)=@newqdisc={0x7c, 0x24, 0x100, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x2}, {0xe, 0xc}, {0x5, 0xffe0}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x8, 0x1, 0x4}}}}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x2}]}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x4}, @TCA_EGRESS_BLOCK={0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xfff}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040084) sched_setattr(0xffffffffffffffff, &(0x7f0000000440)={0x38, 0x2, 0x10, 0x1, 0xff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0) r3 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) writev(r3, &(0x7f0000003700)=[{&(0x7f0000000280)="a9ea1723a0038b02c26b824bf8fd588d85f0af275fb148c40a0f7a4254523a61a0dd118fb52d954ff4adab50ac0a588241", 0x31}, {&(0x7f0000000480)="030703759988f7a8611a116955137f3c31e5a3d7625daceff952ff1646c2cd4f299ee539eb5c328be87a7218c72778e02a85235695381fe3c4e38b3839ed2af3b7a5a46d71d51d99c9685f52949daa325a619d96df0bce9897aaa484ad5a25f1ef424a464ed107358a36f72f85130703bcde48c0b9f2b023943df78040e14b6957c7c0bb224f933520f2532b4f1d551f6c73fb4d203384dc3ea2ecd08bae56dff9eb02803f7fd8c99423fee603fc32379bbdb7aa5f38408cf1ffd6e336a67adf16630b4c8b90ebe4e5c88027878da01843ffe734df53e7f3f2eae96d190a8f740323daba73c0052e056df25bf2118926670d6378ea2927178db30ead3fdc4ecff96cf1dd6cce844f275031efe75e2dc1d962478a50a4cb7870f5407254809a18adf2b34194c30552e09713ee6911d232252b53ef87580bbf2cb4f67c21534ae4f76304d53e1cdfad17e35046b0d0b730fe900a6c20f0c84e9f541ae316c39c4127ef8445374362035c1cd99263fbc3512fd9a90abf4c0dc68297b9f5eefc3c8c5f27c966c6f0e4017cedb0d20fd9898d7ebe4578caa9b4102482a1ee4e4175bd3e0b42b70bc9b1f73f69053c64f02cae99e354605526f7eb414231cd71be50d993476b7926bdec83b85027273a92e7a902c295b4a2fd5e2cc802a757b2316d69552f23cc994d343e503a9656f7f591c8b7e96842a92c4eed77b9c76d3cf92b6c072afe0117eb1a85cae61a4d201e9e0aa7ba953d9e0af6421d4727bd9e791800e70995fcd5275b4ad5e826ea5d6ba43b1c38f475ac170ffd50392499de193932e46def5eff019a60126716975932e300118cb2f882ea6d8cb86f6591c87586bb370106a3f517982968b0bd6ff79600ce27cbc6e6a2e3335c555c332055304becef15139467f1d7f640f4b0801d67dc6711837d5f9ee5d4a8e50825e9c03acc4132222bb64ee7437d7984d4358bf873cf1edba122c3d96149a2e3edb2978ae11cf0e329a3315d5b82223871b6e078c20db7dc07256bd7e081c1afd0670985fc3e71c37db70335337e1e1b2ef7740850dadd507c43001d2a73e03d0a22044dd58bb3ba6aa8c181f5e31076a0cb696e31c72abed45e3a58770b84a0ca51f39afeb46db30621cd8aeedc0a9e6eaf4b3e925c00cf3e754fbc1b4e35be563ff5ecdfa75ef6f36835b245156a429517aa683fa04048e6d9872718271321145573a702dc6d036a1fc7073a95dde95e4df0f536601d7f8c5748c18f091fa92312f092aeadc0da0c5baaa83614f3694b9c322863701743049aed72b104ab3770d1d4684bd3ca1558bc7b7e92eb8b364ed5ba786acad23d8f4ca71636e2d29368eaf9283a9bbea321d86626dcbe667b7651ad5adb11f599eee8ef3f23dd1adb2e60b21c0521348042cd1650d85c6e7282e04193127afdb63b4861b7455701bf097c38e9c58ee51f08870cb21469dde6796e1331fb6e6e081ac0ceb96d37254243128aba47c40e9538fa1b27db305cabc804e3da4400770367a81f2cb6b7dfb2f521e0b9a8e78b239cd7c284fb6b88cb144d3587b49791c7399c94849fbdce32b0d110d6d446ca3f4afdc4a2ace20e2e6e347311b2a99703400929bd4957dc04a7fdc608f61e69b37b617fa30b65f14694807d94cdcae6b550b972b9a5864e18022ab66b5b47de07a1049b88d3c36bc1ceca04b7685d607d0edba6e90b4a5af1c8164b4133a2ccd8e0856340409f9290026081f9f761678489c4bc9982321b999ccc82f947ca26092e55dac73563d2ca5c4cc78f8316a5b1dfe1b2eaf8bd64935c421a0ed5459d286d892fa435bedcd6f59575acb9e46a8641cc606efbb64cca9810f8f54dec5298ab4c1d2a3c8f7097f9248b4cc7ffa015baa3d1fba89de02c13d289e019b5c3f5ba6ade52abd5d20daa69293093863808679cf5ecf8dca893ee199b0a126852fb70fb1d8a67b0336ffe1940419dff059e9d84553cae3083d87f62cf72c6205d9d240e94189a54f54bb3f23c5964f6eda828cb1e9af240234886896d5d3c2cc1d91d866cb7ce10c9e330ac92f50b9b90c4e0292cb4afe7e47f1641720694d560cb9cd5e2e07fe834b93fb80c81a15121592f2846f3496049b5a2f2f22fa6b83c74e0336cf2ae769b6636cef4e5695e0d2ba31bc88bcbe09a439c30b413634e2cfd6d5b5f45d584f3b26916ba85d9a7832d7415a06686085144c1eebeaf4777878c5fa7f23d2c6132c31c466bd406438640809b8b4008566a9ef7ab40906dfb80e3e3d0f4a958160f630c54669c5a176cff3d1b2224aaac95dc8ae253efbf78a5408f744f0a56d5c22202014a977981706dbb3fb48bc28df3778188d48806ac953d99b8ac316d0adc4cdc633d13733e23c446433a4bcf7906ea6c94abe540f01a8980eb4f19067b0c3895bb1121f5cdf3fa76b20a0c749d4379b54182673cd6dadac2a5cbd896bd1553b48a5325b02bd9a0d4c6932c385becdcb606c102a00b049dbaaecc52583aa6dd362086c0fa8c6d8c2e52ed1179fd8e9e91ec3a4f2d4865af2f3ea39b4e37a1690da1e81c70c4cb3ad914456a903076bbc9b457ee27a58063b2d855e105189954a442e7b510affc11501b41747048fbcf8f9e40b29e2c4cb4965b62c1a3da21c7eabe3bc4a613ad60c496bbed67bcaa6ba527623be2f83fda896dbf58e386838a72ff8f0cd32affe70cf0e24bc1a3a05b33faf69883cb191bb9d869f01a3224ec9b0cd59b87a7c24fe06ab454ce4d36ef1e654357c93633de2e2596e620a286b05495c43f6b78f8812675d847f5ae0efa5131c6238a47c863f5943d72bca80d4293f58220664175775f18e279091a9695b583fc1a460dc9fdaf68de2d802da7a0cff35f26f98eb32d68d949be937c832c67a37ec2ecbb668b129a0abb2242e1bf4a23e246ebbe0d46d85bf2538233b7b8ab80a77df2d18f6810bbf5c453c5e9b574d636f93f49ffb08cf9cc9e414ece3b4697718e6e4c23dc45bc0ef0ea0cae319e8484a911ac57f0d05ee62ea13e1dbef79fd19f13d2111bbc24db90715a6f148160ac3be36525b4ef29d3466034cb447930aed6845bb65f8fff2e0fadf366bca29ecffcdb0a0c9ab74518724785d11b98dc9c4297088ba520d5140c6bdeb0434484029e6e353671f951494093b67e1193a88484b811b988f5767f2e1db8d110fc9bc83fa4fab484a2aa1fff00b01f8ecb677e89ccfb7e0e300b4a4f83e56672f8f2976f586ad11041eab3aea6861813347bd89f1714183318b8f34f3a9fb418e878c57390e0b6dd3e1da67f5966bc9600cd8a1e1cc598d0eca334891198876c42ffa658a9cb72642fa3e72e203fa1a0bb36d9d70443e7ba5f594b25d9e72c045ccd586c1bdbd9512e32ce87ed79aa401ed9d3b2f2775b872e74fa356643a82b5fe0bb4263df0dea30018f6cc0e81639c8d94ed4e164c9d78c450bd85ff989708661e6bf86806d077ad1739e57a8c3f55ae2516e2928bfa2f51906bc4d694cbcdad3a1435644684f3bdcc27bc81549566aa7c0e496ae0fbfdeb9a92cc61641f01022b558afb7f9c578d8c140d1bd13040bf2344c0bbe166e5c0c9b3932249cbb9ba00306318e4b5f78e460199dbad585d73c4960a68c480035d7d0d4502d376da9f9ba43180f953fa9f100e9fe489a0649af9c4fbb5844ac717c90632766a84f8c83eef15f913df8e9ce1c3da3a72d3cef3e19ec6573c921cd0ed1685cc7e071931b5cd365b8705093a918dea15c1494a7db9045288267eceb39eef0cace38f563001fbe70ffbd34e321c87d681dfc53ac075dae13f2481da625c5e231aa9e8a0fffd28e1ee11455d059e34c272d35d008f8ef540ca95db2c389c25eab06da6279df8c621a81188f01db48a8fb6b27435bac72b41667602474176c34d5382acbb717e3a34abb62ffe9b1ff0a61915aba21bef939b4661688c5a6e76e343879b5a3daee10561758cdb3757fe3bf0440349737e39a0ebc346c348cf0cbf74efd1a09dadab896dcfd42527f18648acf3ecb152e7d7255d1978bb5291f1da1cf5996a112ef414970dde757917c901347f573b70a0cbbecdda06d03331ea0230a19262f87ae725637830b0b80bc78ef74db14ec6bba73e77dec890986f8527e5675fd0d6c4e2026de5fa60992b84757876539c3ee1f3c8408d0a9d717abd915ef893e52525f067a855677c18e53e622d34a5ac0e8d6d7d1059b74ae1c7ebd345432929d60640b30e5fa8ce49111b0d85546f83b4d917ed976084704fb10aeeba397862417eed6942351902604832d1dec71f2a406ebc5071393ef44f48a5f04ea02e01b077d7fb9216d915a38453f16f82dd497f448173815ba4ee7b932cc4c0bc01a08397b39df770c6f48f707b9e141a568c1cabe7166a59cdbfbfbacde7acbbf4eeeca872d2a4e970f637669f1dbb4d46489d55efaff5fde39f4f3cbaeb5b0029013ba103e4a383d1852634dbc5bf98ff16278e754fe9e37b9e3dc550da526e2850da6afd3837cbc957b096ff79a185cbfaca9bb0a796a8bd12299f5e0aeffd7f1bcb1df7ecec100b978f4554e81422c797d6b3ec47a44a7238592f6b0ae0244dd751dbb3c8f42552e1dc6fa1f1949e9d96d2da58c8d98d1e6c5d282dc7e114aaaf95a0c017e97abec68cc7879cce8f6438e81c602c8dc41f7b6ece6b5d7bb7681f2779409a61c6864482841b18c3abb0ad80b5c892917d3301b1c97f046f15aa7b32356639951a5bb2930612d37734f1cc67bed91a03f9c8087b52bddf20b0c5d7fa56d092cc8a5858cfb060d70d586e10de7043b9341d75cb64ae49e295469783f77e5b412582d92af73d68ab2f5e49ac8f7551efa7ea571a5432f440a581399cc3c317e31fbe08938fb40e0dce4f2f7b38b1904a41a0872be9b2710c7f4affed19beb057a5652e3629e2a0927a3738efbc96ccc5c6e2f04ec979579599b685b002cde95fcfd4fb3a4420ae524891730493091a2ba7bcc5eb5161978768e46f646bc4ecb6bec3edb787d1ad963e44a0d981896900a4e41820413a68d6955264995ed8840881f5303850ad2098921153769c94e660f41901780c6e57606becd586a3d178d6f23a3b8c22ccc70458ce995f545a230daa198a9b63ade4dd1cffa7333b55182b4f1cfc2850ae248c964feb1636b6a751cc0b7ea7a165a0af873b6a2e98b67bd5d00d33195fb8afb965728016c888f1ecacca6154be13f2295730fedd34330349506eded68adfc1086b0c1d5638aae9723cdd7dc85e4dabbac9c33e0c23bb844533b2a6be8288c02c59c5938d42f96eb65599046d62e4ddfb9293487490c07b605998781683a53f072e88dcbd4e880dc3333b7338ffa4fb00c070e25d7f903141f77114768250db491d34df3a001c6c736f7be60756e5dc9d83ad506bf789764520b07b977596228d096cfa4b5d4b202842f43d9967bba800cceff8b542506dea96470adde7be6ffbfef983a8610c9a425400a688a44084b819037e3ef014620c7858d01762eb4aa36c71288f5f9b81a5ef6e885af6bc0ba0440e5f128f87411918524ff12bbc8e745b37d8fad451490d53131ee4e2cecd0ecf1ffdc25c3ec28706f88d045ad0f7796e58fd668c1d4d074328774a3948bee1c920d417bd194da5fc95364d78cf24b91327d40c8c6774c852a97e1b6cdc7b6572e1498b0bae4a94392eb3fb9acb900d49ec3fc7e9f2b0134aa0b2cc4977e5e49868259070566b2d814bdef2fd0da2c95fefec2b0f1fea72f27e9d0e28f36d4a841d11f8f8b07411d88da21ff9f78856d4cc9d1d02b45f4d381", 0x1000}, {&(0x7f0000001480)="0dd3bcc339f1cfd09369ae00d4e2e81ba161df0a23ff49bbe6c8c05976c326c4f7f45c8d06e6def7d5dc3491631c83e6a51e6c2fcb9ecffc8692516e080891151cbc1e005c11a8767e3a4039b2f96e90", 0x50}, {&(0x7f0000001500)="db19784fba765f8453229da5c6f832cfa6120ce7ccc4d383b478e9f31b1a9c325cd686f421c7f4c7ca09183e0b23fbe0479158c38cba4389c244f40c7f85dd55531a4370ace646b09b17b4cd7b3297ebbe47d466cb3084d44d595b2cdd40c85e0d7f30812140d9ae76eaa73721f9cf4f73e48b9740aed3c108229874dac1a8050e0a5ce6e4b69c8a7faff043d4098c87c8c8dfc1fe693551e35993d1f86f92fb70017aa64e25766c9aadceb14f4c7f31afa1d313ded7e24a8d5a03782ea4fd45a45004c6b8516f9de2b70772e26b516de61948d642bffae7376bbd2c4bd1ab8630dbfa86e0bd9c122c4fc491f1446ef7a605d25d4893ebe45d76c280eb78458cb4cf01c67c2880be6f7c8c8fea4a028118dba5cd74c05408e8c3d07b20acf7f2be3e4d93f89669f8c4bee1743824661ec294ba76f668e7bb4c580b8e6dbfce31a8591a4dbd44d4a27fabcaa378403fe196380b6c6921f7d835bf17c6894319dc9f3cd682ace0c059067e47aa59c910b44f0d5c55450e69491dfebaede53171663403bbf358147e48f38f973b0965b0c4971c4cd7b77891fc54d314c8cfc7551db94509a78775b6bb7c7a3b499ebf25e92a85992a6033cebaff86ed875d084c53cf739e51b209d917f49986c80fad0247cc27a90ccc1f0348b19fa73742bd97e66ce4dcf9c840672a0f213ba0bc81a653c701fa8912e7ffb99a0670c33169c9db4370d6a3898d87be666d6a138dbe3408c5a69fd259e6d681935164a7304b290da4182461b33c81ae7eace99473140985f8a41d4468d4cbfa5ce042c719569096ea6163b6fd88b956c455ea20ab2adece8eb90190ccf7840d5579195a25ed8b1bfb0e87c6e3c8a54afad265ddbfbb12c0efab24a2477f6475d2ef7163c5f6fb6d8bd6027d1c39d53452363dc610e012b8f78cc647ae9b9e418ce89c17c1e6ba03dfdb8df8bdfe282c1308a08ffa66b214648eacd4d70c4a0314d8a71889671e33695a06bb6b39e145a4a7bd0f812d57bf385a0adeff85cae13a8d0e608ab7b21152280d8ec268aa83f8a1e37c40cf445faf4ba6da62fd924a84a3f234104e7c175541a749af8953996769b7c00fb09b787c1683b57a6cd715186ae598b78b04d959c96d5823c983b9399bc3471382b90f26edee6620ae24b91a3cd835651f9a3960f32bfd0204e6f7492072340b874d379bbdbeac49e86d17cc86d6d699f0b7929d90807eb94db6f38ae10903a4286fa3f6a0dbfb8738d08e0eca4e858ab6add1ff3c3f1c38b0772934b363a9872b15be01454cf9e504f5228c5dc5ab86df12ba1111da838b823e1dec568b145800c7503beb47f61ab4d65eec2acf2ad3144351503b1058b5986650815c8201e1991c6d40c5af4bc9d483ff435f94a240f2938cc3f34e62f37ecebe71d1c817c63b7c492d9effc5065365ff560c6ab34396ecfea5b8f32d5018b80ec4bfec91f43638a79cef6c087d7e44532055f115c85c036aeb1b6735be5383ccaf9f32f545bad2d10103d5397727123459e1d20604aa6925f402e6b7a787d834da56dd94b60c73623b5b7c3ee501be81fdbae4a39ed56390a772604839d1a7d38436996395cef97c393d62da6490ce4945ef89394fcd3514bb1a018e3808e74f3bf85fc29a933ba6761c81a7f003aad40a767a7c0017c1ff1f65fb49829f5bb977777e71d564ada07413a2a77b0f90939705b0b102e31cc25ec3b12bbebfffd13151078ee6e6d432fd74dd58d7190e383ff3bf47f7dd07a7434343cc859e09d5358025a48352ab8a19893afcfe91bf5aa60de889fd803e5b25bb96bdc42e7f7808f79c6519f6aa518c518ccb3a9a1ccde66cd776f91269a101a3aad8415ec3e8fadd647242201b3cc5f5f966bb8934bd5abd00bdadf7cc24f90f9197a222ab0ad63c5d13d5480918719add49b439d15cd7cd8aede33323c8a4e2a52cc8399b26eab57af353394ee0a62a27dab411e7bf3e6acf51ef9aa75246a69586a4e74908e509379cbc08dc5c01aa81213d5cc1018c132dc5e135cd9c99a21a83acd7faf4f57caa86044d4e5cbcdd114532efb628404d4d18628cf74b31f5925bf431031b75a00955da728713623abe38638f4e0e9c7fd6924594b7d46f3c9016084f4342eba39c47730c9b08ed903c29d17ac09533fb2cab84950dbd9cf40dc57f3cafabb13222408ac5d17a466cb1b0729b8d6ba2d7216f795d48fb8c9daa4264a0eb9d2a686db9101580aa67b1ef74adc45e07488e80a565d6acdf2f1458ece58947a68f22d4c6f82941fac3f9d497eb0722011740efa1a9c247afd064c82d626d48961bc35e7f231bdac0b711ea22aa0c8cbb7bdbcb434f57a43afb0e5fe52e38de965f705f140cc26ba8561ce00daeb61ca2e9b7103b46252ed05ee76129a915919b5869a8e4d1549708f816e0ff856b58f8afd920495c67ddf5cf1c264b17d9c33b5edab1e2e65b09308893cff6ecc27b490afeda59220f86422e64c8f7414adf8906fb427125803a2ef0f0e4811ab3244db8651f9d5e340cba6de8dabec92c34380db26c0110323682d03e9b88d50fd046b162e32524a687303df8977070716cbebcaa6607554e8f456f6af5825c72d82b90e9b0659617bdc3edab7e7512b69a94876e3303f81060c5686911567da4e4edb378acd247368566b559b699c66a7f2af9b3a509985414d3015d3002c77e3b2e02f33957928dbddc6462e92c816ef48699e04e0e636b936a30f4751a6e63f638535f2e0c0cd8e765b7e7b4822f59c0f2df47cbe684503d9f6b3c3016627a726868e2578b17f51d3beb9e43a838209243ae29cd7382aa478420f6f7db5cfe9901a52e2ca17d8dae4fd71e1a73de35ca6052429b9661ff6b87edaf850554024c6b9d33c023a6f31dd4d00a73905815a819c963ec24eaad91c8987f2e0cad7f5574855bcace8e077d6777629a8fbad82a45e7bab7be97abbaea6afc31fb00bf7f093e933cab9b0d22ff810080fed19fb4c3ce2d312372321faa532ad44fefd34ccd8fb41ab79806cdfdb9762f90932d4f951fd5b9369718b1cbd3660a293454d622011a221f67e04fa071ab9f94a3b31b659770ac496d1238258d53d696f1e0753d141986b3e4104bc27f88e15aa4b609855a282526364dd2aa5f8c7f9f89515bd733cfe874a8cb000d0433699284ab118d2cc7627ba7f2b6d54dd6c1edb4c4dc0e1f7a6d1dcb27e443927fdc25133a94f97204423863e836046cb72bc829fbd8b418627de2bb8fd0ca6e4fd82f1be59ea4d5461792783efb15ebb109f9fcb10e57f2e9ac488cc8a260e5beca45e671bbb44f373eb02a973706fb4659865136213544c113dacd1deee84e33f37245df4886048005622bd63b13ef65819ab2f6ec6d29eeca8f577eec8d932ee89d7c240b597ffcb52ae9cf889e3c54ff05a0637301f703fadddd1f49efc46bd77b9aa01293cd6722786ef626bf0a672dfb077bdeac4f47d643612ad526d00cc8e94c8b74fdab471c7ec445d6b42c90df5ffe88a3bcfe07fb6d5dbbb3870416254609097b548bd9d881c9bc9f016b34353110bfda1481661ff40864ce1a373602425ca94b76ee6d88d1895e911437089a4b880a73e858a0114f104b4deeec203a5a21eaeeb7fbe3490233f92f3b069f663ba98d4e07872dd12f87957ae7b42e5a421a8ef4bc81c05d2ff3d34dc257dc992643807260e27bd8bb3ed8e70f2415b938bc1c977477df5775da39a4db98d4394775914be5bac5a4ab5549ab0c1d63f6dab05a0fb6d11512b53ce947850cc13a961dd19991b449cb44316736ff01d6e3baddcba95abbafc19288970ab4ebf566d73a1aaa51270a13bd8591f6a7bf8b65ff9abb3facda806a487681d42950a55bb8bc985904b1c6ffb58491428f2a5c21728c4e1ec392b73d92860e8787ee0f3f5a9ae02c7d6fadf93f61195d10ac0ac9d8e42c2471842eb08c0641895c6e0dccf422d1e75f8f74216de1d421109d19623f019290ce107ec7479ce3f5ad7b6cbfc4ac7dc22186e458f2cd3307336e7032eae7bb1b7bcee9a879223e6bc7bd751c0f07f69c1337efdd2856d717e0423302ad61d879e56525b33ca374dd54c750dde33394d1afd7f5c21304aa04132b7003542d1336212bd2571de9515f97be275cf28bbeb202a07e5e9e7ddf4a2d44d6072107d885e8c8f2faf5dc696e31465b5d35f0ff00ed1ccf898faf767f58e7df68acb782a1aed12c6c3f94c1a4e50d412618f58729699aa410c2c7620e67573842d8ddc8f1d90067f0e8850c307ee42a61c1d6ff4f15c68d951ab2cffd4bf2c58adafaad73f9e59125673687d86877da06d054c2d873b95a7212b6dc675a6937f6197f97cf93a7acf3e5b2b8884ea17c7861c7a44f8ed50beb2403506bfac3a1b2c9ce28d24dfb5f6522af6d357268a4a142a9c1cf9ce2eddeb1def158a2fdc0b879b9526c8a81bfc06687e8ec4fe8dd7e8bb7d5c0d2867674c487f163ca7401aaffcd214ccc9320f7f50c34e60bb392acade27c1abd4efd01deb3633813c618697681807b34c2fdad5172caa2a10adefd4ba17a396863a1ad38cec478924700931952877478cd734464c85452172d2127dd3e03685b7376d7c28840cec248041bd673043dfa7fad594cac0fe81b2992cf60aa7659a623cbac224fbc0c3155c8e43f8c7f5a0bc5881f1db2bc84e941589cc4f4a5fe9a03f84fabf82c2f98f3ddd9a08c936fb3f424a3e8938b05b7ffc5f0b3b1d89b8059a6627777f548b3abc2ef04afe568e146129e72338ad7590902fb4caafaa541faf49fc73b0c7de27c327d856fce3353ca937ae4f2684ec7b0c9b4db4aa0b1fcffa22ca23ba8f989684a1c7f1d47a3d1514dbe11a77d9ede3634c5577c8f43d3b0ec12c5291467557be57c9368fdf7e8a7f777241c1e2af588e227706d1d93b223a026042989aae5d40c8b5e231b609e8d16dd51adab1840e224e3c7ae23374c6d9087490ecd687e88317554f07424942dca93c013e7d78ce9a5f7a7952507dd79dd4cd72cf63c2cf130b3d739305e22981dc0888bbded528cb2fed43f8d6c76db4e17cf9431156bc9a90454479653d0c67037e46d9d123dda19f5ce28b5fc0a5704e76a4ba1f25df0429dcd7ba3b29be8498fe784a7732cdd0d83c504fffb2e6fdb2d514231d6c91e93dcf6f91df48bd3205cd64f1474f5bc8202d1484842ecae3da531c05ac2b7ffa6e233721a3359a9f287df5ac3f79a06e0abe4246cd678dd3d71c1611277627fe8fe93804edd3f32160ec1325e86cff91c2826553799d9d685a9551575c027b5415be1c2daa81472e307aeed16d892c252974333e4ede61501db644310758c418d23b1e9fbf0ca6d6585947df5d81c1035de58d10a3273922fa946244cfa9da5531b7827105ac9db262fbfa1ce97460aee7b55527298c1c346558e4c045034521fcc515bb4053aea20b2e023e649438df0864357b0f1c7469d33c0243c5f5b42f6f068d366b07bb7b151937a33bc1befbfa24843d449d567946bdfa390d8c9f5c14c10445e0bc0b78ff9df0dc61b1722bb58d19bf8b7f88322cc55037fac67d395238f65b7fb3610512538bcc611c17cf05a940c0e9a8c000b69ffd4a276a25df5e45bca8c4e1c8b7cafa54c396c80647a35a88d2690d734d1de49ceb040020177a297f5888b646c516a9cbe633d70f1691ca68174d6a7b79f854256e6a041dddfd2b58bd7b63e33d31382e2e1efacc106e5a0412ccea1b6802aafa8e54a53018dc84755c8f3d96a0953c6644e418380ccc48995bbc37e69022b58494cb36c", 0x1000}, {&(0x7f0000002500)="9e70b21025d8a097033a6444335936e77b75920073ca716ac1ad8c64d174034576b77b451f91da5e46a7fbc84800399d858eda43295904897d8ab65fae4ba397db78a2f7e2f2281cf79d91e265", 0x4d}, {&(0x7f0000002580)="8c9db1d5e70fce5e8d112332e4c0270f9f67eec87e69bb063af215bd8781c8644c4462c2533af8bc70d9ae2302041abdd538beaa83d690f3eea647ce53afe0bae85bc5bbbef8b9cdf1d622028a1441712fc582b163f890a82d5d42a5fd850448eae0377439a211822af6801a3c17d49d8fc0b5ce809a3f7ee0054e81a62188c3f6226150937ba595749559446f94bf9a65ef1e6c00", 0x95}, {&(0x7f0000002640)="5c0e2eb5446f2ab41d7eefa2ca5f145f693b2476f7c4dbad87633ed0356270b0186e22df76bfead981835e992527b305db13b0f186c17de7d076655d6dd85005e8b786a87506535b1681e9eed74f3b208393a2996e9c1cb2c595e9a41f5088c32b4c22fd6a9dc7f8e94d1163ba2948b769fbedc635854844f040a3ebbf07c2af82745a66bfd4476a665059b50f1c9c7b2a765171ff7d713138b2f5de79058b8c36a396ca12c2a66201aa82931117416f967e7f11c414fcf1ff476686724df199dbb7f13a25466c120c277d7a3486c5e5abad0aaa7892a993aea2db6e858bc7493ef10842972c7169aa9d5b41cf8b043e52827cf0de9c06e48e83707ddb102a4be2ad01d9a8eac967288b80f6a0d2950e100c4f31b7bb11c2a9a50a540f1bc9b01dcd79956861e1822ffc3ae687d4e7b307ff0e63bc5591a06459399dcdf93a36e7bd035cb28ca71d29fd440613ed0200adcd01d9aa02cf9ab0de74c359e1a30185d1d425193b60a6478058670d227ce10c77008e5001ea65699c5e363c5bc14bf1cd40211f6b6cc3b9834116b63071845c0fd92cdbc219bd22e2957847e97ae322263f9a71391bf6c012f61e377e8e0916ed034415b55982daa3a164863934390c2861e48cb7aa888eb01c4e9641ac7faaffe9d5fb4c550c79faf0fbe3f08cffd8c06a922b41f7f5d810642ea87d473723ec140a46b1ea46a16947de175f7ef2e49a50d0a0bf57ee3f543f2f7694de1c2105b08ceee95bf82daa3ce3ee307ac36c53b24cb7bb04fca2e11a43f6219df4a69ee7b6ac3dff7043e4caba80c652c7b95580b584441988c2c6a9cd18728fafcc410172f172270c0d476945bed82f5f0edc834649d4b7ed189f813e226d410c3da948cceaf5e9e70986508ec97ed395502e56764e3bda6ce8c735845eef609c5fa2bec6e39d533c391fe0aeee06365a3be3b74e332e1d303f0cd16dc7820afd76c5bfad378eebe08ca9b6156fc041b95538ea6ee1dcae43d0eb075b8ecef09d35faee966ad5fc9bc9319cdb5558f02ef30566a8aa42b7bc5cd3b0ff177f6bb7762a31690f9d732fa7cdeede3434097edbb9b627cced13ecf023fd59f659cf157064ab14e59db05636a6dab27c672ebad3133fd6d25afc6720ab257169b416257077fd2bdf604fb29e7d4fa0cfbd6bdbe5aee07fe21da6a90d9e269a468404a44a35465f518a28a70c334384dd43be715dcd1ba95cbad94f988d3e091754e73f6c5d0d3a015a96609323f4905aeb1d5fd9b63fb12dcb7718e3446cd762b131da945e9213cce0db3fc52265027d9926485962ff71538aba7d397e26f49cf107e4273dbc615103c8ce0eb3cf2b4f6a848fcf4aebd8e897353361e511c438eba14e3155c73b6fcc4217df2e2243b64f19e26b751c0e02d698b61e0a48520cc7dc4d3dcd32416ac300d99ff14bf8e992628edeb5c4a3a22a9433429dec265cc23d206cdefdccdc256fee8f928883922b92dc3dd14938cc8f263f0752f470f329e6d8b9bce93a232866766210a70861f6b3eee6da09296cd65628c203acf81d16f58ec8f9b82730cd644713557d3ef9c577e93f9b06e71ea87968fb4c62ba19bb5fdf760e5a0993b8b307fad5702d3a921853921eaac5f605573842ae66eab1f7dfc4fdc16cebee2c3cbafdaeffec9eb579ea3015141658e6699e056eef7d750d49f2895ad5f0e37a96c8c5a2c3e5cdcb5015c1aa83053509f1e16d90f2f1989077c1391817d5ced17f3eb9b173db430b80f17d88cb167749382bdf15b2813317eb78852a3cffab5613d2d5ffb9365943211830f51b656f88f33fe6705f137af490d8539d63fc328e0b21ddf8b35be69e7c9259574cdfa98b6840da97ed165283c9c8d62c68b30dc92aef71a32e49c9e457dade2065937cdae5c2491210be88cdad2918184419c7e005fdf5b1e1e02c2795d0487f20841544b9556b10ae7497c9dbe84eeab0eb84ceffaf0ed6fede21477633f3b6e42d638f1fd3b21f46dae150b889cb9049892546b7f6b6914e35a81dd3c472de404f0994d64a5923484671a35ac320777466a1818d75d149f3ccc1337ea7c0a40431abbdca2e5503acdb3ab40bbc73cee58560cc6a840462214cddb6ef507878c944a145ea63832589d68c75e615500f9b98f65289fe4e4417301b595f45db849b908966d34d51fcf4562861284955ed576d69375602f3b59cae7efe8360233e764c9367c16c07efbdeb4788edade82092bcabeca3486ffddba4656c66343df23a6b8aa67f49fab9f63b11a53295a71061d0577db485b4940af951eb5b8cdfddbce7445b13479be2d73ea36a4801af464cfdaa853249e7f394419f2aa518ba97227c7aaa0e06020246f10708202ff0dcf00856ca0581e45928a8d0943f9e64d4bab65f7c6e7af963896c4c9eac9cbe2b05711d6ddce99fd761420be98c995e265e920f1be989c133030d882113f5b51aad97ea5fc4c504c630e66d52089edb1d94dc8bb705ac326b4dd344bd7bed12e464b771dd00e7118312288c0660162a6526f37e5ff18f6c3dc28d3d654ce99fb0757f0b1f2e98f014e2c1227976e9f4d8f28d775a19c493e5a7343ef5c0bd783a14451e13a67a1e7aca01f7c8796b36b4360906e318835d227f0fbc51e4eb5e7af2e5c19e795549b4f0507e32bd628bc376d0584bbc9af513a885eee2c4af2a43d9ee754f7df1404e3ebedd1ffda158fc25f68813c50ce0d50ae6c468f27c45224b3045a59a7fa9304c10d65fe3fe4f566f6de33b8d4f94f418b0757ebe57b6a8ed81966579642bdb43b693e26ff41bdfb01bb5d6c348fa4e4bf90be6d1db830f11e3610ecaf760c0122554fe5506ab9a471027093377e54aa1113625dbd32f24a7b92243adbb3d81a0f5f01782eecb52346d4c47275a0a5ac984cbe6ca808e9ecbc7740cd5c2d8600a84c1bc0c0c8da3e2203cd54e849b9cf01c752d36eab8d95e5359e1df1d26b43284eb2e463835427fb68a08762a9fa8515776ddddca7ad24c2d5c8fe266c875529a681b96c06ffa0a7b4c94ebca523d0a18b1a67c1350e231df08af4eaf5091c226847142e8eea08f6d5636bc84e1fe3a8546cacde5c1ebb8d0e22c5b340abc7a70532a9c306f7f8dd6d6c5ef9538a06b5db508f58b0fb126c6ea98c041e49fee6a9cd10a9e35739032ddaaad15460319e720dce31e3b68dc5ba0e720ab3c8f8fea24b1ff8b72a68b8c8d6f14ccfaa7b21a2d752e45e29ba29edb2d8b17d10df372a675c43fa8e9da063590bda71ec7eded939cb44019d1c351db2931c7316c9cd56d588029a7ed31dae35e9597f6dc6d93a6d4b2c2263a3bcc80019b524bcc825d6f7dcc11074cb5e90b5e8d118873877642661b581d9af9f0938bef87adb2d0de5ed6f4072fa1c5ca8c4d1e4ea38b029000b5043670e579159b7a2ddbdf34ff2c92288f70ec426fa83a2273e195f7c6001c442fbb2302e5ad80fcb1daffabff324dc0350399f8f4beb4fbafb85789cb36c13816fbab61654e744f1a394929f0ea90736b814e86827f11a633b6558c25dc4c608134e10f6106815a9cee6384c1f6061e7d3c1b605e656e65f4008046765453172d45adbed6d13228efbefd46b7887a11747e9b520985da687c200beabe69f064cd7be8966a716caff4e982627d81cf0390cf1fcaec79289f712b157c65a8bc3e330338b9d092e8ad55f6570901c292fbdb5d5c6e4b62d6b379809decddb9834b51fb36af06d82cb81aca932969778ec454e6aa52084638bbe5fae177369bc4285783a6fa693ad66210f7afae0fc44d0cc192d95206b5ebeaffc978cf50745ac812484a4a96c989193f9a95c77cb22f627d64fda2b970b6f6275082510375102a8ab0d5e625514e9661772daa24345258f886f5b6dcb2e3601a6c765442a2910c87bb6380668b2f5f56834817b3a94e8f486fd5717cb83c3ede7dec9e0908c1d4043f27d4314192c99affbdfab6c97ff0479cc53b94ad9622bd275f69a46d90709c842fc218f31d9ba960bff9545a3bfb0303ee79c8481b1ac43aec9b4a9e5db321cc37fc258c61484aadbaa5678959bcc9a6aac4455e02fd7a4f9d09242f37c041bef9ff0d268f61ca4a8d915f832f488af9e510b63b68e96039928017fd1342056eb86ea3e36f698216667e4ca3f34451fe70d8d54c986cfa07d31c41b599ffcee8cd151f86b7873c4b95fb2dbff226d91a94ff33a127172bc80e1c3ebe194aba9afff7934cfca57ed403532f614c0532ba519bb0b29f6de50502303a24e9568e686b6fcb772d103bf9a07680d4ca217d73fed329a0ada341eb7b0f18cfee7d4b6b72bb1efdb5ed18de28ecd057c8f6d89e371c93e63c4182f1888831780195ebf3fd2a8a09fdb15b0651505335e0fbf1eb0ab2422a995051ffece4d5a1bbbc30e412507f49a2b70828bfae9251bddaf03d2c966293f25549cbf331f9baa08601776481957886f1bc789654929f40ac3fdd100285e78e0c81d5344cfa4fe8fcc4738f508222eb5dd2e29c0f01e700a4122438a4e8cc83e0959893cb2609e226488ab7416bbef9ee625211d4ded3b1745c2b571977f5393007da3772b4b00a44220fc99ad75f5a42e2bef17894cd836d3165ec073dcb08e1a0604c39eef38aa388d9b5bad68715b06494b312f48830aae968bb7124b7612cd9b4c8f0eada9cdc69c7bd949cb3b9ec3dd6b2f7c247316ce2480e2b2cd4f3dc3e9b2f2c62e18253a7ae845d6ee17d9eb9b09cacbc83d0f91be1a9dadd6d69171dd15a93f2e44168b6556c703d718aefd49a17a08e2430042c06568f08bb888134f5c7c9b65325c11918115ed7f45d8c5506c6aafa78abe823c6b3f92e2c9a44191be13bc1220fdd306f9f29f5a382386c41cf89a7354bebffb2ec57989d3db097bf7de6ae5e9a22704a215e304915cd8d503dfa5580c5acccf34efda06dbc743eff5c36031694f232562b643f0757047b956b96f5e3f9953d08207fd64049ba7b743e0975a81088dce9d490ebac358bf806de98dde238dca2f9b18a066ff40fb837b1f4c88e87ff92b67ddbf8dc3e9e776eaff5b0dd0175f6fdc7f035c4cae4b54cf3f1b6db91ec07e140a178287a72b141ef5e8daee6b50ef84a35100d4e63a3bbe0d6d0a5da5f62865075520a7ea510be47db67bd05bedbb4289510ea14cbdb4faa2f6f7ca17c6f9ec2758cbea9a0605de298207f4afe5f5134a5451335df7edd8ff722fb0d97dc21f13d022bddf54b6a6c3470a21e01c83a21e1538ff4d4385925a52a62f27bd012036ba13a5545d8576d10376b398b5f9de084f1229f5e98818137b5f607c6233174e476275e78ecd454eed544c2d3cf4359b04bce13d9dab0e166e6dee0bd09cc58a2a1c19d1b9c18843ff0754d23ad158dbc5d6e8dcb238bd205a1bf098166593b1c49005e5762c90c8fc77902e42be9cff5d0320c4679afe163a6bb212485c0979f509006aca3a7c487bf3949c351f4e87d6d800a1ad2fd7bde5217516f8fc3b321bd26beb3f756ced55f0150c3c81ef8752db3365859d9af32b603996f859949c548cad752a28e476c76a1e983c47ecaee4a809ae83c8f8a4479a3d2f1ace3afa386c2b1ef8f1a8a4b7af3f5297985fbceab6b42fac7a5fd5e19b10ad55734ab5f53de7fc86e4ff9b4c95b661e8126a10c2729bc8a3b9f2023635d2c52a371fcb7784eaff4655e2b7cb060de2a8dd62aa210106b7894cd0f1510e521f3436f6c4f54cd07801aa939889b32c9e070f524f040df7235db1afe329e8b98be6dce73be05723b1b1c61862786676bd674b4", 0x1000}, {&(0x7f0000003640)="05759c57beff10a65c6c353b564e0ffd273687dbe446d7479f505f2ca63f6edf994a8220e1b0392fcfc125ac2584d32aa30b0321b09658c08bf3f368404eba91b13676eaa84b9663e600e37945f9f1516b52aec709ce5f10b879906c4c8a7f8912af8c9e957ffe47088df06505204217c4f24c2a2cee17f25f58e0e9f618c0b0d52555aa70f15af15452", 0x8a}], 0x8) r4 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r4, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:08:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x3) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:23 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x8, 0x1) (async) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f00000038c0)=ANY=[@ANYBLOB="0100000001000000903a66c0a8e2c818000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) statfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)=""/240) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r2, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) sendmsg$nl_route_sched(r2, &(0x7f0000003880)={&(0x7f0000003780)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000003840)={&(0x7f00000037c0)=@newqdisc={0x7c, 0x24, 0x100, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x2}, {0xe, 0xc}, {0x5, 0xffe0}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x8, 0x1, 0x4}}}}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x2}]}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x4}, @TCA_EGRESS_BLOCK={0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xfff}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040084) (async) sched_setattr(0xffffffffffffffff, &(0x7f0000000440)={0x38, 0x2, 0x10, 0x1, 0xff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0) (async) r3 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) writev(r3, &(0x7f0000003700)=[{&(0x7f0000000280)="a9ea1723a0038b02c26b824bf8fd588d85f0af275fb148c40a0f7a4254523a61a0dd118fb52d954ff4adab50ac0a588241", 0x31}, {&(0x7f0000000480)="030703759988f7a8611a116955137f3c31e5a3d7625daceff952ff1646c2cd4f299ee539eb5c328be87a7218c72778e02a85235695381fe3c4e38b3839ed2af3b7a5a46d71d51d99c9685f52949daa325a619d96df0bce9897aaa484ad5a25f1ef424a464ed107358a36f72f85130703bcde48c0b9f2b023943df78040e14b6957c7c0bb224f933520f2532b4f1d551f6c73fb4d203384dc3ea2ecd08bae56dff9eb02803f7fd8c99423fee603fc32379bbdb7aa5f38408cf1ffd6e336a67adf16630b4c8b90ebe4e5c88027878da01843ffe734df53e7f3f2eae96d190a8f740323daba73c0052e056df25bf2118926670d6378ea2927178db30ead3fdc4ecff96cf1dd6cce844f275031efe75e2dc1d962478a50a4cb7870f5407254809a18adf2b34194c30552e09713ee6911d232252b53ef87580bbf2cb4f67c21534ae4f76304d53e1cdfad17e35046b0d0b730fe900a6c20f0c84e9f541ae316c39c4127ef8445374362035c1cd99263fbc3512fd9a90abf4c0dc68297b9f5eefc3c8c5f27c966c6f0e4017cedb0d20fd9898d7ebe4578caa9b4102482a1ee4e4175bd3e0b42b70bc9b1f73f69053c64f02cae99e354605526f7eb414231cd71be50d993476b7926bdec83b85027273a92e7a902c295b4a2fd5e2cc802a757b2316d69552f23cc994d343e503a9656f7f591c8b7e96842a92c4eed77b9c76d3cf92b6c072afe0117eb1a85cae61a4d201e9e0aa7ba953d9e0af6421d4727bd9e791800e70995fcd5275b4ad5e826ea5d6ba43b1c38f475ac170ffd50392499de193932e46def5eff019a60126716975932e300118cb2f882ea6d8cb86f6591c87586bb370106a3f517982968b0bd6ff79600ce27cbc6e6a2e3335c555c332055304becef15139467f1d7f640f4b0801d67dc6711837d5f9ee5d4a8e50825e9c03acc4132222bb64ee7437d7984d4358bf873cf1edba122c3d96149a2e3edb2978ae11cf0e329a3315d5b82223871b6e078c20db7dc07256bd7e081c1afd0670985fc3e71c37db70335337e1e1b2ef7740850dadd507c43001d2a73e03d0a22044dd58bb3ba6aa8c181f5e31076a0cb696e31c72abed45e3a58770b84a0ca51f39afeb46db30621cd8aeedc0a9e6eaf4b3e925c00cf3e754fbc1b4e35be563ff5ecdfa75ef6f36835b245156a429517aa683fa04048e6d9872718271321145573a702dc6d036a1fc7073a95dde95e4df0f536601d7f8c5748c18f091fa92312f092aeadc0da0c5baaa83614f3694b9c322863701743049aed72b104ab3770d1d4684bd3ca1558bc7b7e92eb8b364ed5ba786acad23d8f4ca71636e2d29368eaf9283a9bbea321d86626dcbe667b7651ad5adb11f599eee8ef3f23dd1adb2e60b21c0521348042cd1650d85c6e7282e04193127afdb63b4861b7455701bf097c38e9c58ee51f08870cb21469dde6796e1331fb6e6e081ac0ceb96d37254243128aba47c40e9538fa1b27db305cabc804e3da4400770367a81f2cb6b7dfb2f521e0b9a8e78b239cd7c284fb6b88cb144d3587b49791c7399c94849fbdce32b0d110d6d446ca3f4afdc4a2ace20e2e6e347311b2a99703400929bd4957dc04a7fdc608f61e69b37b617fa30b65f14694807d94cdcae6b550b972b9a5864e18022ab66b5b47de07a1049b88d3c36bc1ceca04b7685d607d0edba6e90b4a5af1c8164b4133a2ccd8e0856340409f9290026081f9f761678489c4bc9982321b999ccc82f947ca26092e55dac73563d2ca5c4cc78f8316a5b1dfe1b2eaf8bd64935c421a0ed5459d286d892fa435bedcd6f59575acb9e46a8641cc606efbb64cca9810f8f54dec5298ab4c1d2a3c8f7097f9248b4cc7ffa015baa3d1fba89de02c13d289e019b5c3f5ba6ade52abd5d20daa69293093863808679cf5ecf8dca893ee199b0a126852fb70fb1d8a67b0336ffe1940419dff059e9d84553cae3083d87f62cf72c6205d9d240e94189a54f54bb3f23c5964f6eda828cb1e9af240234886896d5d3c2cc1d91d866cb7ce10c9e330ac92f50b9b90c4e0292cb4afe7e47f1641720694d560cb9cd5e2e07fe834b93fb80c81a15121592f2846f3496049b5a2f2f22fa6b83c74e0336cf2ae769b6636cef4e5695e0d2ba31bc88bcbe09a439c30b413634e2cfd6d5b5f45d584f3b26916ba85d9a7832d7415a06686085144c1eebeaf4777878c5fa7f23d2c6132c31c466bd406438640809b8b4008566a9ef7ab40906dfb80e3e3d0f4a958160f630c54669c5a176cff3d1b2224aaac95dc8ae253efbf78a5408f744f0a56d5c22202014a977981706dbb3fb48bc28df3778188d48806ac953d99b8ac316d0adc4cdc633d13733e23c446433a4bcf7906ea6c94abe540f01a8980eb4f19067b0c3895bb1121f5cdf3fa76b20a0c749d4379b54182673cd6dadac2a5cbd896bd1553b48a5325b02bd9a0d4c6932c385becdcb606c102a00b049dbaaecc52583aa6dd362086c0fa8c6d8c2e52ed1179fd8e9e91ec3a4f2d4865af2f3ea39b4e37a1690da1e81c70c4cb3ad914456a903076bbc9b457ee27a58063b2d855e105189954a442e7b510affc11501b41747048fbcf8f9e40b29e2c4cb4965b62c1a3da21c7eabe3bc4a613ad60c496bbed67bcaa6ba527623be2f83fda896dbf58e386838a72ff8f0cd32affe70cf0e24bc1a3a05b33faf69883cb191bb9d869f01a3224ec9b0cd59b87a7c24fe06ab454ce4d36ef1e654357c93633de2e2596e620a286b05495c43f6b78f8812675d847f5ae0efa5131c6238a47c863f5943d72bca80d4293f58220664175775f18e279091a9695b583fc1a460dc9fdaf68de2d802da7a0cff35f26f98eb32d68d949be937c832c67a37ec2ecbb668b129a0abb2242e1bf4a23e246ebbe0d46d85bf2538233b7b8ab80a77df2d18f6810bbf5c453c5e9b574d636f93f49ffb08cf9cc9e414ece3b4697718e6e4c23dc45bc0ef0ea0cae319e8484a911ac57f0d05ee62ea13e1dbef79fd19f13d2111bbc24db90715a6f148160ac3be36525b4ef29d3466034cb447930aed6845bb65f8fff2e0fadf366bca29ecffcdb0a0c9ab74518724785d11b98dc9c4297088ba520d5140c6bdeb0434484029e6e353671f951494093b67e1193a88484b811b988f5767f2e1db8d110fc9bc83fa4fab484a2aa1fff00b01f8ecb677e89ccfb7e0e300b4a4f83e56672f8f2976f586ad11041eab3aea6861813347bd89f1714183318b8f34f3a9fb418e878c57390e0b6dd3e1da67f5966bc9600cd8a1e1cc598d0eca334891198876c42ffa658a9cb72642fa3e72e203fa1a0bb36d9d70443e7ba5f594b25d9e72c045ccd586c1bdbd9512e32ce87ed79aa401ed9d3b2f2775b872e74fa356643a82b5fe0bb4263df0dea30018f6cc0e81639c8d94ed4e164c9d78c450bd85ff989708661e6bf86806d077ad1739e57a8c3f55ae2516e2928bfa2f51906bc4d694cbcdad3a1435644684f3bdcc27bc81549566aa7c0e496ae0fbfdeb9a92cc61641f01022b558afb7f9c578d8c140d1bd13040bf2344c0bbe166e5c0c9b3932249cbb9ba00306318e4b5f78e460199dbad585d73c4960a68c480035d7d0d4502d376da9f9ba43180f953fa9f100e9fe489a0649af9c4fbb5844ac717c90632766a84f8c83eef15f913df8e9ce1c3da3a72d3cef3e19ec6573c921cd0ed1685cc7e071931b5cd365b8705093a918dea15c1494a7db9045288267eceb39eef0cace38f563001fbe70ffbd34e321c87d681dfc53ac075dae13f2481da625c5e231aa9e8a0fffd28e1ee11455d059e34c272d35d008f8ef540ca95db2c389c25eab06da6279df8c621a81188f01db48a8fb6b27435bac72b41667602474176c34d5382acbb717e3a34abb62ffe9b1ff0a61915aba21bef939b4661688c5a6e76e343879b5a3daee10561758cdb3757fe3bf0440349737e39a0ebc346c348cf0cbf74efd1a09dadab896dcfd42527f18648acf3ecb152e7d7255d1978bb5291f1da1cf5996a112ef414970dde757917c901347f573b70a0cbbecdda06d03331ea0230a19262f87ae725637830b0b80bc78ef74db14ec6bba73e77dec890986f8527e5675fd0d6c4e2026de5fa60992b84757876539c3ee1f3c8408d0a9d717abd915ef893e52525f067a855677c18e53e622d34a5ac0e8d6d7d1059b74ae1c7ebd345432929d60640b30e5fa8ce49111b0d85546f83b4d917ed976084704fb10aeeba397862417eed6942351902604832d1dec71f2a406ebc5071393ef44f48a5f04ea02e01b077d7fb9216d915a38453f16f82dd497f448173815ba4ee7b932cc4c0bc01a08397b39df770c6f48f707b9e141a568c1cabe7166a59cdbfbfbacde7acbbf4eeeca872d2a4e970f637669f1dbb4d46489d55efaff5fde39f4f3cbaeb5b0029013ba103e4a383d1852634dbc5bf98ff16278e754fe9e37b9e3dc550da526e2850da6afd3837cbc957b096ff79a185cbfaca9bb0a796a8bd12299f5e0aeffd7f1bcb1df7ecec100b978f4554e81422c797d6b3ec47a44a7238592f6b0ae0244dd751dbb3c8f42552e1dc6fa1f1949e9d96d2da58c8d98d1e6c5d282dc7e114aaaf95a0c017e97abec68cc7879cce8f6438e81c602c8dc41f7b6ece6b5d7bb7681f2779409a61c6864482841b18c3abb0ad80b5c892917d3301b1c97f046f15aa7b32356639951a5bb2930612d37734f1cc67bed91a03f9c8087b52bddf20b0c5d7fa56d092cc8a5858cfb060d70d586e10de7043b9341d75cb64ae49e295469783f77e5b412582d92af73d68ab2f5e49ac8f7551efa7ea571a5432f440a581399cc3c317e31fbe08938fb40e0dce4f2f7b38b1904a41a0872be9b2710c7f4affed19beb057a5652e3629e2a0927a3738efbc96ccc5c6e2f04ec979579599b685b002cde95fcfd4fb3a4420ae524891730493091a2ba7bcc5eb5161978768e46f646bc4ecb6bec3edb787d1ad963e44a0d981896900a4e41820413a68d6955264995ed8840881f5303850ad2098921153769c94e660f41901780c6e57606becd586a3d178d6f23a3b8c22ccc70458ce995f545a230daa198a9b63ade4dd1cffa7333b55182b4f1cfc2850ae248c964feb1636b6a751cc0b7ea7a165a0af873b6a2e98b67bd5d00d33195fb8afb965728016c888f1ecacca6154be13f2295730fedd34330349506eded68adfc1086b0c1d5638aae9723cdd7dc85e4dabbac9c33e0c23bb844533b2a6be8288c02c59c5938d42f96eb65599046d62e4ddfb9293487490c07b605998781683a53f072e88dcbd4e880dc3333b7338ffa4fb00c070e25d7f903141f77114768250db491d34df3a001c6c736f7be60756e5dc9d83ad506bf789764520b07b977596228d096cfa4b5d4b202842f43d9967bba800cceff8b542506dea96470adde7be6ffbfef983a8610c9a425400a688a44084b819037e3ef014620c7858d01762eb4aa36c71288f5f9b81a5ef6e885af6bc0ba0440e5f128f87411918524ff12bbc8e745b37d8fad451490d53131ee4e2cecd0ecf1ffdc25c3ec28706f88d045ad0f7796e58fd668c1d4d074328774a3948bee1c920d417bd194da5fc95364d78cf24b91327d40c8c6774c852a97e1b6cdc7b6572e1498b0bae4a94392eb3fb9acb900d49ec3fc7e9f2b0134aa0b2cc4977e5e49868259070566b2d814bdef2fd0da2c95fefec2b0f1fea72f27e9d0e28f36d4a841d11f8f8b07411d88da21ff9f78856d4cc9d1d02b45f4d381", 0x1000}, {&(0x7f0000001480)="0dd3bcc339f1cfd09369ae00d4e2e81ba161df0a23ff49bbe6c8c05976c326c4f7f45c8d06e6def7d5dc3491631c83e6a51e6c2fcb9ecffc8692516e080891151cbc1e005c11a8767e3a4039b2f96e90", 0x50}, {&(0x7f0000001500)="db19784fba765f8453229da5c6f832cfa6120ce7ccc4d383b478e9f31b1a9c325cd686f421c7f4c7ca09183e0b23fbe0479158c38cba4389c244f40c7f85dd55531a4370ace646b09b17b4cd7b3297ebbe47d466cb3084d44d595b2cdd40c85e0d7f30812140d9ae76eaa73721f9cf4f73e48b9740aed3c108229874dac1a8050e0a5ce6e4b69c8a7faff043d4098c87c8c8dfc1fe693551e35993d1f86f92fb70017aa64e25766c9aadceb14f4c7f31afa1d313ded7e24a8d5a03782ea4fd45a45004c6b8516f9de2b70772e26b516de61948d642bffae7376bbd2c4bd1ab8630dbfa86e0bd9c122c4fc491f1446ef7a605d25d4893ebe45d76c280eb78458cb4cf01c67c2880be6f7c8c8fea4a028118dba5cd74c05408e8c3d07b20acf7f2be3e4d93f89669f8c4bee1743824661ec294ba76f668e7bb4c580b8e6dbfce31a8591a4dbd44d4a27fabcaa378403fe196380b6c6921f7d835bf17c6894319dc9f3cd682ace0c059067e47aa59c910b44f0d5c55450e69491dfebaede53171663403bbf358147e48f38f973b0965b0c4971c4cd7b77891fc54d314c8cfc7551db94509a78775b6bb7c7a3b499ebf25e92a85992a6033cebaff86ed875d084c53cf739e51b209d917f49986c80fad0247cc27a90ccc1f0348b19fa73742bd97e66ce4dcf9c840672a0f213ba0bc81a653c701fa8912e7ffb99a0670c33169c9db4370d6a3898d87be666d6a138dbe3408c5a69fd259e6d681935164a7304b290da4182461b33c81ae7eace99473140985f8a41d4468d4cbfa5ce042c719569096ea6163b6fd88b956c455ea20ab2adece8eb90190ccf7840d5579195a25ed8b1bfb0e87c6e3c8a54afad265ddbfbb12c0efab24a2477f6475d2ef7163c5f6fb6d8bd6027d1c39d53452363dc610e012b8f78cc647ae9b9e418ce89c17c1e6ba03dfdb8df8bdfe282c1308a08ffa66b214648eacd4d70c4a0314d8a71889671e33695a06bb6b39e145a4a7bd0f812d57bf385a0adeff85cae13a8d0e608ab7b21152280d8ec268aa83f8a1e37c40cf445faf4ba6da62fd924a84a3f234104e7c175541a749af8953996769b7c00fb09b787c1683b57a6cd715186ae598b78b04d959c96d5823c983b9399bc3471382b90f26edee6620ae24b91a3cd835651f9a3960f32bfd0204e6f7492072340b874d379bbdbeac49e86d17cc86d6d699f0b7929d90807eb94db6f38ae10903a4286fa3f6a0dbfb8738d08e0eca4e858ab6add1ff3c3f1c38b0772934b363a9872b15be01454cf9e504f5228c5dc5ab86df12ba1111da838b823e1dec568b145800c7503beb47f61ab4d65eec2acf2ad3144351503b1058b5986650815c8201e1991c6d40c5af4bc9d483ff435f94a240f2938cc3f34e62f37ecebe71d1c817c63b7c492d9effc5065365ff560c6ab34396ecfea5b8f32d5018b80ec4bfec91f43638a79cef6c087d7e44532055f115c85c036aeb1b6735be5383ccaf9f32f545bad2d10103d5397727123459e1d20604aa6925f402e6b7a787d834da56dd94b60c73623b5b7c3ee501be81fdbae4a39ed56390a772604839d1a7d38436996395cef97c393d62da6490ce4945ef89394fcd3514bb1a018e3808e74f3bf85fc29a933ba6761c81a7f003aad40a767a7c0017c1ff1f65fb49829f5bb977777e71d564ada07413a2a77b0f90939705b0b102e31cc25ec3b12bbebfffd13151078ee6e6d432fd74dd58d7190e383ff3bf47f7dd07a7434343cc859e09d5358025a48352ab8a19893afcfe91bf5aa60de889fd803e5b25bb96bdc42e7f7808f79c6519f6aa518c518ccb3a9a1ccde66cd776f91269a101a3aad8415ec3e8fadd647242201b3cc5f5f966bb8934bd5abd00bdadf7cc24f90f9197a222ab0ad63c5d13d5480918719add49b439d15cd7cd8aede33323c8a4e2a52cc8399b26eab57af353394ee0a62a27dab411e7bf3e6acf51ef9aa75246a69586a4e74908e509379cbc08dc5c01aa81213d5cc1018c132dc5e135cd9c99a21a83acd7faf4f57caa86044d4e5cbcdd114532efb628404d4d18628cf74b31f5925bf431031b75a00955da728713623abe38638f4e0e9c7fd6924594b7d46f3c9016084f4342eba39c47730c9b08ed903c29d17ac09533fb2cab84950dbd9cf40dc57f3cafabb13222408ac5d17a466cb1b0729b8d6ba2d7216f795d48fb8c9daa4264a0eb9d2a686db9101580aa67b1ef74adc45e07488e80a565d6acdf2f1458ece58947a68f22d4c6f82941fac3f9d497eb0722011740efa1a9c247afd064c82d626d48961bc35e7f231bdac0b711ea22aa0c8cbb7bdbcb434f57a43afb0e5fe52e38de965f705f140cc26ba8561ce00daeb61ca2e9b7103b46252ed05ee76129a915919b5869a8e4d1549708f816e0ff856b58f8afd920495c67ddf5cf1c264b17d9c33b5edab1e2e65b09308893cff6ecc27b490afeda59220f86422e64c8f7414adf8906fb427125803a2ef0f0e4811ab3244db8651f9d5e340cba6de8dabec92c34380db26c0110323682d03e9b88d50fd046b162e32524a687303df8977070716cbebcaa6607554e8f456f6af5825c72d82b90e9b0659617bdc3edab7e7512b69a94876e3303f81060c5686911567da4e4edb378acd247368566b559b699c66a7f2af9b3a509985414d3015d3002c77e3b2e02f33957928dbddc6462e92c816ef48699e04e0e636b936a30f4751a6e63f638535f2e0c0cd8e765b7e7b4822f59c0f2df47cbe684503d9f6b3c3016627a726868e2578b17f51d3beb9e43a838209243ae29cd7382aa478420f6f7db5cfe9901a52e2ca17d8dae4fd71e1a73de35ca6052429b9661ff6b87edaf850554024c6b9d33c023a6f31dd4d00a73905815a819c963ec24eaad91c8987f2e0cad7f5574855bcace8e077d6777629a8fbad82a45e7bab7be97abbaea6afc31fb00bf7f093e933cab9b0d22ff810080fed19fb4c3ce2d312372321faa532ad44fefd34ccd8fb41ab79806cdfdb9762f90932d4f951fd5b9369718b1cbd3660a293454d622011a221f67e04fa071ab9f94a3b31b659770ac496d1238258d53d696f1e0753d141986b3e4104bc27f88e15aa4b609855a282526364dd2aa5f8c7f9f89515bd733cfe874a8cb000d0433699284ab118d2cc7627ba7f2b6d54dd6c1edb4c4dc0e1f7a6d1dcb27e443927fdc25133a94f97204423863e836046cb72bc829fbd8b418627de2bb8fd0ca6e4fd82f1be59ea4d5461792783efb15ebb109f9fcb10e57f2e9ac488cc8a260e5beca45e671bbb44f373eb02a973706fb4659865136213544c113dacd1deee84e33f37245df4886048005622bd63b13ef65819ab2f6ec6d29eeca8f577eec8d932ee89d7c240b597ffcb52ae9cf889e3c54ff05a0637301f703fadddd1f49efc46bd77b9aa01293cd6722786ef626bf0a672dfb077bdeac4f47d643612ad526d00cc8e94c8b74fdab471c7ec445d6b42c90df5ffe88a3bcfe07fb6d5dbbb3870416254609097b548bd9d881c9bc9f016b34353110bfda1481661ff40864ce1a373602425ca94b76ee6d88d1895e911437089a4b880a73e858a0114f104b4deeec203a5a21eaeeb7fbe3490233f92f3b069f663ba98d4e07872dd12f87957ae7b42e5a421a8ef4bc81c05d2ff3d34dc257dc992643807260e27bd8bb3ed8e70f2415b938bc1c977477df5775da39a4db98d4394775914be5bac5a4ab5549ab0c1d63f6dab05a0fb6d11512b53ce947850cc13a961dd19991b449cb44316736ff01d6e3baddcba95abbafc19288970ab4ebf566d73a1aaa51270a13bd8591f6a7bf8b65ff9abb3facda806a487681d42950a55bb8bc985904b1c6ffb58491428f2a5c21728c4e1ec392b73d92860e8787ee0f3f5a9ae02c7d6fadf93f61195d10ac0ac9d8e42c2471842eb08c0641895c6e0dccf422d1e75f8f74216de1d421109d19623f019290ce107ec7479ce3f5ad7b6cbfc4ac7dc22186e458f2cd3307336e7032eae7bb1b7bcee9a879223e6bc7bd751c0f07f69c1337efdd2856d717e0423302ad61d879e56525b33ca374dd54c750dde33394d1afd7f5c21304aa04132b7003542d1336212bd2571de9515f97be275cf28bbeb202a07e5e9e7ddf4a2d44d6072107d885e8c8f2faf5dc696e31465b5d35f0ff00ed1ccf898faf767f58e7df68acb782a1aed12c6c3f94c1a4e50d412618f58729699aa410c2c7620e67573842d8ddc8f1d90067f0e8850c307ee42a61c1d6ff4f15c68d951ab2cffd4bf2c58adafaad73f9e59125673687d86877da06d054c2d873b95a7212b6dc675a6937f6197f97cf93a7acf3e5b2b8884ea17c7861c7a44f8ed50beb2403506bfac3a1b2c9ce28d24dfb5f6522af6d357268a4a142a9c1cf9ce2eddeb1def158a2fdc0b879b9526c8a81bfc06687e8ec4fe8dd7e8bb7d5c0d2867674c487f163ca7401aaffcd214ccc9320f7f50c34e60bb392acade27c1abd4efd01deb3633813c618697681807b34c2fdad5172caa2a10adefd4ba17a396863a1ad38cec478924700931952877478cd734464c85452172d2127dd3e03685b7376d7c28840cec248041bd673043dfa7fad594cac0fe81b2992cf60aa7659a623cbac224fbc0c3155c8e43f8c7f5a0bc5881f1db2bc84e941589cc4f4a5fe9a03f84fabf82c2f98f3ddd9a08c936fb3f424a3e8938b05b7ffc5f0b3b1d89b8059a6627777f548b3abc2ef04afe568e146129e72338ad7590902fb4caafaa541faf49fc73b0c7de27c327d856fce3353ca937ae4f2684ec7b0c9b4db4aa0b1fcffa22ca23ba8f989684a1c7f1d47a3d1514dbe11a77d9ede3634c5577c8f43d3b0ec12c5291467557be57c9368fdf7e8a7f777241c1e2af588e227706d1d93b223a026042989aae5d40c8b5e231b609e8d16dd51adab1840e224e3c7ae23374c6d9087490ecd687e88317554f07424942dca93c013e7d78ce9a5f7a7952507dd79dd4cd72cf63c2cf130b3d739305e22981dc0888bbded528cb2fed43f8d6c76db4e17cf9431156bc9a90454479653d0c67037e46d9d123dda19f5ce28b5fc0a5704e76a4ba1f25df0429dcd7ba3b29be8498fe784a7732cdd0d83c504fffb2e6fdb2d514231d6c91e93dcf6f91df48bd3205cd64f1474f5bc8202d1484842ecae3da531c05ac2b7ffa6e233721a3359a9f287df5ac3f79a06e0abe4246cd678dd3d71c1611277627fe8fe93804edd3f32160ec1325e86cff91c2826553799d9d685a9551575c027b5415be1c2daa81472e307aeed16d892c252974333e4ede61501db644310758c418d23b1e9fbf0ca6d6585947df5d81c1035de58d10a3273922fa946244cfa9da5531b7827105ac9db262fbfa1ce97460aee7b55527298c1c346558e4c045034521fcc515bb4053aea20b2e023e649438df0864357b0f1c7469d33c0243c5f5b42f6f068d366b07bb7b151937a33bc1befbfa24843d449d567946bdfa390d8c9f5c14c10445e0bc0b78ff9df0dc61b1722bb58d19bf8b7f88322cc55037fac67d395238f65b7fb3610512538bcc611c17cf05a940c0e9a8c000b69ffd4a276a25df5e45bca8c4e1c8b7cafa54c396c80647a35a88d2690d734d1de49ceb040020177a297f5888b646c516a9cbe633d70f1691ca68174d6a7b79f854256e6a041dddfd2b58bd7b63e33d31382e2e1efacc106e5a0412ccea1b6802aafa8e54a53018dc84755c8f3d96a0953c6644e418380ccc48995bbc37e69022b58494cb36c", 0x1000}, {&(0x7f0000002500)="9e70b21025d8a097033a6444335936e77b75920073ca716ac1ad8c64d174034576b77b451f91da5e46a7fbc84800399d858eda43295904897d8ab65fae4ba397db78a2f7e2f2281cf79d91e265", 0x4d}, {&(0x7f0000002580)="8c9db1d5e70fce5e8d112332e4c0270f9f67eec87e69bb063af215bd8781c8644c4462c2533af8bc70d9ae2302041abdd538beaa83d690f3eea647ce53afe0bae85bc5bbbef8b9cdf1d622028a1441712fc582b163f890a82d5d42a5fd850448eae0377439a211822af6801a3c17d49d8fc0b5ce809a3f7ee0054e81a62188c3f6226150937ba595749559446f94bf9a65ef1e6c00", 0x95}, {&(0x7f0000002640)="5c0e2eb5446f2ab41d7eefa2ca5f145f693b2476f7c4dbad87633ed0356270b0186e22df76bfead981835e992527b305db13b0f186c17de7d076655d6dd85005e8b786a87506535b1681e9eed74f3b208393a2996e9c1cb2c595e9a41f5088c32b4c22fd6a9dc7f8e94d1163ba2948b769fbedc635854844f040a3ebbf07c2af82745a66bfd4476a665059b50f1c9c7b2a765171ff7d713138b2f5de79058b8c36a396ca12c2a66201aa82931117416f967e7f11c414fcf1ff476686724df199dbb7f13a25466c120c277d7a3486c5e5abad0aaa7892a993aea2db6e858bc7493ef10842972c7169aa9d5b41cf8b043e52827cf0de9c06e48e83707ddb102a4be2ad01d9a8eac967288b80f6a0d2950e100c4f31b7bb11c2a9a50a540f1bc9b01dcd79956861e1822ffc3ae687d4e7b307ff0e63bc5591a06459399dcdf93a36e7bd035cb28ca71d29fd440613ed0200adcd01d9aa02cf9ab0de74c359e1a30185d1d425193b60a6478058670d227ce10c77008e5001ea65699c5e363c5bc14bf1cd40211f6b6cc3b9834116b63071845c0fd92cdbc219bd22e2957847e97ae322263f9a71391bf6c012f61e377e8e0916ed034415b55982daa3a164863934390c2861e48cb7aa888eb01c4e9641ac7faaffe9d5fb4c550c79faf0fbe3f08cffd8c06a922b41f7f5d810642ea87d473723ec140a46b1ea46a16947de175f7ef2e49a50d0a0bf57ee3f543f2f7694de1c2105b08ceee95bf82daa3ce3ee307ac36c53b24cb7bb04fca2e11a43f6219df4a69ee7b6ac3dff7043e4caba80c652c7b95580b584441988c2c6a9cd18728fafcc410172f172270c0d476945bed82f5f0edc834649d4b7ed189f813e226d410c3da948cceaf5e9e70986508ec97ed395502e56764e3bda6ce8c735845eef609c5fa2bec6e39d533c391fe0aeee06365a3be3b74e332e1d303f0cd16dc7820afd76c5bfad378eebe08ca9b6156fc041b95538ea6ee1dcae43d0eb075b8ecef09d35faee966ad5fc9bc9319cdb5558f02ef30566a8aa42b7bc5cd3b0ff177f6bb7762a31690f9d732fa7cdeede3434097edbb9b627cced13ecf023fd59f659cf157064ab14e59db05636a6dab27c672ebad3133fd6d25afc6720ab257169b416257077fd2bdf604fb29e7d4fa0cfbd6bdbe5aee07fe21da6a90d9e269a468404a44a35465f518a28a70c334384dd43be715dcd1ba95cbad94f988d3e091754e73f6c5d0d3a015a96609323f4905aeb1d5fd9b63fb12dcb7718e3446cd762b131da945e9213cce0db3fc52265027d9926485962ff71538aba7d397e26f49cf107e4273dbc615103c8ce0eb3cf2b4f6a848fcf4aebd8e897353361e511c438eba14e3155c73b6fcc4217df2e2243b64f19e26b751c0e02d698b61e0a48520cc7dc4d3dcd32416ac300d99ff14bf8e992628edeb5c4a3a22a9433429dec265cc23d206cdefdccdc256fee8f928883922b92dc3dd14938cc8f263f0752f470f329e6d8b9bce93a232866766210a70861f6b3eee6da09296cd65628c203acf81d16f58ec8f9b82730cd644713557d3ef9c577e93f9b06e71ea87968fb4c62ba19bb5fdf760e5a0993b8b307fad5702d3a921853921eaac5f605573842ae66eab1f7dfc4fdc16cebee2c3cbafdaeffec9eb579ea3015141658e6699e056eef7d750d49f2895ad5f0e37a96c8c5a2c3e5cdcb5015c1aa83053509f1e16d90f2f1989077c1391817d5ced17f3eb9b173db430b80f17d88cb167749382bdf15b2813317eb78852a3cffab5613d2d5ffb9365943211830f51b656f88f33fe6705f137af490d8539d63fc328e0b21ddf8b35be69e7c9259574cdfa98b6840da97ed165283c9c8d62c68b30dc92aef71a32e49c9e457dade2065937cdae5c2491210be88cdad2918184419c7e005fdf5b1e1e02c2795d0487f20841544b9556b10ae7497c9dbe84eeab0eb84ceffaf0ed6fede21477633f3b6e42d638f1fd3b21f46dae150b889cb9049892546b7f6b6914e35a81dd3c472de404f0994d64a5923484671a35ac320777466a1818d75d149f3ccc1337ea7c0a40431abbdca2e5503acdb3ab40bbc73cee58560cc6a840462214cddb6ef507878c944a145ea63832589d68c75e615500f9b98f65289fe4e4417301b595f45db849b908966d34d51fcf4562861284955ed576d69375602f3b59cae7efe8360233e764c9367c16c07efbdeb4788edade82092bcabeca3486ffddba4656c66343df23a6b8aa67f49fab9f63b11a53295a71061d0577db485b4940af951eb5b8cdfddbce7445b13479be2d73ea36a4801af464cfdaa853249e7f394419f2aa518ba97227c7aaa0e06020246f10708202ff0dcf00856ca0581e45928a8d0943f9e64d4bab65f7c6e7af963896c4c9eac9cbe2b05711d6ddce99fd761420be98c995e265e920f1be989c133030d882113f5b51aad97ea5fc4c504c630e66d52089edb1d94dc8bb705ac326b4dd344bd7bed12e464b771dd00e7118312288c0660162a6526f37e5ff18f6c3dc28d3d654ce99fb0757f0b1f2e98f014e2c1227976e9f4d8f28d775a19c493e5a7343ef5c0bd783a14451e13a67a1e7aca01f7c8796b36b4360906e318835d227f0fbc51e4eb5e7af2e5c19e795549b4f0507e32bd628bc376d0584bbc9af513a885eee2c4af2a43d9ee754f7df1404e3ebedd1ffda158fc25f68813c50ce0d50ae6c468f27c45224b3045a59a7fa9304c10d65fe3fe4f566f6de33b8d4f94f418b0757ebe57b6a8ed81966579642bdb43b693e26ff41bdfb01bb5d6c348fa4e4bf90be6d1db830f11e3610ecaf760c0122554fe5506ab9a471027093377e54aa1113625dbd32f24a7b92243adbb3d81a0f5f01782eecb52346d4c47275a0a5ac984cbe6ca808e9ecbc7740cd5c2d8600a84c1bc0c0c8da3e2203cd54e849b9cf01c752d36eab8d95e5359e1df1d26b43284eb2e463835427fb68a08762a9fa8515776ddddca7ad24c2d5c8fe266c875529a681b96c06ffa0a7b4c94ebca523d0a18b1a67c1350e231df08af4eaf5091c226847142e8eea08f6d5636bc84e1fe3a8546cacde5c1ebb8d0e22c5b340abc7a70532a9c306f7f8dd6d6c5ef9538a06b5db508f58b0fb126c6ea98c041e49fee6a9cd10a9e35739032ddaaad15460319e720dce31e3b68dc5ba0e720ab3c8f8fea24b1ff8b72a68b8c8d6f14ccfaa7b21a2d752e45e29ba29edb2d8b17d10df372a675c43fa8e9da063590bda71ec7eded939cb44019d1c351db2931c7316c9cd56d588029a7ed31dae35e9597f6dc6d93a6d4b2c2263a3bcc80019b524bcc825d6f7dcc11074cb5e90b5e8d118873877642661b581d9af9f0938bef87adb2d0de5ed6f4072fa1c5ca8c4d1e4ea38b029000b5043670e579159b7a2ddbdf34ff2c92288f70ec426fa83a2273e195f7c6001c442fbb2302e5ad80fcb1daffabff324dc0350399f8f4beb4fbafb85789cb36c13816fbab61654e744f1a394929f0ea90736b814e86827f11a633b6558c25dc4c608134e10f6106815a9cee6384c1f6061e7d3c1b605e656e65f4008046765453172d45adbed6d13228efbefd46b7887a11747e9b520985da687c200beabe69f064cd7be8966a716caff4e982627d81cf0390cf1fcaec79289f712b157c65a8bc3e330338b9d092e8ad55f6570901c292fbdb5d5c6e4b62d6b379809decddb9834b51fb36af06d82cb81aca932969778ec454e6aa52084638bbe5fae177369bc4285783a6fa693ad66210f7afae0fc44d0cc192d95206b5ebeaffc978cf50745ac812484a4a96c989193f9a95c77cb22f627d64fda2b970b6f6275082510375102a8ab0d5e625514e9661772daa24345258f886f5b6dcb2e3601a6c765442a2910c87bb6380668b2f5f56834817b3a94e8f486fd5717cb83c3ede7dec9e0908c1d4043f27d4314192c99affbdfab6c97ff0479cc53b94ad9622bd275f69a46d90709c842fc218f31d9ba960bff9545a3bfb0303ee79c8481b1ac43aec9b4a9e5db321cc37fc258c61484aadbaa5678959bcc9a6aac4455e02fd7a4f9d09242f37c041bef9ff0d268f61ca4a8d915f832f488af9e510b63b68e96039928017fd1342056eb86ea3e36f698216667e4ca3f34451fe70d8d54c986cfa07d31c41b599ffcee8cd151f86b7873c4b95fb2dbff226d91a94ff33a127172bc80e1c3ebe194aba9afff7934cfca57ed403532f614c0532ba519bb0b29f6de50502303a24e9568e686b6fcb772d103bf9a07680d4ca217d73fed329a0ada341eb7b0f18cfee7d4b6b72bb1efdb5ed18de28ecd057c8f6d89e371c93e63c4182f1888831780195ebf3fd2a8a09fdb15b0651505335e0fbf1eb0ab2422a995051ffece4d5a1bbbc30e412507f49a2b70828bfae9251bddaf03d2c966293f25549cbf331f9baa08601776481957886f1bc789654929f40ac3fdd100285e78e0c81d5344cfa4fe8fcc4738f508222eb5dd2e29c0f01e700a4122438a4e8cc83e0959893cb2609e226488ab7416bbef9ee625211d4ded3b1745c2b571977f5393007da3772b4b00a44220fc99ad75f5a42e2bef17894cd836d3165ec073dcb08e1a0604c39eef38aa388d9b5bad68715b06494b312f48830aae968bb7124b7612cd9b4c8f0eada9cdc69c7bd949cb3b9ec3dd6b2f7c247316ce2480e2b2cd4f3dc3e9b2f2c62e18253a7ae845d6ee17d9eb9b09cacbc83d0f91be1a9dadd6d69171dd15a93f2e44168b6556c703d718aefd49a17a08e2430042c06568f08bb888134f5c7c9b65325c11918115ed7f45d8c5506c6aafa78abe823c6b3f92e2c9a44191be13bc1220fdd306f9f29f5a382386c41cf89a7354bebffb2ec57989d3db097bf7de6ae5e9a22704a215e304915cd8d503dfa5580c5acccf34efda06dbc743eff5c36031694f232562b643f0757047b956b96f5e3f9953d08207fd64049ba7b743e0975a81088dce9d490ebac358bf806de98dde238dca2f9b18a066ff40fb837b1f4c88e87ff92b67ddbf8dc3e9e776eaff5b0dd0175f6fdc7f035c4cae4b54cf3f1b6db91ec07e140a178287a72b141ef5e8daee6b50ef84a35100d4e63a3bbe0d6d0a5da5f62865075520a7ea510be47db67bd05bedbb4289510ea14cbdb4faa2f6f7ca17c6f9ec2758cbea9a0605de298207f4afe5f5134a5451335df7edd8ff722fb0d97dc21f13d022bddf54b6a6c3470a21e01c83a21e1538ff4d4385925a52a62f27bd012036ba13a5545d8576d10376b398b5f9de084f1229f5e98818137b5f607c6233174e476275e78ecd454eed544c2d3cf4359b04bce13d9dab0e166e6dee0bd09cc58a2a1c19d1b9c18843ff0754d23ad158dbc5d6e8dcb238bd205a1bf098166593b1c49005e5762c90c8fc77902e42be9cff5d0320c4679afe163a6bb212485c0979f509006aca3a7c487bf3949c351f4e87d6d800a1ad2fd7bde5217516f8fc3b321bd26beb3f756ced55f0150c3c81ef8752db3365859d9af32b603996f859949c548cad752a28e476c76a1e983c47ecaee4a809ae83c8f8a4479a3d2f1ace3afa386c2b1ef8f1a8a4b7af3f5297985fbceab6b42fac7a5fd5e19b10ad55734ab5f53de7fc86e4ff9b4c95b661e8126a10c2729bc8a3b9f2023635d2c52a371fcb7784eaff4655e2b7cb060de2a8dd62aa210106b7894cd0f1510e521f3436f6c4f54cd07801aa939889b32c9e070f524f040df7235db1afe329e8b98be6dce73be05723b1b1c61862786676bd674b4", 0x1000}, {&(0x7f0000003640)="05759c57beff10a65c6c353b564e0ffd273687dbe446d7479f505f2ca63f6edf994a8220e1b0392fcfc125ac2584d32aa30b0321b09658c08bf3f368404eba91b13676eaa84b9663e600e37945f9f1516b52aec709ce5f10b879906c4c8a7f8912af8c9e957ffe47088df06505204217c4f24c2a2cee17f25f58e0e9f618c0b0d52555aa70f15af15452", 0x8a}], 0x8) (async) r4 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r4, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:08:23 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x8, 0x1) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f00000038c0)=ANY=[@ANYBLOB="0100000001000000903a66c0a8e2c818000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) statfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)=""/240) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r2, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) sendmsg$nl_route_sched(r2, &(0x7f0000003880)={&(0x7f0000003780)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000003840)={&(0x7f00000037c0)=@newqdisc={0x7c, 0x24, 0x100, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x2}, {0xe, 0xc}, {0x5, 0xffe0}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x8, 0x1, 0x4}}}}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x2}]}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x4}, @TCA_EGRESS_BLOCK={0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xfff}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040084) sched_setattr(0xffffffffffffffff, &(0x7f0000000440)={0x38, 0x2, 0x10, 0x1, 0xff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0) (async) r3 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) writev(r3, &(0x7f0000003700)=[{&(0x7f0000000280)="a9ea1723a0038b02c26b824bf8fd588d85f0af275fb148c40a0f7a4254523a61a0dd118fb52d954ff4adab50ac0a588241", 0x31}, {&(0x7f0000000480)="030703759988f7a8611a116955137f3c31e5a3d7625daceff952ff1646c2cd4f299ee539eb5c328be87a7218c72778e02a85235695381fe3c4e38b3839ed2af3b7a5a46d71d51d99c9685f52949daa325a619d96df0bce9897aaa484ad5a25f1ef424a464ed107358a36f72f85130703bcde48c0b9f2b023943df78040e14b6957c7c0bb224f933520f2532b4f1d551f6c73fb4d203384dc3ea2ecd08bae56dff9eb02803f7fd8c99423fee603fc32379bbdb7aa5f38408cf1ffd6e336a67adf16630b4c8b90ebe4e5c88027878da01843ffe734df53e7f3f2eae96d190a8f740323daba73c0052e056df25bf2118926670d6378ea2927178db30ead3fdc4ecff96cf1dd6cce844f275031efe75e2dc1d962478a50a4cb7870f5407254809a18adf2b34194c30552e09713ee6911d232252b53ef87580bbf2cb4f67c21534ae4f76304d53e1cdfad17e35046b0d0b730fe900a6c20f0c84e9f541ae316c39c4127ef8445374362035c1cd99263fbc3512fd9a90abf4c0dc68297b9f5eefc3c8c5f27c966c6f0e4017cedb0d20fd9898d7ebe4578caa9b4102482a1ee4e4175bd3e0b42b70bc9b1f73f69053c64f02cae99e354605526f7eb414231cd71be50d993476b7926bdec83b85027273a92e7a902c295b4a2fd5e2cc802a757b2316d69552f23cc994d343e503a9656f7f591c8b7e96842a92c4eed77b9c76d3cf92b6c072afe0117eb1a85cae61a4d201e9e0aa7ba953d9e0af6421d4727bd9e791800e70995fcd5275b4ad5e826ea5d6ba43b1c38f475ac170ffd50392499de193932e46def5eff019a60126716975932e300118cb2f882ea6d8cb86f6591c87586bb370106a3f517982968b0bd6ff79600ce27cbc6e6a2e3335c555c332055304becef15139467f1d7f640f4b0801d67dc6711837d5f9ee5d4a8e50825e9c03acc4132222bb64ee7437d7984d4358bf873cf1edba122c3d96149a2e3edb2978ae11cf0e329a3315d5b82223871b6e078c20db7dc07256bd7e081c1afd0670985fc3e71c37db70335337e1e1b2ef7740850dadd507c43001d2a73e03d0a22044dd58bb3ba6aa8c181f5e31076a0cb696e31c72abed45e3a58770b84a0ca51f39afeb46db30621cd8aeedc0a9e6eaf4b3e925c00cf3e754fbc1b4e35be563ff5ecdfa75ef6f36835b245156a429517aa683fa04048e6d9872718271321145573a702dc6d036a1fc7073a95dde95e4df0f536601d7f8c5748c18f091fa92312f092aeadc0da0c5baaa83614f3694b9c322863701743049aed72b104ab3770d1d4684bd3ca1558bc7b7e92eb8b364ed5ba786acad23d8f4ca71636e2d29368eaf9283a9bbea321d86626dcbe667b7651ad5adb11f599eee8ef3f23dd1adb2e60b21c0521348042cd1650d85c6e7282e04193127afdb63b4861b7455701bf097c38e9c58ee51f08870cb21469dde6796e1331fb6e6e081ac0ceb96d37254243128aba47c40e9538fa1b27db305cabc804e3da4400770367a81f2cb6b7dfb2f521e0b9a8e78b239cd7c284fb6b88cb144d3587b49791c7399c94849fbdce32b0d110d6d446ca3f4afdc4a2ace20e2e6e347311b2a99703400929bd4957dc04a7fdc608f61e69b37b617fa30b65f14694807d94cdcae6b550b972b9a5864e18022ab66b5b47de07a1049b88d3c36bc1ceca04b7685d607d0edba6e90b4a5af1c8164b4133a2ccd8e0856340409f9290026081f9f761678489c4bc9982321b999ccc82f947ca26092e55dac73563d2ca5c4cc78f8316a5b1dfe1b2eaf8bd64935c421a0ed5459d286d892fa435bedcd6f59575acb9e46a8641cc606efbb64cca9810f8f54dec5298ab4c1d2a3c8f7097f9248b4cc7ffa015baa3d1fba89de02c13d289e019b5c3f5ba6ade52abd5d20daa69293093863808679cf5ecf8dca893ee199b0a126852fb70fb1d8a67b0336ffe1940419dff059e9d84553cae3083d87f62cf72c6205d9d240e94189a54f54bb3f23c5964f6eda828cb1e9af240234886896d5d3c2cc1d91d866cb7ce10c9e330ac92f50b9b90c4e0292cb4afe7e47f1641720694d560cb9cd5e2e07fe834b93fb80c81a15121592f2846f3496049b5a2f2f22fa6b83c74e0336cf2ae769b6636cef4e5695e0d2ba31bc88bcbe09a439c30b413634e2cfd6d5b5f45d584f3b26916ba85d9a7832d7415a06686085144c1eebeaf4777878c5fa7f23d2c6132c31c466bd406438640809b8b4008566a9ef7ab40906dfb80e3e3d0f4a958160f630c54669c5a176cff3d1b2224aaac95dc8ae253efbf78a5408f744f0a56d5c22202014a977981706dbb3fb48bc28df3778188d48806ac953d99b8ac316d0adc4cdc633d13733e23c446433a4bcf7906ea6c94abe540f01a8980eb4f19067b0c3895bb1121f5cdf3fa76b20a0c749d4379b54182673cd6dadac2a5cbd896bd1553b48a5325b02bd9a0d4c6932c385becdcb606c102a00b049dbaaecc52583aa6dd362086c0fa8c6d8c2e52ed1179fd8e9e91ec3a4f2d4865af2f3ea39b4e37a1690da1e81c70c4cb3ad914456a903076bbc9b457ee27a58063b2d855e105189954a442e7b510affc11501b41747048fbcf8f9e40b29e2c4cb4965b62c1a3da21c7eabe3bc4a613ad60c496bbed67bcaa6ba527623be2f83fda896dbf58e386838a72ff8f0cd32affe70cf0e24bc1a3a05b33faf69883cb191bb9d869f01a3224ec9b0cd59b87a7c24fe06ab454ce4d36ef1e654357c93633de2e2596e620a286b05495c43f6b78f8812675d847f5ae0efa5131c6238a47c863f5943d72bca80d4293f58220664175775f18e279091a9695b583fc1a460dc9fdaf68de2d802da7a0cff35f26f98eb32d68d949be937c832c67a37ec2ecbb668b129a0abb2242e1bf4a23e246ebbe0d46d85bf2538233b7b8ab80a77df2d18f6810bbf5c453c5e9b574d636f93f49ffb08cf9cc9e414ece3b4697718e6e4c23dc45bc0ef0ea0cae319e8484a911ac57f0d05ee62ea13e1dbef79fd19f13d2111bbc24db90715a6f148160ac3be36525b4ef29d3466034cb447930aed6845bb65f8fff2e0fadf366bca29ecffcdb0a0c9ab74518724785d11b98dc9c4297088ba520d5140c6bdeb0434484029e6e353671f951494093b67e1193a88484b811b988f5767f2e1db8d110fc9bc83fa4fab484a2aa1fff00b01f8ecb677e89ccfb7e0e300b4a4f83e56672f8f2976f586ad11041eab3aea6861813347bd89f1714183318b8f34f3a9fb418e878c57390e0b6dd3e1da67f5966bc9600cd8a1e1cc598d0eca334891198876c42ffa658a9cb72642fa3e72e203fa1a0bb36d9d70443e7ba5f594b25d9e72c045ccd586c1bdbd9512e32ce87ed79aa401ed9d3b2f2775b872e74fa356643a82b5fe0bb4263df0dea30018f6cc0e81639c8d94ed4e164c9d78c450bd85ff989708661e6bf86806d077ad1739e57a8c3f55ae2516e2928bfa2f51906bc4d694cbcdad3a1435644684f3bdcc27bc81549566aa7c0e496ae0fbfdeb9a92cc61641f01022b558afb7f9c578d8c140d1bd13040bf2344c0bbe166e5c0c9b3932249cbb9ba00306318e4b5f78e460199dbad585d73c4960a68c480035d7d0d4502d376da9f9ba43180f953fa9f100e9fe489a0649af9c4fbb5844ac717c90632766a84f8c83eef15f913df8e9ce1c3da3a72d3cef3e19ec6573c921cd0ed1685cc7e071931b5cd365b8705093a918dea15c1494a7db9045288267eceb39eef0cace38f563001fbe70ffbd34e321c87d681dfc53ac075dae13f2481da625c5e231aa9e8a0fffd28e1ee11455d059e34c272d35d008f8ef540ca95db2c389c25eab06da6279df8c621a81188f01db48a8fb6b27435bac72b41667602474176c34d5382acbb717e3a34abb62ffe9b1ff0a61915aba21bef939b4661688c5a6e76e343879b5a3daee10561758cdb3757fe3bf0440349737e39a0ebc346c348cf0cbf74efd1a09dadab896dcfd42527f18648acf3ecb152e7d7255d1978bb5291f1da1cf5996a112ef414970dde757917c901347f573b70a0cbbecdda06d03331ea0230a19262f87ae725637830b0b80bc78ef74db14ec6bba73e77dec890986f8527e5675fd0d6c4e2026de5fa60992b84757876539c3ee1f3c8408d0a9d717abd915ef893e52525f067a855677c18e53e622d34a5ac0e8d6d7d1059b74ae1c7ebd345432929d60640b30e5fa8ce49111b0d85546f83b4d917ed976084704fb10aeeba397862417eed6942351902604832d1dec71f2a406ebc5071393ef44f48a5f04ea02e01b077d7fb9216d915a38453f16f82dd497f448173815ba4ee7b932cc4c0bc01a08397b39df770c6f48f707b9e141a568c1cabe7166a59cdbfbfbacde7acbbf4eeeca872d2a4e970f637669f1dbb4d46489d55efaff5fde39f4f3cbaeb5b0029013ba103e4a383d1852634dbc5bf98ff16278e754fe9e37b9e3dc550da526e2850da6afd3837cbc957b096ff79a185cbfaca9bb0a796a8bd12299f5e0aeffd7f1bcb1df7ecec100b978f4554e81422c797d6b3ec47a44a7238592f6b0ae0244dd751dbb3c8f42552e1dc6fa1f1949e9d96d2da58c8d98d1e6c5d282dc7e114aaaf95a0c017e97abec68cc7879cce8f6438e81c602c8dc41f7b6ece6b5d7bb7681f2779409a61c6864482841b18c3abb0ad80b5c892917d3301b1c97f046f15aa7b32356639951a5bb2930612d37734f1cc67bed91a03f9c8087b52bddf20b0c5d7fa56d092cc8a5858cfb060d70d586e10de7043b9341d75cb64ae49e295469783f77e5b412582d92af73d68ab2f5e49ac8f7551efa7ea571a5432f440a581399cc3c317e31fbe08938fb40e0dce4f2f7b38b1904a41a0872be9b2710c7f4affed19beb057a5652e3629e2a0927a3738efbc96ccc5c6e2f04ec979579599b685b002cde95fcfd4fb3a4420ae524891730493091a2ba7bcc5eb5161978768e46f646bc4ecb6bec3edb787d1ad963e44a0d981896900a4e41820413a68d6955264995ed8840881f5303850ad2098921153769c94e660f41901780c6e57606becd586a3d178d6f23a3b8c22ccc70458ce995f545a230daa198a9b63ade4dd1cffa7333b55182b4f1cfc2850ae248c964feb1636b6a751cc0b7ea7a165a0af873b6a2e98b67bd5d00d33195fb8afb965728016c888f1ecacca6154be13f2295730fedd34330349506eded68adfc1086b0c1d5638aae9723cdd7dc85e4dabbac9c33e0c23bb844533b2a6be8288c02c59c5938d42f96eb65599046d62e4ddfb9293487490c07b605998781683a53f072e88dcbd4e880dc3333b7338ffa4fb00c070e25d7f903141f77114768250db491d34df3a001c6c736f7be60756e5dc9d83ad506bf789764520b07b977596228d096cfa4b5d4b202842f43d9967bba800cceff8b542506dea96470adde7be6ffbfef983a8610c9a425400a688a44084b819037e3ef014620c7858d01762eb4aa36c71288f5f9b81a5ef6e885af6bc0ba0440e5f128f87411918524ff12bbc8e745b37d8fad451490d53131ee4e2cecd0ecf1ffdc25c3ec28706f88d045ad0f7796e58fd668c1d4d074328774a3948bee1c920d417bd194da5fc95364d78cf24b91327d40c8c6774c852a97e1b6cdc7b6572e1498b0bae4a94392eb3fb9acb900d49ec3fc7e9f2b0134aa0b2cc4977e5e49868259070566b2d814bdef2fd0da2c95fefec2b0f1fea72f27e9d0e28f36d4a841d11f8f8b07411d88da21ff9f78856d4cc9d1d02b45f4d381", 0x1000}, {&(0x7f0000001480)="0dd3bcc339f1cfd09369ae00d4e2e81ba161df0a23ff49bbe6c8c05976c326c4f7f45c8d06e6def7d5dc3491631c83e6a51e6c2fcb9ecffc8692516e080891151cbc1e005c11a8767e3a4039b2f96e90", 0x50}, {&(0x7f0000001500)="db19784fba765f8453229da5c6f832cfa6120ce7ccc4d383b478e9f31b1a9c325cd686f421c7f4c7ca09183e0b23fbe0479158c38cba4389c244f40c7f85dd55531a4370ace646b09b17b4cd7b3297ebbe47d466cb3084d44d595b2cdd40c85e0d7f30812140d9ae76eaa73721f9cf4f73e48b9740aed3c108229874dac1a8050e0a5ce6e4b69c8a7faff043d4098c87c8c8dfc1fe693551e35993d1f86f92fb70017aa64e25766c9aadceb14f4c7f31afa1d313ded7e24a8d5a03782ea4fd45a45004c6b8516f9de2b70772e26b516de61948d642bffae7376bbd2c4bd1ab8630dbfa86e0bd9c122c4fc491f1446ef7a605d25d4893ebe45d76c280eb78458cb4cf01c67c2880be6f7c8c8fea4a028118dba5cd74c05408e8c3d07b20acf7f2be3e4d93f89669f8c4bee1743824661ec294ba76f668e7bb4c580b8e6dbfce31a8591a4dbd44d4a27fabcaa378403fe196380b6c6921f7d835bf17c6894319dc9f3cd682ace0c059067e47aa59c910b44f0d5c55450e69491dfebaede53171663403bbf358147e48f38f973b0965b0c4971c4cd7b77891fc54d314c8cfc7551db94509a78775b6bb7c7a3b499ebf25e92a85992a6033cebaff86ed875d084c53cf739e51b209d917f49986c80fad0247cc27a90ccc1f0348b19fa73742bd97e66ce4dcf9c840672a0f213ba0bc81a653c701fa8912e7ffb99a0670c33169c9db4370d6a3898d87be666d6a138dbe3408c5a69fd259e6d681935164a7304b290da4182461b33c81ae7eace99473140985f8a41d4468d4cbfa5ce042c719569096ea6163b6fd88b956c455ea20ab2adece8eb90190ccf7840d5579195a25ed8b1bfb0e87c6e3c8a54afad265ddbfbb12c0efab24a2477f6475d2ef7163c5f6fb6d8bd6027d1c39d53452363dc610e012b8f78cc647ae9b9e418ce89c17c1e6ba03dfdb8df8bdfe282c1308a08ffa66b214648eacd4d70c4a0314d8a71889671e33695a06bb6b39e145a4a7bd0f812d57bf385a0adeff85cae13a8d0e608ab7b21152280d8ec268aa83f8a1e37c40cf445faf4ba6da62fd924a84a3f234104e7c175541a749af8953996769b7c00fb09b787c1683b57a6cd715186ae598b78b04d959c96d5823c983b9399bc3471382b90f26edee6620ae24b91a3cd835651f9a3960f32bfd0204e6f7492072340b874d379bbdbeac49e86d17cc86d6d699f0b7929d90807eb94db6f38ae10903a4286fa3f6a0dbfb8738d08e0eca4e858ab6add1ff3c3f1c38b0772934b363a9872b15be01454cf9e504f5228c5dc5ab86df12ba1111da838b823e1dec568b145800c7503beb47f61ab4d65eec2acf2ad3144351503b1058b5986650815c8201e1991c6d40c5af4bc9d483ff435f94a240f2938cc3f34e62f37ecebe71d1c817c63b7c492d9effc5065365ff560c6ab34396ecfea5b8f32d5018b80ec4bfec91f43638a79cef6c087d7e44532055f115c85c036aeb1b6735be5383ccaf9f32f545bad2d10103d5397727123459e1d20604aa6925f402e6b7a787d834da56dd94b60c73623b5b7c3ee501be81fdbae4a39ed56390a772604839d1a7d38436996395cef97c393d62da6490ce4945ef89394fcd3514bb1a018e3808e74f3bf85fc29a933ba6761c81a7f003aad40a767a7c0017c1ff1f65fb49829f5bb977777e71d564ada07413a2a77b0f90939705b0b102e31cc25ec3b12bbebfffd13151078ee6e6d432fd74dd58d7190e383ff3bf47f7dd07a7434343cc859e09d5358025a48352ab8a19893afcfe91bf5aa60de889fd803e5b25bb96bdc42e7f7808f79c6519f6aa518c518ccb3a9a1ccde66cd776f91269a101a3aad8415ec3e8fadd647242201b3cc5f5f966bb8934bd5abd00bdadf7cc24f90f9197a222ab0ad63c5d13d5480918719add49b439d15cd7cd8aede33323c8a4e2a52cc8399b26eab57af353394ee0a62a27dab411e7bf3e6acf51ef9aa75246a69586a4e74908e509379cbc08dc5c01aa81213d5cc1018c132dc5e135cd9c99a21a83acd7faf4f57caa86044d4e5cbcdd114532efb628404d4d18628cf74b31f5925bf431031b75a00955da728713623abe38638f4e0e9c7fd6924594b7d46f3c9016084f4342eba39c47730c9b08ed903c29d17ac09533fb2cab84950dbd9cf40dc57f3cafabb13222408ac5d17a466cb1b0729b8d6ba2d7216f795d48fb8c9daa4264a0eb9d2a686db9101580aa67b1ef74adc45e07488e80a565d6acdf2f1458ece58947a68f22d4c6f82941fac3f9d497eb0722011740efa1a9c247afd064c82d626d48961bc35e7f231bdac0b711ea22aa0c8cbb7bdbcb434f57a43afb0e5fe52e38de965f705f140cc26ba8561ce00daeb61ca2e9b7103b46252ed05ee76129a915919b5869a8e4d1549708f816e0ff856b58f8afd920495c67ddf5cf1c264b17d9c33b5edab1e2e65b09308893cff6ecc27b490afeda59220f86422e64c8f7414adf8906fb427125803a2ef0f0e4811ab3244db8651f9d5e340cba6de8dabec92c34380db26c0110323682d03e9b88d50fd046b162e32524a687303df8977070716cbebcaa6607554e8f456f6af5825c72d82b90e9b0659617bdc3edab7e7512b69a94876e3303f81060c5686911567da4e4edb378acd247368566b559b699c66a7f2af9b3a509985414d3015d3002c77e3b2e02f33957928dbddc6462e92c816ef48699e04e0e636b936a30f4751a6e63f638535f2e0c0cd8e765b7e7b4822f59c0f2df47cbe684503d9f6b3c3016627a726868e2578b17f51d3beb9e43a838209243ae29cd7382aa478420f6f7db5cfe9901a52e2ca17d8dae4fd71e1a73de35ca6052429b9661ff6b87edaf850554024c6b9d33c023a6f31dd4d00a73905815a819c963ec24eaad91c8987f2e0cad7f5574855bcace8e077d6777629a8fbad82a45e7bab7be97abbaea6afc31fb00bf7f093e933cab9b0d22ff810080fed19fb4c3ce2d312372321faa532ad44fefd34ccd8fb41ab79806cdfdb9762f90932d4f951fd5b9369718b1cbd3660a293454d622011a221f67e04fa071ab9f94a3b31b659770ac496d1238258d53d696f1e0753d141986b3e4104bc27f88e15aa4b609855a282526364dd2aa5f8c7f9f89515bd733cfe874a8cb000d0433699284ab118d2cc7627ba7f2b6d54dd6c1edb4c4dc0e1f7a6d1dcb27e443927fdc25133a94f97204423863e836046cb72bc829fbd8b418627de2bb8fd0ca6e4fd82f1be59ea4d5461792783efb15ebb109f9fcb10e57f2e9ac488cc8a260e5beca45e671bbb44f373eb02a973706fb4659865136213544c113dacd1deee84e33f37245df4886048005622bd63b13ef65819ab2f6ec6d29eeca8f577eec8d932ee89d7c240b597ffcb52ae9cf889e3c54ff05a0637301f703fadddd1f49efc46bd77b9aa01293cd6722786ef626bf0a672dfb077bdeac4f47d643612ad526d00cc8e94c8b74fdab471c7ec445d6b42c90df5ffe88a3bcfe07fb6d5dbbb3870416254609097b548bd9d881c9bc9f016b34353110bfda1481661ff40864ce1a373602425ca94b76ee6d88d1895e911437089a4b880a73e858a0114f104b4deeec203a5a21eaeeb7fbe3490233f92f3b069f663ba98d4e07872dd12f87957ae7b42e5a421a8ef4bc81c05d2ff3d34dc257dc992643807260e27bd8bb3ed8e70f2415b938bc1c977477df5775da39a4db98d4394775914be5bac5a4ab5549ab0c1d63f6dab05a0fb6d11512b53ce947850cc13a961dd19991b449cb44316736ff01d6e3baddcba95abbafc19288970ab4ebf566d73a1aaa51270a13bd8591f6a7bf8b65ff9abb3facda806a487681d42950a55bb8bc985904b1c6ffb58491428f2a5c21728c4e1ec392b73d92860e8787ee0f3f5a9ae02c7d6fadf93f61195d10ac0ac9d8e42c2471842eb08c0641895c6e0dccf422d1e75f8f74216de1d421109d19623f019290ce107ec7479ce3f5ad7b6cbfc4ac7dc22186e458f2cd3307336e7032eae7bb1b7bcee9a879223e6bc7bd751c0f07f69c1337efdd2856d717e0423302ad61d879e56525b33ca374dd54c750dde33394d1afd7f5c21304aa04132b7003542d1336212bd2571de9515f97be275cf28bbeb202a07e5e9e7ddf4a2d44d6072107d885e8c8f2faf5dc696e31465b5d35f0ff00ed1ccf898faf767f58e7df68acb782a1aed12c6c3f94c1a4e50d412618f58729699aa410c2c7620e67573842d8ddc8f1d90067f0e8850c307ee42a61c1d6ff4f15c68d951ab2cffd4bf2c58adafaad73f9e59125673687d86877da06d054c2d873b95a7212b6dc675a6937f6197f97cf93a7acf3e5b2b8884ea17c7861c7a44f8ed50beb2403506bfac3a1b2c9ce28d24dfb5f6522af6d357268a4a142a9c1cf9ce2eddeb1def158a2fdc0b879b9526c8a81bfc06687e8ec4fe8dd7e8bb7d5c0d2867674c487f163ca7401aaffcd214ccc9320f7f50c34e60bb392acade27c1abd4efd01deb3633813c618697681807b34c2fdad5172caa2a10adefd4ba17a396863a1ad38cec478924700931952877478cd734464c85452172d2127dd3e03685b7376d7c28840cec248041bd673043dfa7fad594cac0fe81b2992cf60aa7659a623cbac224fbc0c3155c8e43f8c7f5a0bc5881f1db2bc84e941589cc4f4a5fe9a03f84fabf82c2f98f3ddd9a08c936fb3f424a3e8938b05b7ffc5f0b3b1d89b8059a6627777f548b3abc2ef04afe568e146129e72338ad7590902fb4caafaa541faf49fc73b0c7de27c327d856fce3353ca937ae4f2684ec7b0c9b4db4aa0b1fcffa22ca23ba8f989684a1c7f1d47a3d1514dbe11a77d9ede3634c5577c8f43d3b0ec12c5291467557be57c9368fdf7e8a7f777241c1e2af588e227706d1d93b223a026042989aae5d40c8b5e231b609e8d16dd51adab1840e224e3c7ae23374c6d9087490ecd687e88317554f07424942dca93c013e7d78ce9a5f7a7952507dd79dd4cd72cf63c2cf130b3d739305e22981dc0888bbded528cb2fed43f8d6c76db4e17cf9431156bc9a90454479653d0c67037e46d9d123dda19f5ce28b5fc0a5704e76a4ba1f25df0429dcd7ba3b29be8498fe784a7732cdd0d83c504fffb2e6fdb2d514231d6c91e93dcf6f91df48bd3205cd64f1474f5bc8202d1484842ecae3da531c05ac2b7ffa6e233721a3359a9f287df5ac3f79a06e0abe4246cd678dd3d71c1611277627fe8fe93804edd3f32160ec1325e86cff91c2826553799d9d685a9551575c027b5415be1c2daa81472e307aeed16d892c252974333e4ede61501db644310758c418d23b1e9fbf0ca6d6585947df5d81c1035de58d10a3273922fa946244cfa9da5531b7827105ac9db262fbfa1ce97460aee7b55527298c1c346558e4c045034521fcc515bb4053aea20b2e023e649438df0864357b0f1c7469d33c0243c5f5b42f6f068d366b07bb7b151937a33bc1befbfa24843d449d567946bdfa390d8c9f5c14c10445e0bc0b78ff9df0dc61b1722bb58d19bf8b7f88322cc55037fac67d395238f65b7fb3610512538bcc611c17cf05a940c0e9a8c000b69ffd4a276a25df5e45bca8c4e1c8b7cafa54c396c80647a35a88d2690d734d1de49ceb040020177a297f5888b646c516a9cbe633d70f1691ca68174d6a7b79f854256e6a041dddfd2b58bd7b63e33d31382e2e1efacc106e5a0412ccea1b6802aafa8e54a53018dc84755c8f3d96a0953c6644e418380ccc48995bbc37e69022b58494cb36c", 0x1000}, {&(0x7f0000002500)="9e70b21025d8a097033a6444335936e77b75920073ca716ac1ad8c64d174034576b77b451f91da5e46a7fbc84800399d858eda43295904897d8ab65fae4ba397db78a2f7e2f2281cf79d91e265", 0x4d}, {&(0x7f0000002580)="8c9db1d5e70fce5e8d112332e4c0270f9f67eec87e69bb063af215bd8781c8644c4462c2533af8bc70d9ae2302041abdd538beaa83d690f3eea647ce53afe0bae85bc5bbbef8b9cdf1d622028a1441712fc582b163f890a82d5d42a5fd850448eae0377439a211822af6801a3c17d49d8fc0b5ce809a3f7ee0054e81a62188c3f6226150937ba595749559446f94bf9a65ef1e6c00", 0x95}, {&(0x7f0000002640)="5c0e2eb5446f2ab41d7eefa2ca5f145f693b2476f7c4dbad87633ed0356270b0186e22df76bfead981835e992527b305db13b0f186c17de7d076655d6dd85005e8b786a87506535b1681e9eed74f3b208393a2996e9c1cb2c595e9a41f5088c32b4c22fd6a9dc7f8e94d1163ba2948b769fbedc635854844f040a3ebbf07c2af82745a66bfd4476a665059b50f1c9c7b2a765171ff7d713138b2f5de79058b8c36a396ca12c2a66201aa82931117416f967e7f11c414fcf1ff476686724df199dbb7f13a25466c120c277d7a3486c5e5abad0aaa7892a993aea2db6e858bc7493ef10842972c7169aa9d5b41cf8b043e52827cf0de9c06e48e83707ddb102a4be2ad01d9a8eac967288b80f6a0d2950e100c4f31b7bb11c2a9a50a540f1bc9b01dcd79956861e1822ffc3ae687d4e7b307ff0e63bc5591a06459399dcdf93a36e7bd035cb28ca71d29fd440613ed0200adcd01d9aa02cf9ab0de74c359e1a30185d1d425193b60a6478058670d227ce10c77008e5001ea65699c5e363c5bc14bf1cd40211f6b6cc3b9834116b63071845c0fd92cdbc219bd22e2957847e97ae322263f9a71391bf6c012f61e377e8e0916ed034415b55982daa3a164863934390c2861e48cb7aa888eb01c4e9641ac7faaffe9d5fb4c550c79faf0fbe3f08cffd8c06a922b41f7f5d810642ea87d473723ec140a46b1ea46a16947de175f7ef2e49a50d0a0bf57ee3f543f2f7694de1c2105b08ceee95bf82daa3ce3ee307ac36c53b24cb7bb04fca2e11a43f6219df4a69ee7b6ac3dff7043e4caba80c652c7b95580b584441988c2c6a9cd18728fafcc410172f172270c0d476945bed82f5f0edc834649d4b7ed189f813e226d410c3da948cceaf5e9e70986508ec97ed395502e56764e3bda6ce8c735845eef609c5fa2bec6e39d533c391fe0aeee06365a3be3b74e332e1d303f0cd16dc7820afd76c5bfad378eebe08ca9b6156fc041b95538ea6ee1dcae43d0eb075b8ecef09d35faee966ad5fc9bc9319cdb5558f02ef30566a8aa42b7bc5cd3b0ff177f6bb7762a31690f9d732fa7cdeede3434097edbb9b627cced13ecf023fd59f659cf157064ab14e59db05636a6dab27c672ebad3133fd6d25afc6720ab257169b416257077fd2bdf604fb29e7d4fa0cfbd6bdbe5aee07fe21da6a90d9e269a468404a44a35465f518a28a70c334384dd43be715dcd1ba95cbad94f988d3e091754e73f6c5d0d3a015a96609323f4905aeb1d5fd9b63fb12dcb7718e3446cd762b131da945e9213cce0db3fc52265027d9926485962ff71538aba7d397e26f49cf107e4273dbc615103c8ce0eb3cf2b4f6a848fcf4aebd8e897353361e511c438eba14e3155c73b6fcc4217df2e2243b64f19e26b751c0e02d698b61e0a48520cc7dc4d3dcd32416ac300d99ff14bf8e992628edeb5c4a3a22a9433429dec265cc23d206cdefdccdc256fee8f928883922b92dc3dd14938cc8f263f0752f470f329e6d8b9bce93a232866766210a70861f6b3eee6da09296cd65628c203acf81d16f58ec8f9b82730cd644713557d3ef9c577e93f9b06e71ea87968fb4c62ba19bb5fdf760e5a0993b8b307fad5702d3a921853921eaac5f605573842ae66eab1f7dfc4fdc16cebee2c3cbafdaeffec9eb579ea3015141658e6699e056eef7d750d49f2895ad5f0e37a96c8c5a2c3e5cdcb5015c1aa83053509f1e16d90f2f1989077c1391817d5ced17f3eb9b173db430b80f17d88cb167749382bdf15b2813317eb78852a3cffab5613d2d5ffb9365943211830f51b656f88f33fe6705f137af490d8539d63fc328e0b21ddf8b35be69e7c9259574cdfa98b6840da97ed165283c9c8d62c68b30dc92aef71a32e49c9e457dade2065937cdae5c2491210be88cdad2918184419c7e005fdf5b1e1e02c2795d0487f20841544b9556b10ae7497c9dbe84eeab0eb84ceffaf0ed6fede21477633f3b6e42d638f1fd3b21f46dae150b889cb9049892546b7f6b6914e35a81dd3c472de404f0994d64a5923484671a35ac320777466a1818d75d149f3ccc1337ea7c0a40431abbdca2e5503acdb3ab40bbc73cee58560cc6a840462214cddb6ef507878c944a145ea63832589d68c75e615500f9b98f65289fe4e4417301b595f45db849b908966d34d51fcf4562861284955ed576d69375602f3b59cae7efe8360233e764c9367c16c07efbdeb4788edade82092bcabeca3486ffddba4656c66343df23a6b8aa67f49fab9f63b11a53295a71061d0577db485b4940af951eb5b8cdfddbce7445b13479be2d73ea36a4801af464cfdaa853249e7f394419f2aa518ba97227c7aaa0e06020246f10708202ff0dcf00856ca0581e45928a8d0943f9e64d4bab65f7c6e7af963896c4c9eac9cbe2b05711d6ddce99fd761420be98c995e265e920f1be989c133030d882113f5b51aad97ea5fc4c504c630e66d52089edb1d94dc8bb705ac326b4dd344bd7bed12e464b771dd00e7118312288c0660162a6526f37e5ff18f6c3dc28d3d654ce99fb0757f0b1f2e98f014e2c1227976e9f4d8f28d775a19c493e5a7343ef5c0bd783a14451e13a67a1e7aca01f7c8796b36b4360906e318835d227f0fbc51e4eb5e7af2e5c19e795549b4f0507e32bd628bc376d0584bbc9af513a885eee2c4af2a43d9ee754f7df1404e3ebedd1ffda158fc25f68813c50ce0d50ae6c468f27c45224b3045a59a7fa9304c10d65fe3fe4f566f6de33b8d4f94f418b0757ebe57b6a8ed81966579642bdb43b693e26ff41bdfb01bb5d6c348fa4e4bf90be6d1db830f11e3610ecaf760c0122554fe5506ab9a471027093377e54aa1113625dbd32f24a7b92243adbb3d81a0f5f01782eecb52346d4c47275a0a5ac984cbe6ca808e9ecbc7740cd5c2d8600a84c1bc0c0c8da3e2203cd54e849b9cf01c752d36eab8d95e5359e1df1d26b43284eb2e463835427fb68a08762a9fa8515776ddddca7ad24c2d5c8fe266c875529a681b96c06ffa0a7b4c94ebca523d0a18b1a67c1350e231df08af4eaf5091c226847142e8eea08f6d5636bc84e1fe3a8546cacde5c1ebb8d0e22c5b340abc7a70532a9c306f7f8dd6d6c5ef9538a06b5db508f58b0fb126c6ea98c041e49fee6a9cd10a9e35739032ddaaad15460319e720dce31e3b68dc5ba0e720ab3c8f8fea24b1ff8b72a68b8c8d6f14ccfaa7b21a2d752e45e29ba29edb2d8b17d10df372a675c43fa8e9da063590bda71ec7eded939cb44019d1c351db2931c7316c9cd56d588029a7ed31dae35e9597f6dc6d93a6d4b2c2263a3bcc80019b524bcc825d6f7dcc11074cb5e90b5e8d118873877642661b581d9af9f0938bef87adb2d0de5ed6f4072fa1c5ca8c4d1e4ea38b029000b5043670e579159b7a2ddbdf34ff2c92288f70ec426fa83a2273e195f7c6001c442fbb2302e5ad80fcb1daffabff324dc0350399f8f4beb4fbafb85789cb36c13816fbab61654e744f1a394929f0ea90736b814e86827f11a633b6558c25dc4c608134e10f6106815a9cee6384c1f6061e7d3c1b605e656e65f4008046765453172d45adbed6d13228efbefd46b7887a11747e9b520985da687c200beabe69f064cd7be8966a716caff4e982627d81cf0390cf1fcaec79289f712b157c65a8bc3e330338b9d092e8ad55f6570901c292fbdb5d5c6e4b62d6b379809decddb9834b51fb36af06d82cb81aca932969778ec454e6aa52084638bbe5fae177369bc4285783a6fa693ad66210f7afae0fc44d0cc192d95206b5ebeaffc978cf50745ac812484a4a96c989193f9a95c77cb22f627d64fda2b970b6f6275082510375102a8ab0d5e625514e9661772daa24345258f886f5b6dcb2e3601a6c765442a2910c87bb6380668b2f5f56834817b3a94e8f486fd5717cb83c3ede7dec9e0908c1d4043f27d4314192c99affbdfab6c97ff0479cc53b94ad9622bd275f69a46d90709c842fc218f31d9ba960bff9545a3bfb0303ee79c8481b1ac43aec9b4a9e5db321cc37fc258c61484aadbaa5678959bcc9a6aac4455e02fd7a4f9d09242f37c041bef9ff0d268f61ca4a8d915f832f488af9e510b63b68e96039928017fd1342056eb86ea3e36f698216667e4ca3f34451fe70d8d54c986cfa07d31c41b599ffcee8cd151f86b7873c4b95fb2dbff226d91a94ff33a127172bc80e1c3ebe194aba9afff7934cfca57ed403532f614c0532ba519bb0b29f6de50502303a24e9568e686b6fcb772d103bf9a07680d4ca217d73fed329a0ada341eb7b0f18cfee7d4b6b72bb1efdb5ed18de28ecd057c8f6d89e371c93e63c4182f1888831780195ebf3fd2a8a09fdb15b0651505335e0fbf1eb0ab2422a995051ffece4d5a1bbbc30e412507f49a2b70828bfae9251bddaf03d2c966293f25549cbf331f9baa08601776481957886f1bc789654929f40ac3fdd100285e78e0c81d5344cfa4fe8fcc4738f508222eb5dd2e29c0f01e700a4122438a4e8cc83e0959893cb2609e226488ab7416bbef9ee625211d4ded3b1745c2b571977f5393007da3772b4b00a44220fc99ad75f5a42e2bef17894cd836d3165ec073dcb08e1a0604c39eef38aa388d9b5bad68715b06494b312f48830aae968bb7124b7612cd9b4c8f0eada9cdc69c7bd949cb3b9ec3dd6b2f7c247316ce2480e2b2cd4f3dc3e9b2f2c62e18253a7ae845d6ee17d9eb9b09cacbc83d0f91be1a9dadd6d69171dd15a93f2e44168b6556c703d718aefd49a17a08e2430042c06568f08bb888134f5c7c9b65325c11918115ed7f45d8c5506c6aafa78abe823c6b3f92e2c9a44191be13bc1220fdd306f9f29f5a382386c41cf89a7354bebffb2ec57989d3db097bf7de6ae5e9a22704a215e304915cd8d503dfa5580c5acccf34efda06dbc743eff5c36031694f232562b643f0757047b956b96f5e3f9953d08207fd64049ba7b743e0975a81088dce9d490ebac358bf806de98dde238dca2f9b18a066ff40fb837b1f4c88e87ff92b67ddbf8dc3e9e776eaff5b0dd0175f6fdc7f035c4cae4b54cf3f1b6db91ec07e140a178287a72b141ef5e8daee6b50ef84a35100d4e63a3bbe0d6d0a5da5f62865075520a7ea510be47db67bd05bedbb4289510ea14cbdb4faa2f6f7ca17c6f9ec2758cbea9a0605de298207f4afe5f5134a5451335df7edd8ff722fb0d97dc21f13d022bddf54b6a6c3470a21e01c83a21e1538ff4d4385925a52a62f27bd012036ba13a5545d8576d10376b398b5f9de084f1229f5e98818137b5f607c6233174e476275e78ecd454eed544c2d3cf4359b04bce13d9dab0e166e6dee0bd09cc58a2a1c19d1b9c18843ff0754d23ad158dbc5d6e8dcb238bd205a1bf098166593b1c49005e5762c90c8fc77902e42be9cff5d0320c4679afe163a6bb212485c0979f509006aca3a7c487bf3949c351f4e87d6d800a1ad2fd7bde5217516f8fc3b321bd26beb3f756ced55f0150c3c81ef8752db3365859d9af32b603996f859949c548cad752a28e476c76a1e983c47ecaee4a809ae83c8f8a4479a3d2f1ace3afa386c2b1ef8f1a8a4b7af3f5297985fbceab6b42fac7a5fd5e19b10ad55734ab5f53de7fc86e4ff9b4c95b661e8126a10c2729bc8a3b9f2023635d2c52a371fcb7784eaff4655e2b7cb060de2a8dd62aa210106b7894cd0f1510e521f3436f6c4f54cd07801aa939889b32c9e070f524f040df7235db1afe329e8b98be6dce73be05723b1b1c61862786676bd674b4", 0x1000}, {&(0x7f0000003640)="05759c57beff10a65c6c353b564e0ffd273687dbe446d7479f505f2ca63f6edf994a8220e1b0392fcfc125ac2584d32aa30b0321b09658c08bf3f368404eba91b13676eaa84b9663e600e37945f9f1516b52aec709ce5f10b879906c4c8a7f8912af8c9e957ffe47088df06505204217c4f24c2a2cee17f25f58e0e9f618c0b0d52555aa70f15af15452", 0x8a}], 0x8) r4 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r4, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:08:23 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x2000000009}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x5a68, &(0x7f00000002c0)={0x0, 0x928e, 0x20, 0xfffffffc}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000340)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x625d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x12, 0x1}, 0xf2e) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000006c40), 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r10 = accept$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f0000000500)=0x6e) syz_io_uring_submit(0x0, r8, &(0x7f0000000540)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x6, 0x0, 0x0, 0x749206f6, 0x1, 0x0, {0x0, r9, r10}}, 0x4) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x6, 0x1000004e, 0x80, 0x3, 0x1, 0x8, 0x0, 0x8000, 0x4}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:08:23 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x2000000009}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x5a68, &(0x7f00000002c0)={0x0, 0x928e, 0x20, 0xfffffffc}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000340)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x625d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x12, 0x1}, 0xf2e) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000006c40), 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r10 = accept$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f0000000500)=0x6e) syz_io_uring_submit(0x0, r8, &(0x7f0000000540)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x6, 0x0, 0x0, 0x749206f6, 0x1, 0x0, {0x0, r9, r10}}, 0x4) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x6, 0x1000004e, 0x80, 0x3, 0x1, 0x8, 0x0, 0x8000, 0x4}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x2000000009}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x5a68, &(0x7f00000002c0)={0x0, 0x928e, 0x20, 0xfffffffc}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x625d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200), &(0x7f00000001c0)) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x12, 0x1}, 0xf2e) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r6, &(0x7f0000006c40), 0x0, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) (async) accept$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f0000000500)=0x6e) (async) syz_io_uring_submit(0x0, r8, &(0x7f0000000540)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x6, 0x0, 0x0, 0x749206f6, 0x1, 0x0, {0x0, r9, r10}}, 0x4) (async) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x6, 0x1000004e, 0x80, 0x3, 0x1, 0x8, 0x0, 0x8000, 0x4}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:08:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:23 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x2000000009}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x5a68, &(0x7f00000002c0)={0x0, 0x928e, 0x20, 0xfffffffc}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000340)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x625d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x12, 0x1}, 0xf2e) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000006c40), 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r10 = accept$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f0000000500)=0x6e) syz_io_uring_submit(0x0, r8, &(0x7f0000000540)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x6, 0x0, 0x0, 0x749206f6, 0x1, 0x0, {0x0, r9, r10}}, 0x4) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x6, 0x1000004e, 0x80, 0x3, 0x1, 0x8, 0x0, 0x8000, 0x4}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x2000000009}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x5a68, &(0x7f00000002c0)={0x0, 0x928e, 0x20, 0xfffffffc}, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x625d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200), &(0x7f00000001c0)) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x12, 0x1}, 0xf2e) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r6, &(0x7f0000006c40), 0x0, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) (async) accept$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs, &(0x7f0000000500)=0x6e) (async) syz_io_uring_submit(0x0, r8, &(0x7f0000000540)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x6, 0x0, 0x0, 0x749206f6, 0x1, 0x0, {0x0, r9, r10}}, 0x4) (async) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x6, 0x1000004e, 0x80, 0x3, 0x1, 0x8, 0x0, 0x8000, 0x4}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:08:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 1) [ 2723.409670][T22680] FAULT_INJECTION: forcing a failure. [ 2723.409670][T22680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2723.422800][T22680] CPU: 0 PID: 22680 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2723.431723][T22680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2723.441844][T22680] Call Trace: [ 2723.445116][T22680] [ 2723.448080][T22680] dump_stack_lvl+0xd6/0x122 [ 2723.452661][T22680] dump_stack+0x11/0x1b [ 2723.456818][T22680] should_fail+0x23c/0x250 [ 2723.461289][T22680] should_fail_usercopy+0x16/0x20 [ 2723.466377][T22680] _copy_from_user+0x1c/0xd0 [ 2723.470988][T22680] __x64_sys_io_uring_setup+0x5d/0x130 [ 2723.476454][T22680] do_syscall_64+0x44/0xd0 [ 2723.480852][T22680] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2723.486738][T22680] RIP: 0033:0x7f381a103e99 [ 2723.491131][T22680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2723.510724][T22680] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2723.519191][T22680] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2723.527183][T22680] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2723.535135][T22680] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2723.543089][T22680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2723.551044][T22680] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2723.559070][T22680] [ 2728.138689][T22615] warn_alloc: 2 callbacks suppressed [ 2728.138703][T22615] syz-executor.2: vmalloc error: size 314068992, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2728.160705][T22615] CPU: 0 PID: 22615 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2728.169475][T22615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2728.179515][T22615] Call Trace: [ 2728.182787][T22615] [ 2728.185733][T22615] dump_stack_lvl+0xd6/0x122 [ 2728.190311][T22615] dump_stack+0x11/0x1b [ 2728.194469][T22615] warn_alloc+0x132/0x190 [ 2728.198788][T22615] ? alloc_page_interleave+0x104/0x120 [ 2728.204244][T22615] __vmalloc_node_range+0x58b/0x690 [ 2728.209463][T22615] ? xt_alloc_table_info+0x39/0x70 [ 2728.214645][T22615] __vmalloc_node+0x61/0x70 [ 2728.219179][T22615] ? xt_alloc_table_info+0x39/0x70 [ 2728.224295][T22615] kvmalloc_node+0xd2/0x110 [ 2728.228809][T22615] xt_alloc_table_info+0x39/0x70 [ 2728.233732][T22615] do_ipt_set_ctl+0x649/0x1710 [ 2728.238479][T22615] ? rmqueue_pcplist+0x157/0x1f0 [ 2728.243484][T22615] ? rmqueue+0x4a/0xd20 [ 2728.247626][T22615] ? __rcu_read_unlock+0x5c/0x290 [ 2728.252700][T22615] nf_setsockopt+0x1a6/0x1c0 [ 2728.257271][T22615] ip_setsockopt+0x2815/0x2c80 [ 2728.262077][T22615] ? _raw_spin_unlock+0x2e/0x50 [ 2728.267015][T22615] ? finish_task_switch+0xd0/0x280 [ 2728.272105][T22615] ? __schedule+0x44a/0x6a0 [ 2728.276589][T22615] ? __rcu_read_unlock+0x5c/0x290 [ 2728.281672][T22615] ? schedule+0x8b/0xb0 [ 2728.285807][T22615] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2728.291160][T22615] ? avc_has_perm+0x70/0x160 [ 2728.295758][T22615] ? avc_has_perm+0xd5/0x160 [ 2728.300331][T22615] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2728.306722][T22615] ? selinux_socket_setsockopt+0x145/0x170 [ 2728.312545][T22615] udp_setsockopt+0x83/0x90 [ 2728.317135][T22615] sock_common_setsockopt+0x5d/0x70 [ 2728.322383][T22615] ? sock_common_recvmsg+0xe0/0xe0 [ 2728.327490][T22615] __sys_setsockopt+0x209/0x2a0 [ 2728.332358][T22615] __x64_sys_setsockopt+0x62/0x70 [ 2728.337377][T22615] do_syscall_64+0x44/0xd0 [ 2728.341778][T22615] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2728.347702][T22615] RIP: 0033:0x7ff9d4f80e99 [ 2728.352094][T22615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2728.371677][T22615] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2728.380066][T22615] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2728.388015][T22615] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2728.395968][T22615] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2728.403917][T22615] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2728.411907][T22615] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2728.419867][T22615] [ 2728.422986][T22615] Mem-Info: [ 2728.426200][T22615] active_anon:312 inactive_anon:98496 isolated_anon:0 [ 2728.426200][T22615] active_file:4193 inactive_file:62948 isolated_file:0 [ 2728.426200][T22615] unevictable:0 dirty:0 writeback:0 [ 2728.426200][T22615] slab_reclaimable:5623 slab_unreclaimable:16031 [ 2728.426200][T22615] mapped:27431 shmem:587 pagetables:1177 bounce:0 [ 2728.426200][T22615] kernel_misc_reclaimable:0 [ 2728.426200][T22615] free:1716619 free_pcp:3786 free_cma:0 [ 2728.467411][T22615] Node 0 active_anon:1248kB inactive_anon:393984kB active_file:16772kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109724kB dirty:0kB writeback:0kB shmem:2348kB writeback_tmp:0kB kernel_stack:3920kB pagetables:4708kB all_unreclaimable? no [ 2728.493762][T22615] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2728.520587][T22615] lowmem_reserve[]: 0 2896 7874 7874 [ 2728.525875][T22615] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2728.554578][T22615] lowmem_reserve[]: 0 0 4978 4978 [ 2728.559621][T22615] Node 0 Normal free:3885400kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1248kB inactive_anon:393984kB active_file:16772kB inactive_file:251792kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:10096kB local_pcp:6192kB free_cma:0kB [ 2728.590017][T22615] lowmem_reserve[]: 0 0 0 0 [ 2728.594586][T22615] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2728.607276][T22615] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2728.623306][T22615] Node 0 Normal: 2*4kB (U) 14*8kB (UE) 16*16kB (UE) 5*32kB (ME) 15*64kB (ME) 25*128kB (UME) 25*256kB (UME) 73*512kB (UME) 197*1024kB (UME) 51*2048kB (UME) 862*4096kB (UM) = 3885400kB [ 2728.641755][T22615] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2728.651043][T22615] 11649 total pagecache pages [ 2728.655704][T22615] 0 pages in swap cache [ 2728.659883][T22615] Swap cache stats: add 0, delete 0, find 0/0 [ 2728.665936][T22615] Free swap = 0kB [ 2728.669653][T22615] Total swap = 0kB [ 2728.673359][T22615] 2097051 pages RAM [ 2728.677178][T22615] 0 pages HighMem/MovableOnly [ 2728.681855][T22615] 75959 pages reserved 22:08:31 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864031bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:08:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x12345}, 0x2) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:08:31 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x5) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:08:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 2) 22:08:31 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1900) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2730.881525][T22689] FAULT_INJECTION: forcing a failure. [ 2730.881525][T22689] name failslab, interval 1, probability 0, space 0, times 0 [ 2730.894210][T22689] CPU: 0 PID: 22689 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2730.902975][T22689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2730.913025][T22689] Call Trace: [ 2730.916308][T22689] [ 2730.919233][T22689] dump_stack_lvl+0xd6/0x122 [ 2730.923890][T22689] dump_stack+0x11/0x1b [ 2730.928127][T22689] should_fail+0x23c/0x250 [ 2730.932606][T22689] ? io_ring_ctx_alloc+0x35/0x58d [ 2730.937762][T22689] __should_failslab+0x81/0x90 [ 2730.942534][T22689] should_failslab+0x5/0x20 [ 2730.947237][T22689] kmem_cache_alloc_trace+0x52/0x350 [ 2730.952615][T22689] ? proc_fail_nth_write+0x127/0x150 [ 2730.958027][T22689] io_ring_ctx_alloc+0x35/0x58d [ 2730.962895][T22689] io_uring_create+0x1c8/0x754 [ 2730.967721][T22689] __x64_sys_io_uring_setup+0x118/0x130 [ 2730.973378][T22689] do_syscall_64+0x44/0xd0 [ 2730.977849][T22689] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2730.983749][T22689] RIP: 0033:0x7f381a103e99 [ 2730.988168][T22689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2731.007951][T22689] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2731.016370][T22689] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2731.024392][T22689] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 22:08:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 3) 22:08:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x12345}, 0x2) (async, rerun: 64) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (rerun: 64) pipe(&(0x7f0000000040)) [ 2731.032367][T22689] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2731.040341][T22689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2731.048355][T22689] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2731.056332][T22689] [ 2731.109829][T22705] FAULT_INJECTION: forcing a failure. [ 2731.109829][T22705] name failslab, interval 1, probability 0, space 0, times 0 [ 2731.122628][T22705] CPU: 1 PID: 22705 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2731.131393][T22705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2731.141457][T22705] Call Trace: [ 2731.144780][T22705] [ 2731.147760][T22705] dump_stack_lvl+0xd6/0x122 [ 2731.152420][T22705] dump_stack+0x11/0x1b [ 2731.156571][T22705] should_fail+0x23c/0x250 [ 2731.161039][T22705] ? io_ring_ctx_alloc+0x9f/0x58d [ 2731.166102][T22705] __should_failslab+0x81/0x90 [ 2731.170871][T22705] should_failslab+0x5/0x20 [ 2731.175375][T22705] __kmalloc+0x6f/0x370 [ 2731.179529][T22705] ? io_ring_ctx_alloc+0x35/0x58d [ 2731.184602][T22705] io_ring_ctx_alloc+0x9f/0x58d [ 2731.189554][T22705] io_uring_create+0x1c8/0x754 [ 2731.194329][T22705] __x64_sys_io_uring_setup+0x118/0x130 [ 2731.199884][T22705] do_syscall_64+0x44/0xd0 [ 2731.204485][T22705] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2731.210429][T22705] RIP: 0033:0x7f381a103e99 [ 2731.214845][T22705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2731.234432][T22705] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2731.242918][T22705] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2731.250867][T22705] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 22:08:32 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x6) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 4) [ 2731.258984][T22705] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2731.266948][T22705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2731.274980][T22705] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2731.282946][T22705] [ 2731.338226][T22714] FAULT_INJECTION: forcing a failure. [ 2731.338226][T22714] name failslab, interval 1, probability 0, space 0, times 0 [ 2731.350973][T22714] CPU: 0 PID: 22714 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2731.359803][T22714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2731.369944][T22714] Call Trace: [ 2731.373243][T22714] [ 2731.376173][T22714] dump_stack_lvl+0xd6/0x122 [ 2731.380839][T22714] dump_stack+0x11/0x1b [ 2731.384990][T22714] should_fail+0x23c/0x250 [ 2731.389480][T22714] ? io_ring_ctx_alloc+0xf2/0x58d [ 2731.394510][T22714] __should_failslab+0x81/0x90 [ 2731.399305][T22714] should_failslab+0x5/0x20 [ 2731.403809][T22714] kmem_cache_alloc_trace+0x52/0x350 [ 2731.409099][T22714] ? io_ring_ctx_alloc+0x9f/0x58d [ 2731.414183][T22714] io_ring_ctx_alloc+0xf2/0x58d [ 2731.419063][T22714] io_uring_create+0x1c8/0x754 [ 2731.423908][T22714] __x64_sys_io_uring_setup+0x118/0x130 [ 2731.429611][T22714] do_syscall_64+0x44/0xd0 [ 2731.434025][T22714] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2731.439979][T22714] RIP: 0033:0x7f381a103e99 [ 2731.444428][T22714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2731.464030][T22714] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2731.472488][T22714] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2731.480474][T22714] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 22:08:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 5) 22:08:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x12345}, 0x2) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) [ 2731.488616][T22714] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2731.496583][T22714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2731.504652][T22714] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2731.512748][T22714] [ 2731.564818][T22721] FAULT_INJECTION: forcing a failure. [ 2731.564818][T22721] name failslab, interval 1, probability 0, space 0, times 0 [ 2731.577614][T22721] CPU: 1 PID: 22721 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2731.586518][T22721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2731.596696][T22721] Call Trace: [ 2731.600019][T22721] [ 2731.602939][T22721] dump_stack_lvl+0xd6/0x122 [ 2731.607511][T22721] dump_stack+0x11/0x1b [ 2731.611658][T22721] should_fail+0x23c/0x250 [ 2731.616057][T22721] ? percpu_ref_init+0x96/0x250 [ 2731.620888][T22721] ? io_sq_offload_create+0x84e/0x84e [ 2731.626346][T22721] __should_failslab+0x81/0x90 [ 2731.631151][T22721] should_failslab+0x5/0x20 [ 2731.635648][T22721] kmem_cache_alloc_trace+0x52/0x350 [ 2731.640936][T22721] ? io_sq_offload_create+0x84e/0x84e [ 2731.646345][T22721] percpu_ref_init+0x96/0x250 [ 2731.651055][T22721] io_ring_ctx_alloc+0x137/0x58d [ 2731.656029][T22721] io_uring_create+0x1c8/0x754 [ 2731.661074][T22721] __x64_sys_io_uring_setup+0x118/0x130 [ 2731.666630][T22721] do_syscall_64+0x44/0xd0 [ 2731.671057][T22721] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2731.677187][T22721] RIP: 0033:0x7f381a103e99 [ 2731.681589][T22721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2731.701501][T22721] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2731.709903][T22721] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2731.717949][T22721] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2731.726097][T22721] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2731.734087][T22721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2731.742060][T22721] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2731.750122][T22721] 22:08:39 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864032bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:08:39 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1a00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0xffffffffffffffff, 0xfffffffa}, 0xc) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000180)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10000}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], &(0x7f00000001c0)='syzkaller\x00', 0xfffffffb, 0x2e, &(0x7f0000000200)=""/46, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x10, 0x8, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x1]}, 0x80) fcntl$dupfd(r3, 0x406, r4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:08:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:08:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 6) 22:08:39 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x7) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2739.093879][T22733] FAULT_INJECTION: forcing a failure. [ 2739.093879][T22733] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 2739.107164][T22733] CPU: 1 PID: 22733 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2739.115988][T22733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2739.126037][T22733] Call Trace: [ 2739.129332][T22733] [ 2739.132278][T22733] dump_stack_lvl+0xd6/0x122 [ 2739.136921][T22733] dump_stack+0x11/0x1b [ 2739.141094][T22733] should_fail+0x23c/0x250 [ 2739.145553][T22733] __alloc_pages+0x102/0x330 [ 2739.150146][T22733] alloc_pages+0x382/0x3d0 [ 2739.154639][T22733] __get_free_pages+0x8/0x30 [ 2739.159282][T22733] io_mem_alloc+0x2b/0x40 [ 2739.163635][T22733] io_allocate_scq_urings+0x98/0x1bb [ 2739.168934][T22733] io_uring_create+0x341/0x754 [ 2739.173737][T22733] __x64_sys_io_uring_setup+0x118/0x130 [ 2739.179398][T22733] do_syscall_64+0x44/0xd0 [ 2739.183816][T22733] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2739.189743][T22733] RIP: 0033:0x7f381a103e99 [ 2739.194236][T22733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2739.213941][T22733] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2739.222440][T22733] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2739.230414][T22733] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 22:08:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0xffffffffffffffff, 0xfffffffa}, 0xc) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000180)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10000}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], &(0x7f00000001c0)='syzkaller\x00', 0xfffffffb, 0x2e, &(0x7f0000000200)=""/46, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x10, 0x8, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x1]}, 0x80) fcntl$dupfd(r3, 0x406, r4) (async, rerun: 64) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (rerun: 64) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) pipe(&(0x7f0000000040)) (rerun: 64) 22:08:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 7) [ 2739.238383][T22733] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2739.246611][T22733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2739.254580][T22733] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2739.262554][T22733] [ 2739.314943][T22747] FAULT_INJECTION: forcing a failure. [ 2739.314943][T22747] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2739.328244][T22747] CPU: 0 PID: 22747 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2739.337062][T22747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2739.347115][T22747] Call Trace: [ 2739.350390][T22747] [ 2739.353335][T22747] dump_stack_lvl+0xd6/0x122 [ 2739.357970][T22747] dump_stack+0x11/0x1b [ 2739.362185][T22747] should_fail+0x23c/0x250 [ 2739.366682][T22747] __alloc_pages+0x102/0x330 [ 2739.371395][T22747] alloc_pages+0x382/0x3d0 [ 2739.375820][T22747] __get_free_pages+0x8/0x30 [ 2739.380465][T22747] io_mem_alloc+0x2b/0x40 [ 2739.384812][T22747] io_allocate_scq_urings+0x98/0x1bb [ 2739.390198][T22747] io_uring_create+0x341/0x754 [ 2739.394979][T22747] __x64_sys_io_uring_setup+0x118/0x130 [ 2739.400654][T22747] do_syscall_64+0x44/0xd0 [ 2739.405079][T22747] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2739.411003][T22747] RIP: 0033:0x7f381a103e99 [ 2739.415490][T22747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2739.435097][T22747] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2739.443510][T22747] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2739.451494][T22747] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 22:08:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 8) [ 2739.459470][T22747] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2739.467442][T22747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2739.475416][T22747] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2739.483433][T22747] [ 2739.506710][T22749] FAULT_INJECTION: forcing a failure. [ 2739.506710][T22749] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2739.519975][T22749] CPU: 0 PID: 22749 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2739.528790][T22749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2739.538857][T22749] Call Trace: [ 2739.542150][T22749] [ 2739.545086][T22749] dump_stack_lvl+0xd6/0x122 [ 2739.549678][T22749] dump_stack+0x11/0x1b 22:08:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0xffffffffffffffff, 0xfffffffa}, 0xc) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000180)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10000}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], &(0x7f00000001c0)='syzkaller\x00', 0xfffffffb, 0x2e, &(0x7f0000000200)=""/46, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x10, 0x8, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x1]}, 0x80) fcntl$dupfd(r3, 0x406, r4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0xffffffffffffffff, 0xfffffffa}, 0xc) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000180)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10000}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], &(0x7f00000001c0)='syzkaller\x00', 0xfffffffb, 0x2e, &(0x7f0000000200)=""/46, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x10, 0x8, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x1]}, 0x80) (async) fcntl$dupfd(r3, 0x406, r4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) [ 2739.554084][T22749] should_fail+0x23c/0x250 [ 2739.558615][T22749] __alloc_pages+0x102/0x330 [ 2739.563271][T22749] alloc_pages+0x382/0x3d0 [ 2739.567684][T22749] __get_free_pages+0x8/0x30 [ 2739.572281][T22749] io_mem_alloc+0x2b/0x40 [ 2739.576657][T22749] io_allocate_scq_urings+0x154/0x1bb [ 2739.582033][T22749] io_uring_create+0x341/0x754 [ 2739.586837][T22749] __x64_sys_io_uring_setup+0x118/0x130 [ 2739.592397][T22749] do_syscall_64+0x44/0xd0 [ 2739.596900][T22749] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2739.602800][T22749] RIP: 0033:0x7f381a103e99 [ 2739.607265][T22749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2739.626870][T22749] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2739.635286][T22749] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2739.643256][T22749] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 22:08:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 9) [ 2739.651365][T22749] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2739.659347][T22749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2739.667514][T22749] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2739.675488][T22749] 22:08:40 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1b00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2739.698304][T22754] FAULT_INJECTION: forcing a failure. [ 2739.698304][T22754] name failslab, interval 1, probability 0, space 0, times 0 [ 2739.711038][T22754] CPU: 0 PID: 22754 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2739.719957][T22754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2739.730086][T22754] Call Trace: [ 2739.733359][T22754] [ 2739.736293][T22754] dump_stack_lvl+0xd6/0x122 [ 2739.740931][T22754] dump_stack+0x11/0x1b [ 2739.745204][T22754] should_fail+0x23c/0x250 [ 2739.749884][T22754] ? io_sq_offload_create+0x1aa/0x84e [ 2739.755333][T22754] __should_failslab+0x81/0x90 [ 2739.760141][T22754] should_failslab+0x5/0x20 [ 2739.764644][T22754] kmem_cache_alloc_trace+0x52/0x350 [ 2739.769975][T22754] io_sq_offload_create+0x1aa/0x84e [ 2739.775177][T22754] ? __get_free_pages+0x8/0x30 [ 2739.779970][T22754] ? io_mem_alloc+0x2b/0x40 [ 2739.784506][T22754] ? io_allocate_scq_urings+0x16e/0x1bb [ 2739.790063][T22754] io_uring_create+0x35f/0x754 [ 2739.794833][T22754] __x64_sys_io_uring_setup+0x118/0x130 [ 2739.800525][T22754] do_syscall_64+0x44/0xd0 [ 2739.805020][T22754] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2739.810951][T22754] RIP: 0033:0x7f381a103e99 [ 2739.815372][T22754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2739.835058][T22754] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2739.843561][T22754] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2739.851537][T22754] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2739.859667][T22754] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2739.867633][T22754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2739.875666][T22754] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2739.883751][T22754] [ 2744.678671][T22737] warn_alloc: 1 callbacks suppressed [ 2744.678685][T22737] syz-executor.2: vmalloc error: size 314171392, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2744.700941][T22737] CPU: 1 PID: 22737 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2744.709694][T22737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2744.719727][T22737] Call Trace: [ 2744.722984][T22737] [ 2744.725890][T22737] dump_stack_lvl+0xd6/0x122 [ 2744.730472][T22737] dump_stack+0x11/0x1b [ 2744.734621][T22737] warn_alloc+0x132/0x190 [ 2744.738932][T22737] __vmalloc_node_range+0x58b/0x690 [ 2744.744212][T22737] ? xt_alloc_table_info+0x39/0x70 [ 2744.749307][T22737] __vmalloc_node+0x61/0x70 [ 2744.754020][T22737] ? xt_alloc_table_info+0x39/0x70 [ 2744.759179][T22737] kvmalloc_node+0xd2/0x110 [ 2744.763676][T22737] xt_alloc_table_info+0x39/0x70 [ 2744.768616][T22737] do_ipt_set_ctl+0x649/0x1710 [ 2744.773396][T22737] ? __rcu_read_unlock+0x5c/0x290 [ 2744.778403][T22737] nf_setsockopt+0x1a6/0x1c0 [ 2744.783029][T22737] ip_setsockopt+0x2815/0x2c80 [ 2744.787865][T22737] ? enqueue_entity+0x4bf/0x6c0 [ 2744.792702][T22737] ? reweight_entity+0x22/0xf0 [ 2744.797443][T22737] ? enqueue_task_fair+0x443/0x520 [ 2744.802577][T22737] ? __rcu_read_unlock+0x5c/0x290 [ 2744.807581][T22737] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2744.812969][T22737] ? avc_has_perm+0x70/0x160 [ 2744.817594][T22737] ? avc_has_perm+0xd5/0x160 [ 2744.822242][T22737] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2744.828555][T22737] ? selinux_socket_setsockopt+0x145/0x170 [ 2744.834346][T22737] udp_setsockopt+0x83/0x90 [ 2744.838834][T22737] sock_common_setsockopt+0x5d/0x70 [ 2744.844028][T22737] ? sock_common_recvmsg+0xe0/0xe0 [ 2744.849122][T22737] __sys_setsockopt+0x209/0x2a0 [ 2744.854015][T22737] __x64_sys_setsockopt+0x62/0x70 [ 2744.859022][T22737] do_syscall_64+0x44/0xd0 [ 2744.863430][T22737] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2744.869375][T22737] RIP: 0033:0x7ff9d4f80e99 [ 2744.873787][T22737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2744.893370][T22737] RSP: 002b:00007ff9d40d6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2744.901760][T22737] RAX: ffffffffffffffda RBX: 00007ff9d5094030 RCX: 00007ff9d4f80e99 [ 2744.909711][T22737] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2744.917699][T22737] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2744.925654][T22737] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2744.933658][T22737] R13: 00007fffaa92d4ef R14: 00007ff9d40d6300 R15: 0000000000022000 [ 2744.941696][T22737] [ 2744.944852][T22737] Mem-Info: [ 2744.947945][T22737] active_anon:320 inactive_anon:98638 isolated_anon:0 [ 2744.947945][T22737] active_file:4198 inactive_file:62949 isolated_file:0 [ 2744.947945][T22737] unevictable:0 dirty:0 writeback:0 [ 2744.947945][T22737] slab_reclaimable:5637 slab_unreclaimable:16074 [ 2744.947945][T22737] mapped:27489 shmem:595 pagetables:1188 bounce:0 [ 2744.947945][T22737] kernel_misc_reclaimable:0 [ 2744.947945][T22737] free:1717228 free_pcp:2865 free_cma:0 [ 2744.989251][T22737] Node 0 active_anon:1280kB inactive_anon:394552kB active_file:16792kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2380kB writeback_tmp:0kB kernel_stack:3936kB pagetables:4752kB all_unreclaimable? no [ 2745.015717][T22737] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2745.042655][T22737] lowmem_reserve[]: 0 2896 7874 7874 [ 2745.047947][T22737] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2745.076891][T22737] lowmem_reserve[]: 0 0 4978 4978 [ 2745.081966][T22737] Node 0 Normal free:3887836kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1280kB inactive_anon:394552kB active_file:16792kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:6416kB local_pcp:1668kB free_cma:0kB [ 2745.112356][T22737] lowmem_reserve[]: 0 0 0 0 [ 2745.116896][T22737] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2745.129620][T22737] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2745.145782][T22737] Node 0 Normal: 683*4kB (UME) 328*8kB (UME) 179*16kB (UME) 64*32kB (UME) 27*64kB (UME) 20*128kB (UME) 10*256kB (ME) 64*512kB (UME) 196*1024kB (UME) 52*2048kB (UME) 862*4096kB (UM) = 3887836kB [ 2745.165163][T22737] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2745.174637][T22737] 11663 total pagecache pages [ 2745.179333][T22737] 0 pages in swap cache [ 2745.183482][T22737] Swap cache stats: add 0, delete 0, find 0/0 [ 2745.189542][T22737] Free swap = 0kB [ 2745.193246][T22737] Total swap = 0kB [ 2745.196946][T22737] 2097051 pages RAM [ 2745.200759][T22737] 0 pages HighMem/MovableOnly [ 2745.205441][T22737] 75959 pages reserved 22:08:48 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864036bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:08:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000634000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r5, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r4}, 0x8) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x6, 0x0, r5, &(0x7f0000000080), r6, 0x1, 0x0, 0x1, {0x0, r8}}, 0x8) 22:08:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 10) 22:08:48 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(0x0) r3 = socket(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:08:48 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:48 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1c00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2747.502374][T22767] FAULT_INJECTION: forcing a failure. [ 2747.502374][T22767] name failslab, interval 1, probability 0, space 0, times 0 [ 2747.515057][T22767] CPU: 1 PID: 22767 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2747.523860][T22767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2747.533917][T22767] Call Trace: [ 2747.537191][T22767] [ 2747.540185][T22767] dump_stack_lvl+0xd6/0x122 [ 2747.544782][T22767] dump_stack+0x11/0x1b [ 2747.549007][T22767] should_fail+0x23c/0x250 [ 2747.553483][T22767] __should_failslab+0x81/0x90 [ 2747.558317][T22767] should_failslab+0x5/0x20 [ 2747.562883][T22767] kmem_cache_alloc_node_trace+0x61/0x310 [ 2747.568605][T22767] ? __get_vm_area_node+0x11b/0x240 [ 2747.573900][T22767] __get_vm_area_node+0x11b/0x240 [ 2747.578923][T22767] __vmalloc_node_range+0xb4/0x690 [ 2747.584089][T22767] ? copy_process+0x3f4/0x2fd0 [ 2747.588879][T22767] ? kmem_cache_alloc_node+0x2af/0x2d0 [ 2747.594380][T22767] ? dup_task_struct+0x63/0x680 [ 2747.599234][T22767] dup_task_struct+0x496/0x680 [ 2747.604120][T22767] ? copy_process+0x3f4/0x2fd0 [ 2747.608938][T22767] copy_process+0x3f4/0x2fd0 [ 2747.613559][T22767] ? __rcu_read_unlock+0x5c/0x290 [ 2747.618612][T22767] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2747.623988][T22767] ? io_mem_alloc+0x40/0x40 [ 2747.628490][T22767] create_io_thread+0x95/0xc0 [ 2747.633212][T22767] ? io_mem_alloc+0x40/0x40 [ 2747.637759][T22767] io_sq_offload_create+0x7a5/0x84e [ 2747.642982][T22767] io_uring_create+0x35f/0x754 [ 2747.648000][T22767] __x64_sys_io_uring_setup+0x118/0x130 [ 2747.653551][T22767] do_syscall_64+0x44/0xd0 [ 2747.657970][T22767] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2747.663868][T22767] RIP: 0033:0x7f381a103e99 [ 2747.668304][T22767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2747.687917][T22767] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 22:08:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r3 = mmap$IORING_OFF_SQES(&(0x7f0000634000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) (async) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r5, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r4}, 0x8) (async) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) (async) syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x6, 0x0, r5, &(0x7f0000000080), r6, 0x1, 0x0, 0x1, {0x0, r8}}, 0x8) 22:08:48 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(0x0) r3 = socket(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:08:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 11) [ 2747.696345][T22767] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2747.704335][T22767] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2747.712307][T22767] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2747.720271][T22767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2747.728303][T22767] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2747.736362][T22767] [ 2747.793717][T22798] FAULT_INJECTION: forcing a failure. [ 2747.793717][T22798] name failslab, interval 1, probability 0, space 0, times 0 [ 2747.806399][T22798] CPU: 1 PID: 22798 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2747.815174][T22798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2747.825228][T22798] Call Trace: [ 2747.828506][T22798] [ 2747.831440][T22798] dump_stack_lvl+0xd6/0x122 [ 2747.836096][T22798] dump_stack+0x11/0x1b [ 2747.840248][T22798] should_fail+0x23c/0x250 [ 2747.844740][T22798] ? io_uring_alloc_task_context+0x49/0x2d0 [ 2747.850638][T22798] __should_failslab+0x81/0x90 [ 2747.855455][T22798] should_failslab+0x5/0x20 [ 2747.859996][T22798] kmem_cache_alloc_trace+0x52/0x350 [ 2747.865322][T22798] io_uring_alloc_task_context+0x49/0x2d0 [ 2747.871039][T22798] ? io_mem_alloc+0x40/0x40 [ 2747.875534][T22798] io_sq_offload_create+0x7f8/0x84e [ 2747.880735][T22798] io_uring_create+0x35f/0x754 [ 2747.885572][T22798] __x64_sys_io_uring_setup+0x118/0x130 [ 2747.891139][T22798] do_syscall_64+0x44/0xd0 [ 2747.895676][T22798] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2747.901663][T22798] RIP: 0033:0x7f381a103e99 [ 2747.906115][T22798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2747.925806][T22798] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2747.934249][T22798] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 22:08:48 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x9) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 32) r3 = mmap$IORING_OFF_SQES(&(0x7f0000634000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000) (async, rerun: 32) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 64) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD, 0x0) (async, rerun: 32) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) fcntl$lock(r5, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async, rerun: 64) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r4}, 0x8) (async, rerun: 64) r7 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) (async, rerun: 32) syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x6, 0x0, r5, &(0x7f0000000080), r6, 0x1, 0x0, 0x1, {0x0, r8}}, 0x8) (rerun: 32) 22:08:48 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(0x0) r3 = socket(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x4ffe0, 0x0) [ 2747.942219][T22798] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2747.950189][T22798] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2747.958216][T22798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2747.966297][T22798] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2747.974292][T22798] 22:08:54 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864041bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:08:54 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1d00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:08:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 12) 22:08:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x0, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:08:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) setrlimit(0xd, &(0x7f0000000080)={0x9, 0xff}) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r5, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r4, 0x0, r5, 0x2) clone3(&(0x7f0000000380)={0x2040c0200, &(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000480), {0x3a}, &(0x7f0000000240)=""/17, 0x11, &(0x7f0000000280)=""/2, &(0x7f0000000340)=[0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6, {r3}}, 0x58) sched_setattr(r6, &(0x7f0000000400)={0x38, 0x4, 0x20, 0x80000001, 0x7f, 0x5, 0x200, 0xd9, 0x6}, 0x0) io_uring_enter(r5, 0x589d, 0xcb62, 0x1, &(0x7f0000000200)={[0x6]}, 0x8) r7 = io_uring_setup(0x3b81, &(0x7f0000000e00)={0x0, 0x18e0, 0x1, 0x1}) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r1, r2, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000c80), &(0x7f00000004c0)='./file0\x00', 0x400, 0x400, 0x1, {0x0, r8}}, 0x6) 22:08:54 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xa) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2753.224196][T22832] FAULT_INJECTION: forcing a failure. [ 2753.224196][T22832] name failslab, interval 1, probability 0, space 0, times 0 [ 2753.236836][T22832] CPU: 1 PID: 22832 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2753.245704][T22832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2753.255755][T22832] Call Trace: [ 2753.259026][T22832] [ 2753.261952][T22832] dump_stack_lvl+0xd6/0x122 [ 2753.266542][T22832] dump_stack+0x11/0x1b [ 2753.270694][T22832] should_fail+0x23c/0x250 [ 2753.275265][T22832] __should_failslab+0x81/0x90 [ 2753.280067][T22832] should_failslab+0x5/0x20 [ 2753.284574][T22832] kmem_cache_alloc_node+0x61/0x2d0 [ 2753.289848][T22832] ? alloc_vmap_area+0x530/0x1230 [ 2753.294884][T22832] alloc_vmap_area+0x530/0x1230 [ 2753.299761][T22832] __get_vm_area_node+0x165/0x240 [ 2753.304794][T22832] __vmalloc_node_range+0xb4/0x690 [ 2753.309905][T22832] ? copy_process+0x3f4/0x2fd0 [ 2753.314675][T22832] ? kmem_cache_alloc_node+0x2af/0x2d0 [ 2753.320241][T22832] ? dup_task_struct+0x63/0x680 [ 2753.325106][T22832] dup_task_struct+0x496/0x680 [ 2753.329881][T22832] ? copy_process+0x3f4/0x2fd0 [ 2753.334681][T22832] copy_process+0x3f4/0x2fd0 [ 2753.339303][T22832] ? __rcu_read_unlock+0x5c/0x290 [ 2753.344366][T22832] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2753.349884][T22832] ? io_mem_alloc+0x40/0x40 [ 2753.354484][T22832] create_io_thread+0x95/0xc0 [ 2753.359278][T22832] ? io_mem_alloc+0x40/0x40 [ 2753.363944][T22832] io_sq_offload_create+0x7a5/0x84e [ 2753.369150][T22832] io_uring_create+0x35f/0x754 22:08:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) setrlimit(0xd, &(0x7f0000000080)={0x9, 0xff}) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r5, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r4, 0x0, r5, 0x2) clone3(&(0x7f0000000380)={0x2040c0200, &(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000480), {0x3a}, &(0x7f0000000240)=""/17, 0x11, &(0x7f0000000280)=""/2, &(0x7f0000000340)=[0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6, {r3}}, 0x58) sched_setattr(r6, &(0x7f0000000400)={0x38, 0x4, 0x20, 0x80000001, 0x7f, 0x5, 0x200, 0xd9, 0x6}, 0x0) io_uring_enter(r5, 0x589d, 0xcb62, 0x1, &(0x7f0000000200)={[0x6]}, 0x8) r7 = io_uring_setup(0x3b81, &(0x7f0000000e00)={0x0, 0x18e0, 0x1, 0x1}) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) syz_io_uring_submit(r1, r2, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000c80), &(0x7f00000004c0)='./file0\x00', 0x400, 0x400, 0x1, {0x0, r8}}, 0x6) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) setrlimit(0xd, &(0x7f0000000080)={0x9, 0xff}) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) (async) write$binfmt_elf32(r5, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r4, 0x0, r5, 0x2) (async) clone3(&(0x7f0000000380)={0x2040c0200, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000480), {0x3a}, &(0x7f0000000240)=""/17, 0x11, &(0x7f0000000280)=""/2, &(0x7f0000000340)=[0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6, {r3}}, 0x58) (async) sched_setattr(r6, &(0x7f0000000400)={0x38, 0x4, 0x20, 0x80000001, 0x7f, 0x5, 0x200, 0xd9, 0x6}, 0x0) (async) io_uring_enter(r5, 0x589d, 0xcb62, 0x1, &(0x7f0000000200)={[0x6]}, 0x8) (async) io_uring_setup(0x3b81, &(0x7f0000000e00)={0x0, 0x18e0, 0x1, 0x1}) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (async) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) (async) syz_io_uring_submit(r1, r2, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000c80), &(0x7f00000004c0)='./file0\x00', 0x400, 0x400, 0x1, {0x0, r8}}, 0x6) (async) 22:08:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async, rerun: 32) setrlimit(0xd, &(0x7f0000000080)={0x9, 0xff}) (async, rerun: 32) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) pipe(&(0x7f0000000040)={0xffffffffffffffff}) (async, rerun: 32) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r5, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r4, 0x0, r5, 0x2) (async, rerun: 64) clone3(&(0x7f0000000380)={0x2040c0200, &(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000480), {0x3a}, &(0x7f0000000240)=""/17, 0x11, &(0x7f0000000280)=""/2, &(0x7f0000000340)=[0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6, {r3}}, 0x58) (rerun: 64) sched_setattr(r6, &(0x7f0000000400)={0x38, 0x4, 0x20, 0x80000001, 0x7f, 0x5, 0x200, 0xd9, 0x6}, 0x0) io_uring_enter(r5, 0x589d, 0xcb62, 0x1, &(0x7f0000000200)={[0x6]}, 0x8) r7 = io_uring_setup(0x3b81, &(0x7f0000000e00)={0x0, 0x18e0, 0x1, 0x1}) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) (async) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r9 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r9, 0x13, 0x200000ce, r8) (async) syz_io_uring_submit(r1, r2, &(0x7f0000000540)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000c80), &(0x7f00000004c0)='./file0\x00', 0x400, 0x400, 0x1, {0x0, r8}}, 0x6) 22:08:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x0, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) [ 2753.373964][T22832] __x64_sys_io_uring_setup+0x118/0x130 [ 2753.380214][T22832] do_syscall_64+0x44/0xd0 [ 2753.384629][T22832] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2753.390790][T22832] RIP: 0033:0x7f381a103e99 [ 2753.395246][T22832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2753.414951][T22832] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 22:08:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 13) [ 2753.423383][T22832] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2753.431375][T22832] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2753.439347][T22832] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2753.447328][T22832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2753.455291][T22832] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2753.463320][T22832] 22:08:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x0, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) [ 2753.512075][T22859] FAULT_INJECTION: forcing a failure. [ 2753.512075][T22859] name failslab, interval 1, probability 0, space 0, times 0 [ 2753.524791][T22859] CPU: 1 PID: 22859 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2753.533635][T22859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2753.543727][T22859] Call Trace: [ 2753.547000][T22859] [ 2753.549920][T22859] dump_stack_lvl+0xd6/0x122 [ 2753.554511][T22859] dump_stack+0x11/0x1b [ 2753.558664][T22859] should_fail+0x23c/0x250 [ 2753.563081][T22859] ? io_wq_create+0x7b/0x6f0 [ 2753.567705][T22859] __should_failslab+0x81/0x90 [ 2753.572466][T22859] should_failslab+0x5/0x20 [ 2753.576995][T22859] __kmalloc+0x6f/0x370 [ 2753.581155][T22859] io_wq_create+0x7b/0x6f0 [ 2753.585570][T22859] ? kmem_cache_alloc_trace+0x24b/0x350 [ 2753.591116][T22859] ? io_uring_alloc_task_context+0xef/0x2d0 [ 2753.597084][T22859] io_uring_alloc_task_context+0x19d/0x2d0 [ 2753.602892][T22859] ? io_wq_free_work+0xd0/0xd0 [ 2753.607671][T22859] ? tctx_task_work+0x410/0x410 [ 2753.612519][T22859] io_sq_offload_create+0x7f8/0x84e [ 2753.617718][T22859] io_uring_create+0x35f/0x754 [ 2753.622479][T22859] __x64_sys_io_uring_setup+0x118/0x130 [ 2753.628555][T22859] do_syscall_64+0x44/0xd0 [ 2753.632967][T22859] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2753.638925][T22859] RIP: 0033:0x7f381a103e99 [ 2753.643437][T22859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2753.663305][T22859] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2753.671719][T22859] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2753.679744][T22859] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2753.687716][T22859] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2753.695723][T22859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2753.703778][T22859] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:08:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 14) [ 2753.711892][T22859] [ 2753.774604][T22874] FAULT_INJECTION: forcing a failure. [ 2753.774604][T22874] name failslab, interval 1, probability 0, space 0, times 0 [ 2753.787264][T22874] CPU: 1 PID: 22874 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2753.796100][T22874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2753.806191][T22874] Call Trace: [ 2753.809479][T22874] [ 2753.812482][T22874] dump_stack_lvl+0xd6/0x122 [ 2753.817148][T22874] dump_stack+0x11/0x1b [ 2753.821307][T22874] should_fail+0x23c/0x250 [ 2753.825731][T22874] __should_failslab+0x81/0x90 [ 2753.830491][T22874] should_failslab+0x5/0x20 [ 2753.835143][T22874] kmem_cache_alloc_node_trace+0x61/0x310 [ 2753.840861][T22874] ? __cpuhp_state_add_instance_cpuslocked+0x1dc/0x330 [ 2753.847761][T22874] ? __cpuhp_state_add_instance+0x87/0x170 [ 2753.853686][T22874] ? io_wq_create+0x217/0x6f0 [ 2753.858371][T22874] io_wq_create+0x217/0x6f0 [ 2753.862950][T22874] io_uring_alloc_task_context+0x19d/0x2d0 [ 2753.868829][T22874] ? io_wq_free_work+0xd0/0xd0 [ 2753.873600][T22874] ? tctx_task_work+0x410/0x410 [ 2753.878489][T22874] io_sq_offload_create+0x7f8/0x84e [ 2753.883741][T22874] io_uring_create+0x35f/0x754 [ 2753.888512][T22874] __x64_sys_io_uring_setup+0x118/0x130 [ 2753.894067][T22874] do_syscall_64+0x44/0xd0 [ 2753.898495][T22874] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2753.904403][T22874] RIP: 0033:0x7f381a103e99 [ 2753.908879][T22874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2753.928512][T22874] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2753.936929][T22874] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2753.944899][T22874] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2753.952881][T22874] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2753.960847][T22874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2753.968818][T22874] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2753.976843][T22874] [ 2758.908680][T22845] warn_alloc: 2 callbacks suppressed [ 2758.908694][T22845] syz-executor.2: vmalloc error: size 314195968, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2758.930650][T22845] CPU: 1 PID: 22845 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2758.939403][T22845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2758.949444][T22845] Call Trace: [ 2758.952705][T22845] [ 2758.955617][T22845] dump_stack_lvl+0xd6/0x122 [ 2758.960362][T22845] dump_stack+0x11/0x1b [ 2758.964496][T22845] warn_alloc+0x132/0x190 [ 2758.968806][T22845] ? alloc_page_interleave+0x104/0x120 [ 2758.974244][T22845] __vmalloc_node_range+0x58b/0x690 [ 2758.979598][T22845] ? xt_alloc_table_info+0x39/0x70 [ 2758.984763][T22845] __vmalloc_node+0x61/0x70 [ 2758.989278][T22845] ? xt_alloc_table_info+0x39/0x70 [ 2758.994438][T22845] kvmalloc_node+0xd2/0x110 [ 2758.998969][T22845] xt_alloc_table_info+0x39/0x70 [ 2759.003911][T22845] do_ipt_set_ctl+0x649/0x1710 [ 2759.008657][T22845] ? rmqueue_pcplist+0x157/0x1f0 [ 2759.013684][T22845] ? rmqueue+0x4a/0xd20 [ 2759.017842][T22845] ? __rcu_read_unlock+0x5c/0x290 [ 2759.022847][T22845] nf_setsockopt+0x1a6/0x1c0 [ 2759.027502][T22845] ip_setsockopt+0x2815/0x2c80 [ 2759.032242][T22845] ? _raw_spin_unlock+0x2e/0x50 [ 2759.037087][T22845] ? finish_task_switch+0xd0/0x280 [ 2759.042199][T22845] ? __schedule+0x44a/0x6a0 [ 2759.046696][T22845] ? __rcu_read_unlock+0x5c/0x290 [ 2759.051773][T22845] ? schedule+0x8b/0xb0 [ 2759.056012][T22845] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2759.061409][T22845] ? avc_has_perm+0x70/0x160 [ 2759.066090][T22845] ? avc_has_perm+0xd5/0x160 [ 2759.070671][T22845] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2759.077034][T22845] ? selinux_socket_setsockopt+0x145/0x170 [ 2759.082868][T22845] udp_setsockopt+0x83/0x90 [ 2759.087407][T22845] sock_common_setsockopt+0x5d/0x70 [ 2759.092591][T22845] ? sock_common_recvmsg+0xe0/0xe0 [ 2759.097681][T22845] __sys_setsockopt+0x209/0x2a0 [ 2759.102573][T22845] __x64_sys_setsockopt+0x62/0x70 [ 2759.107587][T22845] do_syscall_64+0x44/0xd0 [ 2759.112019][T22845] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2759.117934][T22845] RIP: 0033:0x7ff9d4f80e99 [ 2759.122384][T22845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2759.141999][T22845] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2759.150441][T22845] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2759.158394][T22845] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2759.166366][T22845] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2759.174317][T22845] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2759.182267][T22845] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2759.190289][T22845] [ 2759.193361][T22845] Mem-Info: [ 2759.196454][T22845] active_anon:277 inactive_anon:98478 isolated_anon:0 [ 2759.196454][T22845] active_file:4205 inactive_file:62948 isolated_file:0 [ 2759.196454][T22845] unevictable:0 dirty:15 writeback:0 [ 2759.196454][T22845] slab_reclaimable:5636 slab_unreclaimable:16127 [ 2759.196454][T22845] mapped:27425 shmem:553 pagetables:1166 bounce:0 [ 2759.196454][T22845] kernel_misc_reclaimable:0 [ 2759.196454][T22845] free:1717067 free_pcp:3211 free_cma:0 [ 2759.237892][T22845] Node 0 active_anon:1108kB inactive_anon:393912kB active_file:16820kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:60kB writeback:0kB shmem:2212kB writeback_tmp:0kB kernel_stack:3904kB pagetables:4664kB all_unreclaimable? no [ 2759.264355][T22845] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2759.291139][T22845] lowmem_reserve[]: 0 2896 7874 7874 [ 2759.296534][T22845] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2759.325135][T22845] lowmem_reserve[]: 0 0 4978 4978 [ 2759.330188][T22845] Node 0 Normal free:3887192kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1108kB inactive_anon:393912kB active_file:16820kB inactive_file:251792kB unevictable:0kB writepending:60kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:7800kB local_pcp:1784kB free_cma:0kB [ 2759.360550][T22845] lowmem_reserve[]: 0 0 0 0 [ 2759.365053][T22845] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2759.377729][T22845] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2759.393759][T22845] Node 0 Normal: 31*4kB (UME) 23*8kB (UME) 150*16kB (UME) 48*32kB (UME) 27*64kB (UME) 26*128kB (UME) 23*256kB (ME) 65*512kB (UME) 195*1024kB (UME) 53*2048kB (UME) 862*4096kB (UM) = 3887444kB [ 2759.412596][T22845] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2759.421884][T22845] 11628 total pagecache pages [ 2759.426545][T22845] 0 pages in swap cache [ 2759.430695][T22845] Swap cache stats: add 0, delete 0, find 0/0 [ 2759.436753][T22845] Free swap = 0kB [ 2759.440478][T22845] Total swap = 0kB [ 2759.444181][T22845] 2097051 pages RAM [ 2759.447958][T22845] 0 pages HighMem/MovableOnly [ 2759.452667][T22845] 75959 pages reserved 22:09:02 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864042bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:09:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x0, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:09:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 15) 22:09:02 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1e00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:02 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xb) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:02 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffd}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000635000/0x2000)=nil, 0x2000, 0x5, 0x11, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0xffffffff, &(0x7f0000000180)=[r0, 0xffffffffffffffff, r0], 0x3}, 0xc524) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x4d1c049763449a60, 0x4, 0x3, 0xc585, 0x9ee, 0x2, 0x401, 0x1c5, 0xffffffff}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r6, &(0x7f0000000200)=@IORING_OP_FALLOCATE={0x11, 0x2, 0x0, @fd_index=0x8, 0x4, 0x0, 0x5, 0x0, 0x0, {0x0, r7}}, 0x2804) pipe(&(0x7f0000000040)) [ 2761.494899][T22891] FAULT_INJECTION: forcing a failure. [ 2761.494899][T22891] name failslab, interval 1, probability 0, space 0, times 0 [ 2761.507528][T22891] CPU: 0 PID: 22891 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2761.516402][T22891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2761.526593][T22891] Call Trace: [ 2761.529894][T22891] [ 2761.532826][T22891] dump_stack_lvl+0xd6/0x122 [ 2761.537420][T22891] dump_stack+0x11/0x1b [ 2761.541574][T22891] should_fail+0x23c/0x250 [ 2761.546070][T22891] ? alloc_pid+0x6c/0x6d0 [ 2761.550484][T22891] __should_failslab+0x81/0x90 [ 2761.555258][T22891] should_failslab+0x5/0x20 [ 2761.559794][T22891] kmem_cache_alloc+0x4f/0x320 [ 2761.564568][T22891] ? avc_has_perm+0xd5/0x160 [ 2761.569168][T22891] alloc_pid+0x6c/0x6d0 [ 2761.573409][T22891] ? copy_thread+0x13f/0x220 [ 2761.578004][T22891] copy_process+0x17e9/0x2fd0 [ 2761.582744][T22891] ? io_mem_alloc+0x40/0x40 [ 2761.587300][T22891] create_io_thread+0x95/0xc0 [ 2761.592003][T22891] ? io_mem_alloc+0x40/0x40 [ 2761.596515][T22891] io_sq_offload_create+0x7a5/0x84e [ 2761.601718][T22891] io_uring_create+0x35f/0x754 [ 2761.606565][T22891] __x64_sys_io_uring_setup+0x118/0x130 [ 2761.612198][T22891] do_syscall_64+0x44/0xd0 [ 2761.616617][T22891] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2761.622520][T22891] RIP: 0033:0x7f381a103e99 22:09:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x0, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) [ 2761.626930][T22891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2761.646544][T22891] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2761.654967][T22891] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2761.662942][T22891] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2761.670931][T22891] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2761.678907][T22891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2761.686886][T22891] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:09:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 16) 22:09:02 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffd}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000635000/0x2000)=nil, 0x2000, 0x5, 0x11, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0xffffffff, &(0x7f0000000180)=[r0, 0xffffffffffffffff, r0], 0x3}, 0xc524) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x4d1c049763449a60, 0x4, 0x3, 0xc585, 0x9ee, 0x2, 0x401, 0x1c5, 0xffffffff}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) (async) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r6, &(0x7f0000000200)=@IORING_OP_FALLOCATE={0x11, 0x2, 0x0, @fd_index=0x8, 0x4, 0x0, 0x5, 0x0, 0x0, {0x0, r7}}, 0x2804) pipe(&(0x7f0000000040)) [ 2761.694949][T22891] 22:09:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x0, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:09:02 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffd}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000635000/0x2000)=nil, 0x2000, 0x5, 0x11, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0xffffffff, &(0x7f0000000180)=[r0, 0xffffffffffffffff, r0], 0x3}, 0xc524) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x4d1c049763449a60, 0x4, 0x3, 0xc585, 0x9ee, 0x2, 0x401, 0x1c5, 0xffffffff}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) (async) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r6, &(0x7f0000000200)=@IORING_OP_FALLOCATE={0x11, 0x2, 0x0, @fd_index=0x8, 0x4, 0x0, 0x5, 0x0, 0x0, {0x0, r7}}, 0x2804) pipe(&(0x7f0000000040)) [ 2761.761916][T22927] FAULT_INJECTION: forcing a failure. [ 2761.761916][T22927] name failslab, interval 1, probability 0, space 0, times 0 [ 2761.774560][T22927] CPU: 0 PID: 22927 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2761.783355][T22927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2761.793412][T22927] Call Trace: [ 2761.796695][T22927] [ 2761.799636][T22927] dump_stack_lvl+0xd6/0x122 [ 2761.804258][T22927] dump_stack+0x11/0x1b 22:09:02 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1f00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2761.808417][T22927] should_fail+0x23c/0x250 [ 2761.812852][T22927] ? percpu_ref_init+0x96/0x250 [ 2761.817790][T22927] ? kzalloc+0x21/0x21 [ 2761.821863][T22927] __should_failslab+0x81/0x90 [ 2761.826646][T22927] should_failslab+0x5/0x20 [ 2761.831153][T22927] kmem_cache_alloc_trace+0x52/0x350 [ 2761.836450][T22927] ? kzalloc+0x21/0x21 [ 2761.840639][T22927] percpu_ref_init+0x96/0x250 [ 2761.845376][T22927] io_rsrc_node_switch_start+0x71/0x110 [ 2761.850924][T22927] io_uring_create+0x37a/0x754 [ 2761.855698][T22927] __x64_sys_io_uring_setup+0x118/0x130 [ 2761.861260][T22927] do_syscall_64+0x44/0xd0 [ 2761.865709][T22927] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2761.871637][T22927] RIP: 0033:0x7f381a103e99 [ 2761.876077][T22927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2761.895775][T22927] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2761.904228][T22927] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2761.912304][T22927] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2761.920276][T22927] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2761.928249][T22927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2761.936395][T22927] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2761.944421][T22927] 22:09:10 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864060bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:09:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x20}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000635000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:09:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xc) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = socket(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:09:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 17) 22:09:10 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2769.715817][T22949] FAULT_INJECTION: forcing a failure. [ 2769.715817][T22949] name failslab, interval 1, probability 0, space 0, times 0 [ 2769.728538][T22949] CPU: 1 PID: 22949 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2769.737342][T22949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2769.747388][T22949] Call Trace: [ 2769.750661][T22949] [ 2769.753584][T22949] dump_stack_lvl+0xd6/0x122 [ 2769.758174][T22949] dump_stack+0x11/0x1b [ 2769.762408][T22949] should_fail+0x23c/0x250 [ 2769.766858][T22949] ? io_uring_alloc_task_context+0xef/0x2d0 [ 2769.772852][T22949] __should_failslab+0x81/0x90 [ 2769.777613][T22949] should_failslab+0x5/0x20 [ 2769.782115][T22949] kmem_cache_alloc_trace+0x52/0x350 [ 2769.787397][T22949] ? _raw_spin_lock_irqsave+0x4c/0xa0 [ 2769.792840][T22949] io_uring_alloc_task_context+0xef/0x2d0 [ 2769.798677][T22949] ? io_mem_alloc+0x40/0x40 [ 2769.803241][T22949] io_sq_offload_create+0x7f8/0x84e [ 2769.808504][T22949] io_uring_create+0x35f/0x754 [ 2769.813310][T22949] __x64_sys_io_uring_setup+0x118/0x130 [ 2769.819001][T22949] do_syscall_64+0x44/0xd0 [ 2769.823420][T22949] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2769.829363][T22949] RIP: 0033:0x7f381a103e99 [ 2769.833847][T22949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2769.853452][T22949] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 22:09:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 18) [ 2769.861866][T22949] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2769.869842][T22949] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2769.878160][T22949] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2769.886135][T22949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2769.894104][T22949] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2769.902077][T22949] [ 2769.947813][T22967] FAULT_INJECTION: forcing a failure. [ 2769.947813][T22967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2769.960975][T22967] CPU: 0 PID: 22967 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2769.969819][T22967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2769.980040][T22967] Call Trace: [ 2769.983315][T22967] [ 2769.986245][T22967] dump_stack_lvl+0xd6/0x122 [ 2769.990876][T22967] dump_stack+0x11/0x1b [ 2769.995082][T22967] should_fail+0x23c/0x250 [ 2769.999511][T22967] should_fail_usercopy+0x16/0x20 [ 2770.004565][T22967] _copy_to_user+0x1c/0x90 [ 2770.009012][T22967] io_uring_create+0x4d0/0x754 [ 2770.013785][T22967] __x64_sys_io_uring_setup+0x118/0x130 [ 2770.019417][T22967] do_syscall_64+0x44/0xd0 [ 2770.023836][T22967] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2770.029797][T22967] RIP: 0033:0x7f381a103e99 [ 2770.034210][T22967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2770.053924][T22967] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2770.062507][T22967] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2770.070481][T22967] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2770.078529][T22967] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2770.086587][T22967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 22:09:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x20}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000635000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:09:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xd) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2770.094696][T22967] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2770.102675][T22967] 22:09:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = socket(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:09:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 32) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 32) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x20}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000635000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) pipe(&(0x7f0000000040)) (rerun: 64) 22:09:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 19) [ 2770.221329][T22992] FAULT_INJECTION: forcing a failure. [ 2770.221329][T22992] name failslab, interval 1, probability 0, space 0, times 0 [ 2770.234115][T22992] CPU: 0 PID: 22992 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2770.242958][T22992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2770.253302][T22992] Call Trace: [ 2770.256585][T22992] [ 2770.259513][T22992] dump_stack_lvl+0xd6/0x122 [ 2770.264193][T22992] dump_stack+0x11/0x1b [ 2770.268362][T22992] should_fail+0x23c/0x250 [ 2770.272831][T22992] ? io_rsrc_node_switch_start+0x53/0x110 [ 2770.278545][T22992] __should_failslab+0x81/0x90 [ 2770.283313][T22992] should_failslab+0x5/0x20 [ 2770.287818][T22992] kmem_cache_alloc_trace+0x52/0x350 [ 2770.293175][T22992] ? _raw_spin_unlock_irqrestore+0x3d/0x60 [ 2770.298998][T22992] ? io_sq_offload_create+0x826/0x84e [ 2770.304435][T22992] io_rsrc_node_switch_start+0x53/0x110 [ 2770.309981][T22992] io_uring_create+0x37a/0x754 [ 2770.314754][T22992] __x64_sys_io_uring_setup+0x118/0x130 [ 2770.320310][T22992] do_syscall_64+0x44/0xd0 [ 2770.324783][T22992] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2770.330731][T22992] RIP: 0033:0x7f381a103e99 [ 2770.335130][T22992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2770.354734][T22992] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2770.363145][T22992] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2770.371097][T22992] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2770.379059][T22992] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2770.387080][T22992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2770.395034][T22992] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2770.402993][T22992] [ 2775.358701][T22964] warn_alloc: 1 callbacks suppressed [ 2775.358712][T22964] syz-executor.2: vmalloc error: size 314195968, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2775.380613][T22964] CPU: 1 PID: 22964 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2775.389411][T22964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2775.399564][T22964] Call Trace: [ 2775.402823][T22964] [ 2775.405732][T22964] dump_stack_lvl+0xd6/0x122 [ 2775.410359][T22964] dump_stack+0x11/0x1b [ 2775.414500][T22964] warn_alloc+0x132/0x190 [ 2775.418828][T22964] ? alloc_page_interleave+0x104/0x120 [ 2775.424265][T22964] __vmalloc_node_range+0x58b/0x690 [ 2775.429472][T22964] ? xt_alloc_table_info+0x39/0x70 [ 2775.434664][T22964] __vmalloc_node+0x61/0x70 [ 2775.439182][T22964] ? xt_alloc_table_info+0x39/0x70 [ 2775.444270][T22964] kvmalloc_node+0xd2/0x110 [ 2775.448750][T22964] xt_alloc_table_info+0x39/0x70 [ 2775.453686][T22964] do_ipt_set_ctl+0x649/0x1710 [ 2775.458424][T22964] ? rmqueue_pcplist+0x157/0x1f0 [ 2775.463396][T22964] ? rmqueue+0x4a/0xd20 [ 2775.467546][T22964] ? __rcu_read_unlock+0x5c/0x290 [ 2775.472547][T22964] nf_setsockopt+0x1a6/0x1c0 [ 2775.477113][T22964] ip_setsockopt+0x2815/0x2c80 [ 2775.481918][T22964] ? _raw_spin_unlock+0x2e/0x50 [ 2775.486742][T22964] ? finish_task_switch+0xd0/0x280 [ 2775.491827][T22964] ? __schedule+0x44a/0x6a0 [ 2775.496324][T22964] ? __rcu_read_unlock+0x5c/0x290 [ 2775.501335][T22964] ? schedule+0x8b/0xb0 [ 2775.505469][T22964] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2775.510923][T22964] ? avc_has_perm+0x70/0x160 [ 2775.515488][T22964] ? avc_has_perm+0xd5/0x160 [ 2775.520088][T22964] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2775.526530][T22964] ? selinux_socket_setsockopt+0x145/0x170 [ 2775.532324][T22964] udp_setsockopt+0x83/0x90 [ 2775.536803][T22964] sock_common_setsockopt+0x5d/0x70 [ 2775.542055][T22964] ? sock_common_recvmsg+0xe0/0xe0 [ 2775.547152][T22964] __sys_setsockopt+0x209/0x2a0 [ 2775.552020][T22964] __x64_sys_setsockopt+0x62/0x70 [ 2775.557024][T22964] do_syscall_64+0x44/0xd0 [ 2775.561425][T22964] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2775.567300][T22964] RIP: 0033:0x7ff9d4f80e99 [ 2775.571690][T22964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2775.591389][T22964] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2775.599807][T22964] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2775.607755][T22964] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2775.615707][T22964] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2775.623809][T22964] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2775.631757][T22964] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2775.639706][T22964] [ 2775.642823][T22964] Mem-Info: [ 2775.645917][T22964] active_anon:284 inactive_anon:98635 isolated_anon:0 [ 2775.645917][T22964] active_file:4211 inactive_file:62948 isolated_file:0 [ 2775.645917][T22964] unevictable:0 dirty:0 writeback:0 [ 2775.645917][T22964] slab_reclaimable:5638 slab_unreclaimable:16039 [ 2775.645917][T22964] mapped:27489 shmem:559 pagetables:1188 bounce:0 [ 2775.645917][T22964] kernel_misc_reclaimable:0 [ 2775.645917][T22964] free:1717142 free_pcp:3036 free_cma:0 [ 2775.687240][T22964] Node 0 active_anon:1136kB inactive_anon:394540kB active_file:16844kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2236kB writeback_tmp:0kB kernel_stack:3936kB pagetables:4752kB all_unreclaimable? no [ 2775.713645][T22964] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2775.740482][T22964] lowmem_reserve[]: 0 2896 7874 7874 [ 2775.745880][T22964] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2775.774465][T22964] lowmem_reserve[]: 0 0 4978 4978 [ 2775.779511][T22964] Node 0 Normal free:3887492kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1136kB inactive_anon:394540kB active_file:16844kB inactive_file:251792kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:7108kB local_pcp:4420kB free_cma:0kB [ 2775.809888][T22964] lowmem_reserve[]: 0 0 0 0 [ 2775.814393][T22964] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2775.827157][T22964] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2775.843368][T22964] Node 0 Normal: 417*4kB (UME) 274*8kB (UME) 81*16kB (UME) 37*32kB (UME) 21*64kB (UME) 5*128kB (E) 21*256kB (UME) 68*512kB (UME) 195*1024kB (UME) 53*2048kB (UME) 862*4096kB (UM) = 3887492kB [ 2775.862193][T22964] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2775.871509][T22964] 11639 total pagecache pages [ 2775.876258][T22964] 0 pages in swap cache [ 2775.880410][T22964] Swap cache stats: add 0, delete 0, find 0/0 [ 2775.886463][T22964] Free swap = 0kB [ 2775.890184][T22964] Total swap = 0kB [ 2775.893887][T22964] 2097051 pages RAM [ 2775.897674][T22964] 0 pages HighMem/MovableOnly [ 2775.902343][T22964] 75959 pages reserved 22:09:18 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc05b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:09:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = socket(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x4ffe0, 0x0) 22:09:18 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x3f00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:18 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000080)=[r0], 0x1) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:09:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 20) 22:09:18 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xe) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2777.944567][T23013] FAULT_INJECTION: forcing a failure. [ 2777.944567][T23013] name failslab, interval 1, probability 0, space 0, times 0 [ 2777.957221][T23013] CPU: 1 PID: 23013 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2777.966062][T23013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2777.976166][T23013] Call Trace: [ 2777.979464][T23013] [ 2777.982410][T23013] dump_stack_lvl+0xd6/0x122 [ 2777.987069][T23013] dump_stack+0x11/0x1b [ 2777.991220][T23013] should_fail+0x23c/0x250 [ 2777.995676][T23013] __should_failslab+0x81/0x90 [ 2778.000576][T23013] should_failslab+0x5/0x20 [ 2778.005125][T23013] kmem_cache_alloc_node_trace+0x61/0x310 [ 2778.010852][T23013] ? __cpuhp_state_add_instance_cpuslocked+0x1dc/0x330 [ 2778.017707][T23013] ? __cpuhp_state_add_instance+0x87/0x170 [ 2778.023527][T23013] ? io_wq_create+0x217/0x6f0 [ 2778.028252][T23013] io_wq_create+0x217/0x6f0 [ 2778.032757][T23013] io_uring_alloc_task_context+0x19d/0x2d0 [ 2778.038637][T23013] ? io_wq_free_work+0xd0/0xd0 [ 2778.043408][T23013] ? tctx_task_work+0x410/0x410 [ 2778.048262][T23013] io_sq_offload_create+0x7f8/0x84e [ 2778.053543][T23013] io_uring_create+0x35f/0x754 [ 2778.058328][T23013] __x64_sys_io_uring_setup+0x118/0x130 [ 2778.064066][T23013] do_syscall_64+0x44/0xd0 [ 2778.068483][T23013] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2778.074423][T23013] RIP: 0033:0x7f381a103e99 [ 2778.078983][T23013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2778.098595][T23013] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2778.107110][T23013] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2778.115165][T23013] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2778.123153][T23013] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2778.131126][T23013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 22:09:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) socket(0x10, 0x3, 0x0) splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) 22:09:19 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 21) [ 2778.139099][T23013] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2778.147114][T23013] 22:09:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000080)=[r0], 0x1) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:09:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000080)=[r0], 0x1) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) [ 2778.217008][T23045] FAULT_INJECTION: forcing a failure. [ 2778.217008][T23045] name failslab, interval 1, probability 0, space 0, times 0 [ 2778.229826][T23045] CPU: 1 PID: 23045 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2778.238589][T23045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2778.248670][T23045] Call Trace: [ 2778.251941][T23045] [ 2778.254866][T23045] dump_stack_lvl+0xd6/0x122 [ 2778.259592][T23045] dump_stack+0x11/0x1b 22:09:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) syz_io_uring_submit(r1, r5, &(0x7f0000000080)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x10000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) fcntl$dupfd(r0, 0x406, r0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) [ 2778.263750][T23045] should_fail+0x23c/0x250 [ 2778.268178][T23045] ? io_rsrc_node_switch_start+0x53/0x110 [ 2778.273907][T23045] __should_failslab+0x81/0x90 [ 2778.278676][T23045] should_failslab+0x5/0x20 [ 2778.283179][T23045] kmem_cache_alloc_trace+0x52/0x350 [ 2778.288559][T23045] ? _raw_spin_unlock_irqrestore+0x3d/0x60 [ 2778.294368][T23045] ? io_sq_offload_create+0x826/0x84e [ 2778.299745][T23045] io_rsrc_node_switch_start+0x53/0x110 [ 2778.305340][T23045] io_uring_create+0x37a/0x754 [ 2778.310235][T23045] __x64_sys_io_uring_setup+0x118/0x130 [ 2778.315784][T23045] do_syscall_64+0x44/0xd0 [ 2778.320240][T23045] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2778.326136][T23045] RIP: 0033:0x7f381a103e99 [ 2778.330571][T23045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2778.350179][T23045] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2778.358842][T23045] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2778.366810][T23045] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2778.374866][T23045] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2778.382823][T23045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2778.390774][T23045] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2778.398956][T23045] 22:09:26 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc25060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:09:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) syz_io_uring_submit(r1, r5, &(0x7f0000000080)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x10000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) fcntl$dupfd(r0, 0x406, r0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) syz_io_uring_submit(r1, r5, &(0x7f0000000080)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x10000) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) fcntl$dupfd(r0, 0x406, r0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:09:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) socket(0x10, 0x3, 0x0) splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) 22:09:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 22) 22:09:26 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xf) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:26 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x6300) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) socket(0x10, 0x3, 0x0) splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) [ 2786.183335][T23070] FAULT_INJECTION: forcing a failure. [ 2786.183335][T23070] name failslab, interval 1, probability 0, space 0, times 0 [ 2786.196057][T23070] CPU: 1 PID: 23070 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2786.204990][T23070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2786.215043][T23070] Call Trace: [ 2786.218313][T23070] [ 2786.221241][T23070] dump_stack_lvl+0xd6/0x122 [ 2786.225832][T23070] dump_stack+0x11/0x1b 22:09:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) [ 2786.229987][T23070] should_fail+0x23c/0x250 [ 2786.234416][T23070] ? percpu_ref_init+0x96/0x250 [ 2786.239271][T23070] ? kzalloc+0x21/0x21 [ 2786.243338][T23070] __should_failslab+0x81/0x90 [ 2786.248123][T23070] should_failslab+0x5/0x20 [ 2786.252699][T23070] kmem_cache_alloc_trace+0x52/0x350 [ 2786.258067][T23070] ? kzalloc+0x21/0x21 [ 2786.262137][T23070] percpu_ref_init+0x96/0x250 [ 2786.266941][T23070] io_rsrc_node_switch_start+0x71/0x110 [ 2786.272498][T23070] io_uring_create+0x37a/0x754 [ 2786.277269][T23070] __x64_sys_io_uring_setup+0x118/0x130 [ 2786.282900][T23070] do_syscall_64+0x44/0xd0 [ 2786.287328][T23070] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2786.293292][T23070] RIP: 0033:0x7f381a103e99 [ 2786.297701][T23070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2786.317383][T23070] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2786.325793][T23070] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 22:09:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) 22:09:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 23) [ 2786.333764][T23070] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2786.341739][T23070] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2786.349706][T23070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2786.357676][T23070] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2786.365652][T23070] [ 2786.388924][T23112] FAULT_INJECTION: forcing a failure. [ 2786.388924][T23112] name failslab, interval 1, probability 0, space 0, times 0 [ 2786.401692][T23112] CPU: 0 PID: 23112 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2786.410509][T23112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2786.420559][T23112] Call Trace: [ 2786.423832][T23112] [ 2786.426759][T23112] dump_stack_lvl+0xd6/0x122 [ 2786.431468][T23112] dump_stack+0x11/0x1b [ 2786.435628][T23112] should_fail+0x23c/0x250 [ 2786.440056][T23112] ? percpu_ref_init+0x96/0x250 [ 2786.444911][T23112] ? kzalloc+0x21/0x21 [ 2786.448977][T23112] __should_failslab+0x81/0x90 [ 2786.453784][T23112] should_failslab+0x5/0x20 [ 2786.458295][T23112] kmem_cache_alloc_trace+0x52/0x350 [ 2786.463582][T23112] ? kzalloc+0x21/0x21 [ 2786.467725][T23112] percpu_ref_init+0x96/0x250 [ 2786.472431][T23112] io_rsrc_node_switch_start+0x71/0x110 [ 2786.478111][T23112] io_uring_create+0x37a/0x754 [ 2786.482884][T23112] __x64_sys_io_uring_setup+0x118/0x130 [ 2786.488450][T23112] do_syscall_64+0x44/0xd0 [ 2786.492934][T23112] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2786.498835][T23112] RIP: 0033:0x7f381a103e99 [ 2786.503251][T23112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2786.522858][T23112] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2786.531335][T23112] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 22:09:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) 22:09:27 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) syz_io_uring_submit(r1, r5, &(0x7f0000000080)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x10000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) fcntl$dupfd(r0, 0x406, r0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) (async) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) syz_io_uring_submit(r1, r5, &(0x7f0000000080)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x10000) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) fcntl$dupfd(r0, 0x406, r0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) [ 2786.539303][T23112] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2786.547367][T23112] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2786.555431][T23112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2786.563409][T23112] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2786.571421][T23112] [ 2792.039734][T23083] warn_alloc: 1 callbacks suppressed [ 2792.039744][T23083] syz-executor.2: vmalloc error: size 314195968, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2792.062047][T23083] CPU: 0 PID: 23083 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2792.070802][T23083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2792.080839][T23083] Call Trace: [ 2792.084114][T23083] [ 2792.087026][T23083] dump_stack_lvl+0xd6/0x122 [ 2792.091757][T23083] dump_stack+0x11/0x1b [ 2792.095903][T23083] warn_alloc+0x132/0x190 [ 2792.100267][T23083] ? alloc_page_interleave+0x104/0x120 [ 2792.105704][T23083] __vmalloc_node_range+0x58b/0x690 [ 2792.110955][T23083] ? xt_alloc_table_info+0x39/0x70 [ 2792.116046][T23083] __vmalloc_node+0x61/0x70 [ 2792.120527][T23083] ? xt_alloc_table_info+0x39/0x70 [ 2792.125619][T23083] kvmalloc_node+0xd2/0x110 [ 2792.130146][T23083] xt_alloc_table_info+0x39/0x70 [ 2792.135066][T23083] do_ipt_set_ctl+0x649/0x1710 [ 2792.139816][T23083] ? rmqueue_pcplist+0x157/0x1f0 [ 2792.144818][T23083] ? rmqueue+0x4a/0xd20 [ 2792.148959][T23083] ? __rcu_read_unlock+0x5c/0x290 [ 2792.154000][T23083] nf_setsockopt+0x1a6/0x1c0 [ 2792.158572][T23083] ip_setsockopt+0x2815/0x2c80 [ 2792.163323][T23083] ? enqueue_entity+0x4bf/0x6c0 [ 2792.168152][T23083] ? reweight_entity+0x22/0xf0 [ 2792.172970][T23083] ? enqueue_task_fair+0x443/0x520 [ 2792.178101][T23083] ? __rcu_read_unlock+0x5c/0x290 [ 2792.183171][T23083] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2792.188560][T23083] ? avc_has_perm+0x70/0x160 [ 2792.193168][T23083] ? avc_has_perm+0xd5/0x160 [ 2792.197750][T23083] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2792.204084][T23083] ? selinux_socket_setsockopt+0x145/0x170 [ 2792.209875][T23083] udp_setsockopt+0x83/0x90 [ 2792.214362][T23083] sock_common_setsockopt+0x5d/0x70 [ 2792.219545][T23083] ? sock_common_recvmsg+0xe0/0xe0 [ 2792.224909][T23083] __sys_setsockopt+0x209/0x2a0 [ 2792.229758][T23083] __x64_sys_setsockopt+0x62/0x70 [ 2792.234765][T23083] do_syscall_64+0x44/0xd0 [ 2792.239160][T23083] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2792.245045][T23083] RIP: 0033:0x7ff9d4f80e99 [ 2792.249454][T23083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2792.269152][T23083] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2792.277649][T23083] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2792.285598][T23083] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2792.293547][T23083] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2792.301497][T23083] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2792.309708][T23083] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2792.317840][T23083] [ 2792.320881][T23083] Mem-Info: [ 2792.323987][T23083] active_anon:289 inactive_anon:98478 isolated_anon:0 [ 2792.323987][T23083] active_file:4214 inactive_file:62948 isolated_file:0 [ 2792.323987][T23083] unevictable:0 dirty:21 writeback:0 [ 2792.323987][T23083] slab_reclaimable:5636 slab_unreclaimable:16049 [ 2792.323987][T23083] mapped:27425 shmem:564 pagetables:1166 bounce:0 [ 2792.323987][T23083] kernel_misc_reclaimable:0 [ 2792.323987][T23083] free:1716476 free_pcp:3871 free_cma:0 [ 2792.365329][T23083] Node 0 active_anon:1156kB inactive_anon:393912kB active_file:16856kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:84kB writeback:0kB shmem:2264kB writeback_tmp:0kB kernel_stack:3904kB pagetables:4664kB all_unreclaimable? no [ 2792.391790][T23083] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2792.418564][T23083] lowmem_reserve[]: 0 2896 7874 7874 [ 2792.423903][T23083] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2792.452553][T23083] lowmem_reserve[]: 0 0 4978 4978 [ 2792.457720][T23083] Node 0 Normal free:3884828kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1156kB inactive_anon:393912kB active_file:16856kB inactive_file:251792kB unevictable:0kB writepending:84kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:10440kB local_pcp:5924kB free_cma:0kB [ 2792.488273][T23083] lowmem_reserve[]: 0 0 0 0 [ 2792.492788][T23083] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2792.505410][T23083] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2792.521380][T23083] Node 0 Normal: 527*4kB (UME) 324*8kB (UME) 182*16kB (UME) 69*32kB (UME) 37*64kB (UME) 29*128kB (UME) 23*256kB (ME) 61*512kB (UME) 192*1024kB (UE) 51*2048kB (UE) 862*4096kB (UM) = 3884828kB [ 2792.540270][T23083] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2792.549559][T23083] 11651 total pagecache pages [ 2792.554295][T23083] 0 pages in swap cache [ 2792.558430][T23083] Swap cache stats: add 0, delete 0, find 0/0 [ 2792.564490][T23083] Free swap = 0kB [ 2792.568193][T23083] Total swap = 0kB [ 2792.571958][T23083] 2097051 pages RAM [ 2792.575846][T23083] 0 pages HighMem/MovableOnly [ 2792.580512][T23083] 75959 pages reserved 22:09:35 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d25fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:09:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0xffffffff}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:09:35 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 24) 22:09:35 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:35 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x6d02) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2794.371472][T23135] FAULT_INJECTION: forcing a failure. [ 2794.371472][T23135] name failslab, interval 1, probability 0, space 0, times 0 [ 2794.384122][T23135] CPU: 0 PID: 23135 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2794.392964][T23135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2794.403020][T23135] Call Trace: [ 2794.406302][T23135] [ 2794.409230][T23135] dump_stack_lvl+0xd6/0x122 [ 2794.414009][T23135] dump_stack+0x11/0x1b [ 2794.418172][T23135] should_fail+0x23c/0x250 [ 2794.422609][T23135] ? security_inode_alloc+0x30/0x180 [ 2794.427901][T23135] __should_failslab+0x81/0x90 [ 2794.432691][T23135] should_failslab+0x5/0x20 [ 2794.437230][T23135] kmem_cache_alloc+0x4f/0x320 [ 2794.441996][T23135] ? __rcu_read_unlock+0x5c/0x290 [ 2794.447029][T23135] security_inode_alloc+0x30/0x180 [ 2794.452149][T23135] inode_init_always+0x214/0x3e0 [ 2794.457149][T23135] new_inode_pseudo+0x6f/0x190 [ 2794.461977][T23135] alloc_anon_inode+0x1a/0x190 [ 2794.466753][T23135] __anon_inode_getfile+0xe0/0x260 [ 2794.471936][T23135] anon_inode_getfile_secure+0x36/0x40 [ 2794.477398][T23135] io_uring_create+0x554/0x754 [ 2794.482170][T23135] __x64_sys_io_uring_setup+0x118/0x130 [ 2794.487721][T23135] do_syscall_64+0x44/0xd0 [ 2794.492184][T23135] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2794.498079][T23135] RIP: 0033:0x7f381a103e99 [ 2794.502499][T23135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2794.522104][T23135] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2794.530592][T23135] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2794.538653][T23135] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2794.546631][T23135] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2794.554752][T23135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2794.562722][T23135] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:09:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 25) 22:09:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0xffffffff}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0xffffffff}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) [ 2794.570703][T23135] [ 2794.591341][T23146] FAULT_INJECTION: forcing a failure. [ 2794.591341][T23146] name failslab, interval 1, probability 0, space 0, times 0 [ 2794.604048][T23146] CPU: 1 PID: 23146 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2794.612812][T23146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2794.622936][T23146] Call Trace: [ 2794.626270][T23146] [ 2794.629190][T23146] dump_stack_lvl+0xd6/0x122 [ 2794.633855][T23146] dump_stack+0x11/0x1b [ 2794.638008][T23146] should_fail+0x23c/0x250 [ 2794.642430][T23146] ? __d_alloc+0x36/0x370 [ 2794.646799][T23146] __should_failslab+0x81/0x90 [ 2794.651561][T23146] should_failslab+0x5/0x20 [ 2794.656205][T23146] kmem_cache_alloc+0x4f/0x320 [ 2794.660999][T23146] ? avc_has_perm+0x70/0x160 [ 2794.665590][T23146] __d_alloc+0x36/0x370 [ 2794.669786][T23146] d_alloc_pseudo+0x1a/0x50 [ 2794.674410][T23146] alloc_file_pseudo+0x77/0x150 [ 2794.679275][T23146] __anon_inode_getfile+0x14b/0x260 [ 2794.684477][T23146] anon_inode_getfile_secure+0x36/0x40 [ 2794.689939][T23146] io_uring_create+0x554/0x754 [ 2794.694702][T23146] __x64_sys_io_uring_setup+0x118/0x130 [ 2794.700338][T23146] do_syscall_64+0x44/0xd0 [ 2794.704758][T23146] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2794.710701][T23146] RIP: 0033:0x7f381a103e99 [ 2794.715288][T23146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2794.734979][T23146] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2794.743374][T23146] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2794.751329][T23146] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2794.759335][T23146] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2794.767309][T23146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2794.775328][T23146] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2794.783278][T23146] 22:09:35 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xe803) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0xffffffff}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:09:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 26) 22:09:35 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x11) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2794.913762][T23169] FAULT_INJECTION: forcing a failure. [ 2794.913762][T23169] name failslab, interval 1, probability 0, space 0, times 0 [ 2794.926443][T23169] CPU: 0 PID: 23169 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2794.935215][T23169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2794.945312][T23169] Call Trace: [ 2794.948760][T23169] [ 2794.951687][T23169] dump_stack_lvl+0xd6/0x122 [ 2794.956282][T23169] dump_stack+0x11/0x1b [ 2794.960485][T23169] should_fail+0x23c/0x250 [ 2794.964907][T23169] ? security_file_alloc+0x30/0x190 [ 2794.970187][T23169] __should_failslab+0x81/0x90 [ 2794.974961][T23169] should_failslab+0x5/0x20 [ 2794.979493][T23169] kmem_cache_alloc+0x4f/0x320 [ 2794.984400][T23169] security_file_alloc+0x30/0x190 [ 2794.989542][T23169] __alloc_file+0x83/0x1a0 [ 2794.993969][T23169] alloc_empty_file+0xcd/0x1c0 [ 2794.998739][T23169] alloc_file+0x3a/0x280 [ 2795.003079][T23169] alloc_file_pseudo+0xfa/0x150 [ 2795.007985][T23169] __anon_inode_getfile+0x14b/0x260 [ 2795.013236][T23169] anon_inode_getfile_secure+0x36/0x40 [ 2795.018703][T23169] io_uring_create+0x554/0x754 [ 2795.023609][T23169] __x64_sys_io_uring_setup+0x118/0x130 [ 2795.029202][T23169] do_syscall_64+0x44/0xd0 [ 2795.033665][T23169] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2795.039566][T23169] RIP: 0033:0x7f381a103e99 [ 2795.043980][T23169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2795.063708][T23169] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2795.072180][T23169] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2795.080189][T23169] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2795.088236][T23169] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2795.096329][T23169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2795.104288][T23169] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2795.112426][T23169] 22:09:43 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf925d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:09:43 executing program 1: sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x1a4, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffef}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3694}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffeffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1dc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0xb8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7c9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffc00}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x400}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8100}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x521}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6c2da60f}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x20000004}, 0x84) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r3 = socket$inet(0x2, 0x3, 0x14) setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x1) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000680)=@llc={0x1a, 0x103, 0x80, 0x81, 0x6, 0x8e}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x4) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000740)=0xc) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0xffffffffffffff38, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000024000b0f00000000ffffffff00000000", @ANYRES32=r6, @ANYBLOB="1000000007000100667100000c0002000800060000000000"], 0x38}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0x522, 0x8, @local, @mcast1, 0x8, 0x8, 0x1621, 0x67abfbf7}}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x68, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x28805}, 0x880) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:09:43 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 27) 22:09:43 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:43 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x12) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:43 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xf701) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2802.600376][T23180] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2802.601291][T23176] FAULT_INJECTION: forcing a failure. [ 2802.601291][T23176] name failslab, interval 1, probability 0, space 0, times 0 [ 2802.622336][T23176] CPU: 0 PID: 23176 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2802.631100][T23176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2802.641165][T23176] Call Trace: [ 2802.644449][T23176] [ 2802.647424][T23176] dump_stack_lvl+0xd6/0x122 [ 2802.652061][T23176] dump_stack+0x11/0x1b [ 2802.656224][T23176] should_fail+0x23c/0x250 [ 2802.660662][T23176] ? selinux_sk_alloc_security+0x61/0x120 [ 2802.666448][T23176] __should_failslab+0x81/0x90 [ 2802.671239][T23176] should_failslab+0x5/0x20 [ 2802.675749][T23176] kmem_cache_alloc_trace+0x52/0x350 [ 2802.681038][T23176] ? __rcu_read_unlock+0x5c/0x290 [ 2802.686103][T23176] selinux_sk_alloc_security+0x61/0x120 [ 2802.691685][T23176] security_sk_alloc+0x45/0x90 [ 2802.696522][T23176] sk_prot_alloc+0xd2/0x190 [ 2802.701022][T23176] sk_alloc+0x2e/0x330 [ 2802.705209][T23176] unix_create1+0xa2/0x3c0 [ 2802.709628][T23176] unix_create+0xfb/0x120 [ 2802.713977][T23176] __sock_create+0x2cc/0x4e0 [ 2802.718598][T23176] sock_create_kern+0x34/0x40 [ 2802.723278][T23176] io_uring_create+0x50b/0x754 [ 2802.728046][T23176] __x64_sys_io_uring_setup+0x118/0x130 [ 2802.733633][T23176] do_syscall_64+0x44/0xd0 [ 2802.738060][T23176] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2802.743954][T23176] RIP: 0033:0x7f381a103e99 [ 2802.748358][T23176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2802.768037][T23176] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2802.776445][T23176] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2802.784411][T23176] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2802.792645][T23176] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2802.800613][T23176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2802.808584][T23176] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2802.816622][T23176] 22:09:43 executing program 1: sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x1a4, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffef}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3694}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffeffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1dc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0xb8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7c9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffc00}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x400}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8100}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x521}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6c2da60f}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x20000004}, 0x84) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) r3 = socket$inet(0x2, 0x3, 0x14) setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x1) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000680)=@llc={0x1a, 0x103, 0x80, 0x81, 0x6, 0x8e}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x4) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000740)=0xc) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0xffffffffffffff38, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000024000b0f00000000ffffffff00000000", @ANYRES32=r6, @ANYBLOB="1000000007000100667100000c0002000800060000000000"], 0x38}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0x522, 0x8, @local, @mcast1, 0x8, 0x8, 0x1621, 0x67abfbf7}}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x68, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x28805}, 0x880) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x1a4, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffef}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3694}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffeffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1dc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0xb8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7c9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffc00}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x400}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8100}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x521}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6c2da60f}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x20000004}, 0x84) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socket$inet(0x2, 0x3, 0x14) (async) setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x1) (async) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (async) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) (async) syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000680)=@llc={0x1a, 0x103, 0x80, 0x81, 0x6, 0x8e}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x4) (async) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000740)=0xc) (async) socket(0x10, 0x3, 0x0) (async) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0xffffffffffffff38, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000024000b0f00000000ffffffff00000000", @ANYRES32=r6, @ANYBLOB="1000000007000100667100000c0002000800060000000000"], 0x38}}, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0x522, 0x8, @local, @mcast1, 0x8, 0x8, 0x1621, 0x67abfbf7}}) (async) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x68, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x28805}, 0x880) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:09:43 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 28) 22:09:43 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20255050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:09:43 executing program 1: sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x1a4, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffef}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3694}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffeffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1dc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0xb8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7c9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffc00}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x400}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8100}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x521}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6c2da60f}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x20000004}, 0x84) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) r3 = socket$inet(0x2, 0x3, 0x14) setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x1) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async, rerun: 64) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (rerun: 64) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) (async, rerun: 32) syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000680)=@llc={0x1a, 0x103, 0x80, 0x81, 0x6, 0x8e}, 0x0, 0x0, 0x0, {0x0, r4}}, 0x4) (async, rerun: 32) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000740)=0xc) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0xffffffffffffff38, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000024000b0f00000000ffffffff00000000", @ANYRES32=r6, @ANYBLOB="1000000007000100667100000c0002000800060000000000"], 0x38}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0x522, 0x8, @local, @mcast1, 0x8, 0x8, 0x1621, 0x67abfbf7}}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x68, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x28805}, 0x880) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) pipe(&(0x7f0000000040)) (rerun: 32) [ 2802.892771][T23194] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2802.924887][T23194] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2802.981702][T23209] FAULT_INJECTION: forcing a failure. [ 2802.981702][T23209] name failslab, interval 1, probability 0, space 0, times 0 [ 2802.994429][T23209] CPU: 0 PID: 23209 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2803.003273][T23209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2803.013329][T23209] Call Trace: [ 2803.016656][T23209] [ 2803.019582][T23209] dump_stack_lvl+0xd6/0x122 [ 2803.024170][T23209] dump_stack+0x11/0x1b [ 2803.028330][T23209] should_fail+0x23c/0x250 [ 2803.032762][T23209] ? new_inode_pseudo+0x5c/0x190 [ 2803.037708][T23209] __should_failslab+0x81/0x90 [ 2803.042505][T23209] should_failslab+0x5/0x20 [ 2803.047016][T23209] kmem_cache_alloc+0x4f/0x320 [ 2803.051791][T23209] new_inode_pseudo+0x5c/0x190 [ 2803.056574][T23209] alloc_anon_inode+0x1a/0x190 [ 2803.061379][T23209] __anon_inode_getfile+0xe0/0x260 [ 2803.066579][T23209] anon_inode_getfile_secure+0x36/0x40 [ 2803.072045][T23209] io_uring_create+0x554/0x754 [ 2803.076811][T23209] __x64_sys_io_uring_setup+0x118/0x130 [ 2803.082375][T23209] do_syscall_64+0x44/0xd0 [ 2803.086835][T23209] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2803.092796][T23209] RIP: 0033:0x7f381a103e99 [ 2803.097224][T23209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2803.116881][T23209] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 22:09:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 29) [ 2803.125382][T23209] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2803.133423][T23209] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2803.141482][T23209] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2803.143352][T23211] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2803.149451][T23209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2803.149467][T23209] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2803.149483][T23209] [ 2803.204291][T23253] FAULT_INJECTION: forcing a failure. [ 2803.204291][T23253] name failslab, interval 1, probability 0, space 0, times 0 [ 2803.216991][T23253] CPU: 0 PID: 23253 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2803.225775][T23253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2803.235839][T23253] Call Trace: [ 2803.239135][T23253] [ 2803.242065][T23253] dump_stack_lvl+0xd6/0x122 [ 2803.246657][T23253] dump_stack+0x11/0x1b [ 2803.250810][T23253] should_fail+0x23c/0x250 [ 2803.255298][T23253] ? security_file_alloc+0x30/0x190 [ 2803.260513][T23253] __should_failslab+0x81/0x90 [ 2803.265290][T23253] should_failslab+0x5/0x20 [ 2803.269799][T23253] kmem_cache_alloc+0x4f/0x320 [ 2803.274622][T23253] security_file_alloc+0x30/0x190 [ 2803.279697][T23253] __alloc_file+0x83/0x1a0 [ 2803.284122][T23253] alloc_empty_file+0xcd/0x1c0 [ 2803.288958][T23253] alloc_file+0x3a/0x280 [ 2803.293265][T23253] alloc_file_pseudo+0xfa/0x150 [ 2803.298204][T23253] __anon_inode_getfile+0x14b/0x260 [ 2803.303404][T23253] anon_inode_getfile_secure+0x36/0x40 [ 2803.308872][T23253] io_uring_create+0x554/0x754 [ 2803.314124][T23253] __x64_sys_io_uring_setup+0x118/0x130 [ 2803.320034][T23253] do_syscall_64+0x44/0xd0 [ 2803.324534][T23253] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2803.330511][T23253] RIP: 0033:0x7f381a103e99 [ 2803.334924][T23253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2803.354547][T23253] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2803.362995][T23253] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2803.370967][T23253] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2803.378970][T23253] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2803.386975][T23253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2803.394960][T23253] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:09:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 30) 22:09:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) close_range(r3, r4, 0x0) 22:09:44 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xf801) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:44 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x13) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2803.402936][T23253] [ 2803.453546][T23287] FAULT_INJECTION: forcing a failure. [ 2803.453546][T23287] name failslab, interval 1, probability 0, space 0, times 0 [ 2803.466433][T23287] CPU: 1 PID: 23287 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2803.475197][T23287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2803.485288][T23287] Call Trace: [ 2803.488558][T23287] [ 2803.491477][T23287] dump_stack_lvl+0xd6/0x122 [ 2803.496069][T23287] dump_stack+0x11/0x1b [ 2803.500218][T23287] should_fail+0x23c/0x250 [ 2803.504655][T23287] ? security_file_alloc+0x30/0x190 [ 2803.509923][T23287] __should_failslab+0x81/0x90 [ 2803.514689][T23287] should_failslab+0x5/0x20 [ 2803.519320][T23287] kmem_cache_alloc+0x4f/0x320 [ 2803.524085][T23287] security_file_alloc+0x30/0x190 [ 2803.529156][T23287] __alloc_file+0x83/0x1a0 [ 2803.533573][T23287] alloc_empty_file+0xcd/0x1c0 [ 2803.538334][T23287] alloc_file+0x3a/0x280 [ 2803.542584][T23287] alloc_file_pseudo+0xfa/0x150 [ 2803.547480][T23287] __anon_inode_getfile+0x14b/0x260 [ 2803.552679][T23287] anon_inode_getfile_secure+0x36/0x40 [ 2803.558171][T23287] io_uring_create+0x554/0x754 [ 2803.562950][T23287] __x64_sys_io_uring_setup+0x118/0x130 [ 2803.568580][T23287] do_syscall_64+0x44/0xd0 [ 2803.573070][T23287] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2803.578960][T23287] RIP: 0033:0x7f381a103e99 [ 2803.583388][T23287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2803.603203][T23287] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2803.611676][T23287] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2803.619697][T23287] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2803.627665][T23287] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2803.635627][T23287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2803.643594][T23287] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2803.651632][T23287] 22:09:46 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 32) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) pipe(&(0x7f0000000040)) (async) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) close_range(r3, r4, 0x0) 22:09:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 31) 22:09:46 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x14) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2805.649493][T23308] FAULT_INJECTION: forcing a failure. [ 2805.649493][T23308] name failslab, interval 1, probability 0, space 0, times 0 [ 2805.662169][T23308] CPU: 1 PID: 23308 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2805.671085][T23308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2805.681145][T23308] Call Trace: [ 2805.681155][T23308] [ 2805.681161][T23308] dump_stack_lvl+0xd6/0x122 [ 2805.681185][T23308] dump_stack+0x11/0x1b [ 2805.681202][T23308] should_fail+0x23c/0x250 [ 2805.700480][T23308] ? security_file_alloc+0x30/0x190 [ 2805.705699][T23308] __should_failslab+0x81/0x90 [ 2805.710474][T23308] should_failslab+0x5/0x20 [ 2805.715028][T23308] kmem_cache_alloc+0x4f/0x320 [ 2805.719792][T23308] security_file_alloc+0x30/0x190 [ 2805.724809][T23308] __alloc_file+0x83/0x1a0 [ 2805.729220][T23308] alloc_empty_file+0xcd/0x1c0 [ 2805.734001][T23308] alloc_file+0x3a/0x280 [ 2805.738242][T23308] alloc_file_pseudo+0xfa/0x150 [ 2805.743091][T23308] __anon_inode_getfile+0x14b/0x260 [ 2805.748290][T23308] anon_inode_getfile_secure+0x36/0x40 [ 2805.753785][T23308] io_uring_create+0x554/0x754 [ 2805.758586][T23308] __x64_sys_io_uring_setup+0x118/0x130 [ 2805.764139][T23308] do_syscall_64+0x44/0xd0 [ 2805.768624][T23308] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2805.774515][T23308] RIP: 0033:0x7f381a103e99 [ 2805.778927][T23308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 22:09:46 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xf901) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2805.798600][T23308] RSP: 002b:00007f3819259168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2805.807009][T23308] RAX: ffffffffffffffda RBX: 00007f381a217030 RCX: 00007f381a103e99 [ 2805.815029][T23308] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2805.823016][T23308] RBP: 00007f38192591d0 R08: 0000000000000000 R09: 0000000000000000 [ 2805.830986][T23308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2805.838968][T23308] R13: 00007ffde74573bf R14: 00007f3819259300 R15: 0000000000022000 [ 2805.846936][T23308] [ 2808.498690][T23206] warn_alloc: 1 callbacks suppressed [ 2808.498703][T23206] syz-executor.2: vmalloc error: size 314195968, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2808.520760][T23206] CPU: 1 PID: 23206 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2808.529517][T23206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2808.539575][T23206] Call Trace: [ 2808.542863][T23206] [ 2808.545771][T23206] dump_stack_lvl+0xd6/0x122 [ 2808.550343][T23206] dump_stack+0x11/0x1b [ 2808.554489][T23206] warn_alloc+0x132/0x190 [ 2808.558799][T23206] ? alloc_page_interleave+0x104/0x120 [ 2808.564304][T23206] __vmalloc_node_range+0x58b/0x690 [ 2808.569616][T23206] ? xt_alloc_table_info+0x39/0x70 [ 2808.574708][T23206] __vmalloc_node+0x61/0x70 [ 2808.579192][T23206] ? xt_alloc_table_info+0x39/0x70 [ 2808.584294][T23206] kvmalloc_node+0xd2/0x110 [ 2808.588777][T23206] xt_alloc_table_info+0x39/0x70 [ 2808.593821][T23206] do_ipt_set_ctl+0x649/0x1710 [ 2808.598604][T23206] ? rmqueue_pcplist+0x157/0x1f0 [ 2808.603592][T23206] ? rmqueue+0x4a/0xd20 [ 2808.607831][T23206] ? __rcu_read_unlock+0x5c/0x290 [ 2808.612855][T23206] nf_setsockopt+0x1a6/0x1c0 [ 2808.617482][T23206] ip_setsockopt+0x2815/0x2c80 [ 2808.622244][T23206] ? _raw_spin_unlock+0x2e/0x50 [ 2808.627118][T23206] ? finish_task_switch+0xd0/0x280 [ 2808.632207][T23206] ? __schedule+0x44a/0x6a0 [ 2808.636692][T23206] ? __rcu_read_unlock+0x5c/0x290 [ 2808.641691][T23206] ? schedule+0x8b/0xb0 [ 2808.645851][T23206] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2808.651224][T23206] ? avc_has_perm+0x70/0x160 [ 2808.655835][T23206] ? avc_has_perm+0xd5/0x160 [ 2808.660509][T23206] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2808.666851][T23206] ? selinux_socket_setsockopt+0x145/0x170 [ 2808.672641][T23206] udp_setsockopt+0x83/0x90 [ 2808.677229][T23206] sock_common_setsockopt+0x5d/0x70 [ 2808.682434][T23206] ? sock_common_recvmsg+0xe0/0xe0 [ 2808.687583][T23206] __sys_setsockopt+0x209/0x2a0 [ 2808.692439][T23206] __x64_sys_setsockopt+0x62/0x70 [ 2808.697473][T23206] do_syscall_64+0x44/0xd0 [ 2808.701867][T23206] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2808.707739][T23206] RIP: 0033:0x7ff9d4f80e99 [ 2808.712140][T23206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2808.731821][T23206] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2808.740250][T23206] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2808.748228][T23206] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2808.756176][T23206] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2808.764166][T23206] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2808.772166][T23206] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2808.780156][T23206] [ 2808.783470][T23206] Mem-Info: [ 2808.786578][T23206] active_anon:299 inactive_anon:98772 isolated_anon:0 [ 2808.786578][T23206] active_file:4245 inactive_file:67103 isolated_file:0 [ 2808.786578][T23206] unevictable:0 dirty:2559 writeback:1537 [ 2808.786578][T23206] slab_reclaimable:5748 slab_unreclaimable:16233 [ 2808.786578][T23206] mapped:30359 shmem:574 pagetables:1270 bounce:0 [ 2808.786578][T23206] kernel_misc_reclaimable:0 [ 2808.786578][T23206] free:1713346 free_pcp:2160 free_cma:0 [ 2808.828358][T23206] Node 0 active_anon:1196kB inactive_anon:394972kB active_file:16980kB inactive_file:268180kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:121436kB dirty:10236kB writeback:6148kB shmem:2296kB writeback_tmp:0kB kernel_stack:3984kB pagetables:4964kB all_unreclaimable? no [ 2808.855288][T23206] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2808.882106][T23206] lowmem_reserve[]: 0 2896 7874 7874 [ 2808.887425][T23206] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2808.916110][T23206] lowmem_reserve[]: 0 0 4978 4978 [ 2808.921166][T23206] Node 0 Normal free:3872308kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1196kB inactive_anon:394972kB active_file:16980kB inactive_file:268180kB unevictable:0kB writepending:16384kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:3964kB local_pcp:700kB free_cma:0kB [ 2808.951718][T23206] lowmem_reserve[]: 0 0 0 0 [ 2808.956218][T23206] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2808.968858][T23206] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2808.984973][T23206] Node 0 Normal: 105*4kB (UME) 136*8kB (UME) 183*16kB (UME) 81*32kB (UME) 43*64kB (UME) 14*128kB (UME) 17*256kB (UME) 66*512kB (UME) 195*1024kB (UME) 51*2048kB (UE) 859*4096kB (UM) = 3872308kB [ 2809.004047][T23206] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2809.013332][T23206] 15758 total pagecache pages [ 2809.017998][T23206] 0 pages in swap cache [ 2809.022143][T23206] Swap cache stats: add 0, delete 0, find 0/0 [ 2809.028193][T23206] Free swap = 0kB [ 2809.031926][T23206] Total swap = 0kB [ 2809.035628][T23206] 2097051 pages RAM [ 2809.039426][T23206] 0 pages HighMem/MovableOnly [ 2809.044085][T23206] 75959 pages reserved 22:09:52 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55250342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:09:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r4, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) close_range(r3, r4, 0x0) 22:09:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 32) 22:09:52 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:52 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0xff0f) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:09:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) (fail_nth: 1) [ 2811.337024][T23318] FAULT_INJECTION: forcing a failure. [ 2811.337024][T23318] name failslab, interval 1, probability 0, space 0, times 0 [ 2811.349687][T23318] CPU: 1 PID: 23318 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2811.358504][T23318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2811.358519][T23318] Call Trace: [ 2811.358526][T23318] [ 2811.358533][T23318] dump_stack_lvl+0xd6/0x122 [ 2811.379383][T23318] dump_stack+0x11/0x1b 22:09:52 executing program 1: sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) prlimit64(r3, 0x1, &(0x7f0000000240)={0x3, 0x10001}, 0x0) pipe(&(0x7f0000000040)) [ 2811.383536][T23318] should_fail+0x23c/0x250 [ 2811.388021][T23318] ? io_wq_create+0x7b/0x6f0 [ 2811.392681][T23318] __should_failslab+0x81/0x90 [ 2811.397521][T23318] should_failslab+0x5/0x20 [ 2811.402064][T23318] __kmalloc+0x6f/0x370 [ 2811.406307][T23318] io_wq_create+0x7b/0x6f0 [ 2811.410737][T23318] ? preempt_count_add+0x4e/0x90 [ 2811.415681][T23318] ? _raw_spin_lock_irqsave+0x4c/0xa0 [ 2811.421215][T23318] ? _raw_spin_unlock_irqrestore+0x3d/0x60 [ 2811.427018][T23318] io_uring_alloc_task_context+0x19d/0x2d0 [ 2811.432829][T23318] ? io_wq_free_work+0xd0/0xd0 22:09:52 executing program 1: sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4) (async, rerun: 32) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 32) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) (async) prlimit64(r3, 0x1, &(0x7f0000000240)={0x3, 0x10001}, 0x0) (async) pipe(&(0x7f0000000040)) [ 2811.437592][T23318] ? tctx_task_work+0x410/0x410 [ 2811.442468][T23318] io_uring_add_tctx_node+0x96/0x2c0 [ 2811.447803][T23318] io_uring_create+0x5cd/0x754 [ 2811.452570][T23318] __x64_sys_io_uring_setup+0x118/0x130 [ 2811.458123][T23318] do_syscall_64+0x44/0xd0 [ 2811.462562][T23318] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2811.468455][T23318] RIP: 0033:0x7f381a103e99 22:09:52 executing program 1: sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)=0x0) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xc01}}, './file0\x00'}) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, r3, 0x0, r4, 0x2) (async) prlimit64(r3, 0x1, &(0x7f0000000240)={0x3, 0x10001}, 0x0) pipe(&(0x7f0000000040)) [ 2811.472993][T23318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2811.492595][T23318] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2811.501084][T23318] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2811.509116][T23318] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2811.517102][T23318] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2811.525098][T23318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2811.533087][T23318] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2811.541063][T23318] [ 2811.560447][T23368] FAULT_INJECTION: forcing a failure. [ 2811.560447][T23368] name failslab, interval 1, probability 0, space 0, times 0 [ 2811.573241][T23368] CPU: 0 PID: 23368 Comm: syz-executor.0 Not tainted 5.16.0-rc7-syzkaller #0 [ 2811.582082][T23368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2811.592134][T23368] Call Trace: [ 2811.595408][T23368] [ 2811.598338][T23368] dump_stack_lvl+0xd6/0x122 [ 2811.602935][T23368] dump_stack+0x11/0x1b [ 2811.607111][T23368] should_fail+0x23c/0x250 [ 2811.611537][T23368] __should_failslab+0x81/0x90 [ 2811.616326][T23368] should_failslab+0x5/0x20 [ 2811.620855][T23368] kmem_cache_alloc_node_trace+0x61/0x310 [ 2811.626584][T23368] ? __splice_from_pipe+0x4b9/0x500 [ 2811.631841][T23368] ? create_io_worker+0x69/0x340 22:09:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0x2}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) [ 2811.636793][T23368] create_io_worker+0x69/0x340 [ 2811.641889][T23368] io_wqe_enqueue+0x604/0x740 [ 2811.646749][T23368] io_wq_enqueue+0x31/0x40 [ 2811.651210][T23368] io_queue_async_work+0x202/0x430 [ 2811.656329][T23368] __io_queue_sqe+0x2f7/0x440 [ 2811.661097][T23368] ? io_req_task_submit+0x83/0xd0 [ 2811.666131][T23368] io_req_task_submit+0x8b/0xd0 [ 2811.671021][T23368] tctx_task_work+0x25a/0x410 [ 2811.675755][T23368] task_work_run+0x8e/0x110 [ 2811.680260][T23368] exit_to_user_mode_prepare+0x102/0x190 [ 2811.685952][T23368] syscall_exit_to_user_mode+0x20/0x40 [ 2811.691416][T23368] do_syscall_64+0x50/0xd0 [ 2811.695913][T23368] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2811.701868][T23368] RIP: 0033:0x7f631f743e99 [ 2811.706284][T23368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2811.725891][T23368] RSP: 002b:00007f631e8ba168 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 22:09:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 33) [ 2811.734659][T23368] RAX: fffffffffffffe00 RBX: 00007f631f856f60 RCX: 00007f631f743e99 [ 2811.742629][T23368] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 2811.750596][T23368] RBP: 00007f631e8ba1d0 R08: 000000000004ffe0 R09: 0000000000000000 [ 2811.758568][T23368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2811.766611][T23368] R13: 00007ffc17fdf95f R14: 00007f631e8ba300 R15: 0000000000022000 [ 2811.774582][T23368] 22:09:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0x2}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0x2}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) [ 2811.838570][T23391] FAULT_INJECTION: forcing a failure. [ 2811.838570][T23391] name failslab, interval 1, probability 0, space 0, times 0 [ 2811.851357][T23391] CPU: 1 PID: 23391 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2811.860128][T23391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2811.870177][T23391] Call Trace: [ 2811.873519][T23391] [ 2811.876445][T23391] dump_stack_lvl+0xd6/0x122 [ 2811.881116][T23391] dump_stack+0x11/0x1b [ 2811.885270][T23391] should_fail+0x23c/0x250 [ 2811.889687][T23391] ? io_wq_create+0x7b/0x6f0 [ 2811.894284][T23391] __should_failslab+0x81/0x90 [ 2811.899055][T23391] should_failslab+0x5/0x20 [ 2811.903749][T23391] __kmalloc+0x6f/0x370 [ 2811.907991][T23391] io_wq_create+0x7b/0x6f0 [ 2811.912407][T23391] ? preempt_count_add+0x4e/0x90 [ 2811.917355][T23391] ? _raw_spin_lock_irqsave+0x4c/0xa0 [ 2811.922731][T23391] ? _raw_spin_unlock_irqrestore+0x3d/0x60 [ 2811.928546][T23391] io_uring_alloc_task_context+0x19d/0x2d0 [ 2811.934353][T23391] ? io_wq_free_work+0xd0/0xd0 [ 2811.939136][T23391] ? tctx_task_work+0x410/0x410 [ 2811.943982][T23391] io_uring_add_tctx_node+0x96/0x2c0 [ 2811.949307][T23391] io_uring_create+0x5cd/0x754 [ 2811.954057][T23391] __x64_sys_io_uring_setup+0x118/0x130 [ 2811.959644][T23391] do_syscall_64+0x44/0xd0 [ 2811.964052][T23391] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2811.969998][T23391] RIP: 0033:0x7f381a103e99 [ 2811.974450][T23391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2811.994033][T23391] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2812.002430][T23391] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2812.010378][T23391] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2812.018344][T23391] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2812.026374][T23391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2812.034323][T23391] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2812.042283][T23391] 22:10:00 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050542ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:10:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0x2}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:10:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 34) 22:10:00 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x16) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:10:00 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x32baa) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2819.560099][T23398] FAULT_INJECTION: forcing a failure. [ 2819.560099][T23398] name failslab, interval 1, probability 0, space 0, times 0 [ 2819.572942][T23398] CPU: 1 PID: 23398 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2819.581777][T23398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2819.591862][T23398] Call Trace: [ 2819.595130][T23398] [ 2819.598056][T23398] dump_stack_lvl+0xd6/0x122 [ 2819.602647][T23398] dump_stack+0x11/0x1b [ 2819.606883][T23398] should_fail+0x23c/0x250 [ 2819.611423][T23398] __should_failslab+0x81/0x90 [ 2819.616211][T23398] should_failslab+0x5/0x20 [ 2819.620719][T23398] kmem_cache_alloc_node_trace+0x61/0x310 [ 2819.626446][T23398] ? __cpuhp_state_add_instance_cpuslocked+0x1dc/0x330 [ 2819.633363][T23398] ? __cpuhp_state_add_instance+0x87/0x170 [ 2819.639178][T23398] ? io_wq_create+0x217/0x6f0 [ 2819.643886][T23398] io_wq_create+0x217/0x6f0 [ 2819.648471][T23398] ? _raw_spin_unlock_irqrestore+0x3d/0x60 [ 2819.654288][T23398] io_uring_alloc_task_context+0x19d/0x2d0 [ 2819.660168][T23398] ? io_wq_free_work+0xd0/0xd0 [ 2819.664931][T23398] ? tctx_task_work+0x410/0x410 [ 2819.669795][T23398] io_uring_add_tctx_node+0x96/0x2c0 [ 2819.675212][T23398] io_uring_create+0x5cd/0x754 [ 2819.679980][T23398] __x64_sys_io_uring_setup+0x118/0x130 [ 2819.685545][T23398] do_syscall_64+0x44/0xd0 [ 2819.689979][T23398] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2819.695896][T23398] RIP: 0033:0x7f381a103e99 [ 2819.700389][T23398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2819.719990][T23398] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2819.728417][T23398] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2819.736421][T23398] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2819.744389][T23398] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2819.752412][T23398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 22:10:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0xc}, 0x0) r0 = syz_io_uring_setup(0x4000187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) getpgrp(0xffffffffffffffff) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000003040)=[{{0x0, 0xfffffffffffffe9d, 0x0}}, {{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e23}, 0x55, &(0x7f0000001a80), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="00000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000100000002000000721a017e1b2671285120a55b34a9fce4bcb8ad14d0ab3bbd4c7ff1f94e3926bcdfb8a5b307d19c8c15d8298fc1a5907bd56c0bded5c982219ac943f57ebe8c281d1307bcb7c925fcbbfe803c86c4110668b49bfa377526576a26cb1ac7e714c8d51e86a2096d5fdcdaa9d48bd8f56f6a53efed5fecac6efe1870dddb468696074e52dc8301d2e11bf7fbb931dde7026af5d3ea7e24c1305f9615050970b135199abd66b7", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000000000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r3, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRES32=r4, @ANYRES32=r0, @ANYRES32=r3], 0x0, 0x20008040}}], 0x1, 0x10) getpid() syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_POLL_ADD={0x6, 0x5, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x2080}, 0x1}, 0xfffffffd) syz_io_uring_submit(0x0, r8, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x5) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) mmap$IORING_OFF_SQES(&(0x7f00006d5000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r0, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:10:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0xc}, 0x0) r0 = syz_io_uring_setup(0x4000187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) getpgrp(0xffffffffffffffff) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000003040)=[{{0x0, 0xfffffffffffffe9d, 0x0}}, {{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e23}, 0x55, &(0x7f0000001a80), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="00000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000100000002000000721a017e1b2671285120a55b34a9fce4bcb8ad14d0ab3bbd4c7ff1f94e3926bcdfb8a5b307d19c8c15d8298fc1a5907bd56c0bded5c982219ac943f57ebe8c281d1307bcb7c925fcbbfe803c86c4110668b49bfa377526576a26cb1ac7e714c8d51e86a2096d5fdcdaa9d48bd8f56f6a53efed5fecac6efe1870dddb468696074e52dc8301d2e11bf7fbb931dde7026af5d3ea7e24c1305f9615050970b135199abd66b7", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000000000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r3, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRES32=r4, @ANYRES32=r0, @ANYRES32=r3], 0x0, 0x20008040}}], 0x1, 0x10) (async) getpid() syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_POLL_ADD={0x6, 0x5, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x2080}, 0x1}, 0xfffffffd) (async) syz_io_uring_submit(0x0, r8, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x5) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) mmap$IORING_OFF_SQES(&(0x7f00006d5000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r0, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:10:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0xc}, 0x0) (async) r0 = syz_io_uring_setup(0x4000187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) getpgrp(0xffffffffffffffff) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000003040)=[{{0x0, 0xfffffffffffffe9d, 0x0}}, {{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e23}, 0x55, &(0x7f0000001a80), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="00000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000100000002000000721a017e1b2671285120a55b34a9fce4bcb8ad14d0ab3bbd4c7ff1f94e3926bcdfb8a5b307d19c8c15d8298fc1a5907bd56c0bded5c982219ac943f57ebe8c281d1307bcb7c925fcbbfe803c86c4110668b49bfa377526576a26cb1ac7e714c8d51e86a2096d5fdcdaa9d48bd8f56f6a53efed5fecac6efe1870dddb468696074e52dc8301d2e11bf7fbb931dde7026af5d3ea7e24c1305f9615050970b135199abd66b7", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000000000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r3, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRES32=r4, @ANYRES32=r0, @ANYRES32=r3], 0x0, 0x20008040}}], 0x1, 0x10) getpid() (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_POLL_ADD={0x6, 0x5, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, {0x2080}, 0x1}, 0xfffffffd) (async) syz_io_uring_submit(0x0, r8, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x5) (async, rerun: 32) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r4}, 0x0) (async, rerun: 32) mmap$IORING_OFF_SQES(&(0x7f00006d5000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r0, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:10:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x5, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x2, 0x7ff}, &(0x7f0000000180)) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd=r0}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:10:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x5, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x2, 0x7ff}, &(0x7f0000000180)) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd=r0}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x5, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x2, 0x7ff}, &(0x7f0000000180)) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd=r0}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:10:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x5, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) prlimit64(0x0, 0x5, &(0x7f0000000080)={0x2, 0x7ff}, &(0x7f0000000180)) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd=r0}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) [ 2819.760390][T23398] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2819.768362][T23398] [ 2825.068730][T23409] warn_alloc: 1 callbacks suppressed [ 2825.068741][T23409] syz-executor.2: vmalloc error: size 314068992, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2825.090879][T23409] CPU: 1 PID: 23409 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2825.099636][T23409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2825.109751][T23409] Call Trace: [ 2825.113008][T23409] [ 2825.115917][T23409] dump_stack_lvl+0xd6/0x122 [ 2825.120565][T23409] dump_stack+0x11/0x1b [ 2825.124710][T23409] warn_alloc+0x132/0x190 [ 2825.129025][T23409] ? alloc_page_interleave+0x104/0x120 [ 2825.134469][T23409] __vmalloc_node_range+0x58b/0x690 [ 2825.139690][T23409] ? xt_alloc_table_info+0x39/0x70 [ 2825.144779][T23409] __vmalloc_node+0x61/0x70 [ 2825.149261][T23409] ? xt_alloc_table_info+0x39/0x70 [ 2825.154412][T23409] kvmalloc_node+0xd2/0x110 [ 2825.158897][T23409] xt_alloc_table_info+0x39/0x70 [ 2825.163910][T23409] do_ipt_set_ctl+0x649/0x1710 [ 2825.168665][T23409] ? rmqueue_pcplist+0x157/0x1f0 [ 2825.173583][T23409] ? rmqueue+0x4a/0xd20 [ 2825.177725][T23409] ? __rcu_read_unlock+0x5c/0x290 [ 2825.182725][T23409] nf_setsockopt+0x1a6/0x1c0 [ 2825.187307][T23409] ip_setsockopt+0x2815/0x2c80 [ 2825.192066][T23409] ? _raw_spin_unlock+0x2e/0x50 [ 2825.196907][T23409] ? finish_task_switch+0xd0/0x280 [ 2825.202037][T23409] ? __schedule+0x44a/0x6a0 [ 2825.206524][T23409] ? __rcu_read_unlock+0x5c/0x290 [ 2825.211527][T23409] ? schedule+0x8b/0xb0 [ 2825.215668][T23409] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2825.221045][T23409] ? avc_has_perm+0x70/0x160 [ 2825.225695][T23409] ? avc_has_perm+0xd5/0x160 [ 2825.230359][T23409] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2825.237066][T23409] ? selinux_socket_setsockopt+0x145/0x170 [ 2825.242911][T23409] udp_setsockopt+0x83/0x90 [ 2825.247407][T23409] sock_common_setsockopt+0x5d/0x70 [ 2825.252763][T23409] ? sock_common_recvmsg+0xe0/0xe0 [ 2825.257873][T23409] __sys_setsockopt+0x209/0x2a0 [ 2825.262778][T23409] __x64_sys_setsockopt+0x62/0x70 [ 2825.267786][T23409] do_syscall_64+0x44/0xd0 [ 2825.272323][T23409] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2825.278216][T23409] RIP: 0033:0x7ff9d4f80e99 [ 2825.282612][T23409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2825.302241][T23409] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2825.310664][T23409] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2825.318621][T23409] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2825.326577][T23409] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2825.334684][T23409] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2825.342643][T23409] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2825.350614][T23409] [ 2825.353699][T23409] Mem-Info: [ 2825.356798][T23409] active_anon:305 inactive_anon:98630 isolated_anon:0 [ 2825.356798][T23409] active_file:4221 inactive_file:62948 isolated_file:0 [ 2825.356798][T23409] unevictable:0 dirty:0 writeback:0 [ 2825.356798][T23409] slab_reclaimable:5658 slab_unreclaimable:16122 [ 2825.356798][T23409] mapped:27489 shmem:580 pagetables:1188 bounce:0 [ 2825.356798][T23409] kernel_misc_reclaimable:0 [ 2825.356798][T23409] free:1716674 free_pcp:3398 free_cma:0 [ 2825.397981][T23409] Node 0 active_anon:1220kB inactive_anon:394520kB active_file:16884kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2320kB writeback_tmp:0kB kernel_stack:3936kB pagetables:4752kB all_unreclaimable? no [ 2825.424332][T23409] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2825.451102][T23409] lowmem_reserve[]: 0 2896 7874 7874 [ 2825.456646][T23409] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2825.485251][T23409] lowmem_reserve[]: 0 0 4978 4978 [ 2825.490337][T23409] Node 0 Normal free:3885620kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1220kB inactive_anon:394520kB active_file:16884kB inactive_file:251792kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:8548kB local_pcp:6000kB free_cma:0kB [ 2825.520604][T23409] lowmem_reserve[]: 0 0 0 0 [ 2825.525112][T23409] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2825.537720][T23409] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2825.553742][T23409] Node 0 Normal: 167*4kB (ME) 37*8kB (ME) 9*16kB (E) 69*32kB (ME) 43*64kB (UME) 35*128kB (UME) 29*256kB (UME) 70*512kB (UME) 196*1024kB (UME) 53*2048kB (UME) 860*4096kB (UM) = 3885620kB [ 2825.572153][T23409] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2825.581453][T23409] 11672 total pagecache pages [ 2825.586148][T23409] 0 pages in swap cache [ 2825.590297][T23409] Swap cache stats: add 0, delete 0, find 0/0 [ 2825.596349][T23409] Free swap = 0kB [ 2825.600092][T23409] Total swap = 0kB [ 2825.603795][T23409] 2097051 pages RAM [ 2825.607589][T23409] 0 pages HighMem/MovableOnly [ 2825.612275][T23409] 75959 pages reserved 22:10:08 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:10:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 35) 22:10:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f0000000180)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:10:08 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x40000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0xffffffffffffffff, 0x0) 22:10:08 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2827.985751][T23470] FAULT_INJECTION: forcing a failure. [ 2827.985751][T23470] name failslab, interval 1, probability 0, space 0, times 0 [ 2827.998448][T23470] CPU: 0 PID: 23470 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2828.007218][T23470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2828.017268][T23470] Call Trace: [ 2828.020541][T23470] [ 2828.023481][T23470] dump_stack_lvl+0xd6/0x122 [ 2828.028135][T23470] dump_stack+0x11/0x1b [ 2828.032433][T23470] should_fail+0x23c/0x250 [ 2828.036904][T23470] ? io_uring_add_tctx_node+0x19f/0x2c0 [ 2828.042457][T23470] __should_failslab+0x81/0x90 [ 2828.047228][T23470] should_failslab+0x5/0x20 [ 2828.051763][T23470] kmem_cache_alloc_trace+0x52/0x350 [ 2828.057109][T23470] ? xa_load+0x259/0x270 [ 2828.061360][T23470] io_uring_add_tctx_node+0x19f/0x2c0 [ 2828.066816][T23470] io_uring_create+0x5cd/0x754 [ 2828.071580][T23470] __x64_sys_io_uring_setup+0x118/0x130 [ 2828.077138][T23470] do_syscall_64+0x44/0xd0 22:10:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f0000000180)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f0000000180)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000080)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:10:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0xf) [ 2828.081816][T23470] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2828.087882][T23470] RIP: 0033:0x7f381a103e99 [ 2828.092299][T23470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2828.111923][T23470] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2828.120340][T23470] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2828.128348][T23470] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 22:10:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 36) 22:10:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x7c) [ 2828.136443][T23470] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2828.144427][T23470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2828.152408][T23470] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2828.160397][T23470] 22:10:09 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f0000000180)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f0000000180)={0x0, 0x0, 0x1}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000080)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) [ 2828.232856][T23495] FAULT_INJECTION: forcing a failure. [ 2828.232856][T23495] name failslab, interval 1, probability 0, space 0, times 0 [ 2828.245643][T23495] CPU: 1 PID: 23495 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2828.254409][T23495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2828.264461][T23495] Call Trace: [ 2828.267750][T23495] [ 2828.270686][T23495] dump_stack_lvl+0xd6/0x122 [ 2828.275282][T23495] dump_stack+0x11/0x1b [ 2828.279479][T23495] should_fail+0x23c/0x250 [ 2828.284012][T23495] ? xas_create+0x94b/0xb10 [ 2828.288660][T23495] __should_failslab+0x81/0x90 [ 2828.293424][T23495] should_failslab+0x5/0x20 [ 2828.297970][T23495] kmem_cache_alloc+0x4f/0x320 [ 2828.302996][T23495] ? xas_create+0x94b/0xb10 [ 2828.307643][T23495] xas_create+0x94b/0xb10 [ 2828.311978][T23495] xas_store+0x70/0xca0 [ 2828.316177][T23495] ? io_wq_create+0x217/0x6f0 [ 2828.320881][T23495] ? io_wq_create+0x4f8/0x6f0 [ 2828.325558][T23495] __xa_store+0xdb/0x300 [ 2828.329866][T23495] xa_store+0x30/0x50 [ 2828.333850][T23495] io_uring_add_tctx_node+0x1d4/0x2c0 [ 2828.339224][T23495] io_uring_create+0x5cd/0x754 [ 2828.343990][T23495] __x64_sys_io_uring_setup+0x118/0x130 [ 2828.349546][T23495] do_syscall_64+0x44/0xd0 [ 2828.354069][T23495] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2828.360280][T23495] RIP: 0033:0x7f381a103e99 [ 2828.364759][T23495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2828.384377][T23495] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2828.392825][T23495] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2828.400802][T23495] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2828.408855][T23495] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2828.416823][T23495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2828.424802][T23495] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:10:09 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x184, &(0x7f00000002c0)={0x0, 0xb592, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_setup(0x1c7e, &(0x7f0000000180)={0x0, 0x75c3, 0x1, 0x2, 0x2f8, 0x0, r0}, &(0x7f0000633000/0x3000)=nil, &(0x7f0000633000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000200)) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000240), 0x12100) syz_io_uring_submit(r3, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd=r4, 0x20, 0x0, 0xee, 0x3}, 0xfffffff8) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) [ 2828.432776][T23495] 22:10:14 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x11}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:10:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0xf00) 22:10:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x184, &(0x7f00000002c0)={0x0, 0xb592, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_setup(0x1c7e, &(0x7f0000000180)={0x0, 0x75c3, 0x1, 0x2, 0x2f8, 0x0, r0}, &(0x7f0000633000/0x3000)=nil, &(0x7f0000633000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000200)) (async) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000240), 0x12100) syz_io_uring_submit(r3, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd=r4, 0x20, 0x0, 0xee, 0x3}, 0xfffffff8) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:10:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 37) 22:10:14 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:14 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x65754) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2833.441255][T23529] FAULT_INJECTION: forcing a failure. [ 2833.441255][T23529] name failslab, interval 1, probability 0, space 0, times 0 [ 2833.453903][T23529] CPU: 0 PID: 23529 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2833.462753][T23529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2833.472850][T23529] Call Trace: [ 2833.476155][T23529] [ 2833.479086][T23529] dump_stack_lvl+0xd6/0x122 [ 2833.483698][T23529] dump_stack+0x11/0x1b [ 2833.487887][T23529] should_fail+0x23c/0x250 [ 2833.492377][T23529] ? xas_create+0x94b/0xb10 [ 2833.496949][T23529] __should_failslab+0x81/0x90 [ 2833.501715][T23529] should_failslab+0x5/0x20 [ 2833.506229][T23529] kmem_cache_alloc+0x4f/0x320 [ 2833.511088][T23529] ? xas_create+0x94b/0xb10 [ 2833.515676][T23529] xas_create+0x94b/0xb10 [ 2833.520013][T23529] xas_store+0x70/0xca0 [ 2833.524263][T23529] ? io_wq_create+0x217/0x6f0 [ 2833.528945][T23529] ? io_wq_create+0x4f8/0x6f0 [ 2833.533630][T23529] __xa_store+0xdb/0x300 [ 2833.537949][T23529] xa_store+0x30/0x50 [ 2833.541931][T23529] io_uring_add_tctx_node+0x1d4/0x2c0 [ 2833.547380][T23529] io_uring_create+0x5cd/0x754 [ 2833.552153][T23529] __x64_sys_io_uring_setup+0x118/0x130 [ 2833.557760][T23529] do_syscall_64+0x44/0xd0 [ 2833.562183][T23529] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2833.568139][T23529] RIP: 0033:0x7f381a103e99 [ 2833.572553][T23529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2833.592194][T23529] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2833.600678][T23529] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2833.608759][T23529] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2833.616821][T23529] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2833.624796][T23529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2833.632766][T23529] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:10:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 64) r0 = syz_io_uring_setup(0x184, &(0x7f00000002c0)={0x0, 0xb592, 0x2}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (rerun: 64) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_setup(0x1c7e, &(0x7f0000000180)={0x0, 0x75c3, 0x1, 0x2, 0x2f8, 0x0, r0}, &(0x7f0000633000/0x3000)=nil, &(0x7f0000633000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000200)) (async, rerun: 32) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000240), 0x12100) (rerun: 32) syz_io_uring_submit(r3, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd=r4, 0x20, 0x0, 0xee, 0x3}, 0xfffffff8) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:10:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x7c00) 22:10:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0xf000000) 22:10:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x7c000000) 22:10:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 38) [ 2833.640748][T23529] [ 2833.688370][T23587] FAULT_INJECTION: forcing a failure. [ 2833.688370][T23587] name failslab, interval 1, probability 0, space 0, times 0 [ 2833.701033][T23587] CPU: 0 PID: 23587 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2833.709812][T23587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2833.719972][T23587] Call Trace: [ 2833.723255][T23587] [ 2833.726183][T23587] dump_stack_lvl+0xd6/0x122 [ 2833.730782][T23587] dump_stack+0x11/0x1b [ 2833.734938][T23587] should_fail+0x23c/0x250 [ 2833.739367][T23587] ? xas_create+0x94b/0xb10 [ 2833.743928][T23587] __should_failslab+0x81/0x90 [ 2833.748778][T23587] should_failslab+0x5/0x20 [ 2833.753344][T23587] kmem_cache_alloc+0x4f/0x320 [ 2833.758113][T23587] ? xas_create+0x94b/0xb10 [ 2833.762635][T23587] xas_create+0x94b/0xb10 [ 2833.767121][T23587] xas_store+0x70/0xca0 [ 2833.771291][T23587] ? io_wq_create+0x217/0x6f0 [ 2833.776235][T23587] ? io_wq_create+0x4f8/0x6f0 [ 2833.780947][T23587] __xa_store+0xdb/0x300 [ 2833.785208][T23587] xa_store+0x30/0x50 [ 2833.789202][T23587] io_uring_add_tctx_node+0x1d4/0x2c0 [ 2833.794583][T23587] io_uring_create+0x5cd/0x754 [ 2833.799357][T23587] __x64_sys_io_uring_setup+0x118/0x130 [ 2833.804994][T23587] do_syscall_64+0x44/0xd0 [ 2833.809419][T23587] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2833.815328][T23587] RIP: 0033:0x7f381a103e99 [ 2833.819910][T23587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2833.839525][T23587] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2833.848097][T23587] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2833.856085][T23587] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2833.864172][T23587] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2833.872248][T23587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2833.880221][T23587] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:10:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0xf00000000000000) [ 2833.888314][T23587] [ 2839.078683][T23572] warn_alloc: 1 callbacks suppressed [ 2839.078695][T23572] syz-executor.2: vmalloc error: size 314159104, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2839.100697][T23572] CPU: 1 PID: 23572 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2839.109486][T23572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2839.119615][T23572] Call Trace: [ 2839.122886][T23572] [ 2839.125876][T23572] dump_stack_lvl+0xd6/0x122 [ 2839.130452][T23572] dump_stack+0x11/0x1b [ 2839.134605][T23572] warn_alloc+0x132/0x190 [ 2839.139407][T23572] ? alloc_page_interleave+0x104/0x120 [ 2839.145027][T23572] __vmalloc_node_range+0x58b/0x690 [ 2839.150206][T23572] ? xt_alloc_table_info+0x39/0x70 [ 2839.155376][T23572] __vmalloc_node+0x61/0x70 [ 2839.160018][T23572] ? xt_alloc_table_info+0x39/0x70 [ 2839.165178][T23572] kvmalloc_node+0xd2/0x110 [ 2839.169662][T23572] xt_alloc_table_info+0x39/0x70 [ 2839.174581][T23572] do_ipt_set_ctl+0x649/0x1710 [ 2839.179323][T23572] ? rmqueue_pcplist+0x157/0x1f0 [ 2839.184267][T23572] ? rmqueue+0x4a/0xd20 [ 2839.188494][T23572] ? __rcu_read_unlock+0x5c/0x290 [ 2839.193557][T23572] nf_setsockopt+0x1a6/0x1c0 [ 2839.198285][T23572] ip_setsockopt+0x2815/0x2c80 [ 2839.203029][T23572] ? _raw_spin_unlock+0x2e/0x50 [ 2839.207861][T23572] ? finish_task_switch+0xd0/0x280 [ 2839.213077][T23572] ? __schedule+0x44a/0x6a0 [ 2839.217582][T23572] ? __rcu_read_unlock+0x5c/0x290 [ 2839.222686][T23572] ? schedule+0x8b/0xb0 [ 2839.226857][T23572] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2839.232210][T23572] ? avc_has_perm+0x70/0x160 [ 2839.236875][T23572] ? avc_has_perm+0xd5/0x160 [ 2839.241476][T23572] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2839.247793][T23572] ? selinux_socket_setsockopt+0x145/0x170 [ 2839.253634][T23572] udp_setsockopt+0x83/0x90 [ 2839.258349][T23572] sock_common_setsockopt+0x5d/0x70 [ 2839.263533][T23572] ? sock_common_recvmsg+0xe0/0xe0 [ 2839.268631][T23572] __sys_setsockopt+0x209/0x2a0 [ 2839.273479][T23572] __x64_sys_setsockopt+0x62/0x70 [ 2839.278558][T23572] do_syscall_64+0x44/0xd0 [ 2839.283059][T23572] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2839.288994][T23572] RIP: 0033:0x7ff9d4f80e99 [ 2839.293392][T23572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2839.312983][T23572] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2839.321453][T23572] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2839.329404][T23572] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2839.337354][T23572] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2839.345305][T23572] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2839.353258][T23572] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2839.361213][T23572] [ 2839.364482][T23572] Mem-Info: [ 2839.367634][T23572] active_anon:311 inactive_anon:98556 isolated_anon:0 [ 2839.367634][T23572] active_file:4222 inactive_file:62948 isolated_file:0 [ 2839.367634][T23572] unevictable:0 dirty:22 writeback:0 [ 2839.367634][T23572] slab_reclaimable:5681 slab_unreclaimable:16194 [ 2839.367634][T23572] mapped:27489 shmem:586 pagetables:1177 bounce:0 [ 2839.367634][T23572] kernel_misc_reclaimable:0 [ 2839.367634][T23572] free:1716705 free_pcp:3343 free_cma:0 [ 2839.409217][T23572] Node 0 active_anon:1244kB inactive_anon:394224kB active_file:16888kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:88kB writeback:0kB shmem:2344kB writeback_tmp:0kB kernel_stack:3952kB pagetables:4708kB all_unreclaimable? no [ 2839.435634][T23572] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2839.462414][T23572] lowmem_reserve[]: 0 2896 7874 7874 [ 2839.467744][T23572] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2839.496501][T23572] lowmem_reserve[]: 0 0 4978 4978 [ 2839.501567][T23572] Node 0 Normal free:3885744kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1244kB inactive_anon:393992kB active_file:16888kB inactive_file:251792kB unevictable:0kB writepending:88kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:8712kB local_pcp:5624kB free_cma:0kB [ 2839.532004][T23572] lowmem_reserve[]: 0 0 0 0 [ 2839.536512][T23572] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2839.549194][T23572] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2839.565255][T23572] Node 0 Normal: 386*4kB (UME) 235*8kB (UME) 79*16kB (UME) 107*32kB (UME) 24*64kB (UME) 24*128kB (ME) 29*256kB (ME) 60*512kB (UME) 195*1024kB (UME) 53*2048kB (UME) 861*4096kB (UM) = 3885744kB [ 2839.584321][T23572] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2839.593615][T23572] 11679 total pagecache pages [ 2839.598266][T23572] 0 pages in swap cache [ 2839.602416][T23572] Swap cache stats: add 0, delete 0, find 0/0 [ 2839.608580][T23572] Free swap = 0kB [ 2839.612314][T23572] Total swap = 0kB [ 2839.616255][T23572] 2097051 pages RAM [ 2839.620539][T23572] 0 pages HighMem/MovableOnly [ 2839.625204][T23572] 75959 pages reserved 22:10:22 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x29}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:10:22 executing program 1: prlimit64(0x0, 0xd, &(0x7f00000000c0)={0x7, 0x10001}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) prlimit64(0x0, 0x3, &(0x7f0000000080)={0xd5, 0x3e}, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="010c0000000000002e2f66696c653000"]) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, 0x0, 0x0, r4, 0x2) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x2, 0x11, 0x1, 0x7, 0xfffffffffffffff9, 0x100000000, 0xffffffffffffff1f, 0x6, 0x1f}, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r3, 0x10000000) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r6, 0x25, &(0x7f0000000240)={0x0, 0x0, 0x10000, 0x20000000000, 0xffffffffffffffff}) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r7, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) sendmsg$unix(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000340)="1841fa75c9cf91dcb14730d8faf3c901af96f205c7fde75db20343857daf78ab2675d7a4c21b62222ed4aacfe029494fd7dc2d04ffa8232f03784a4ca2960e3864badbc0cd5b7adf317c0dce6e11b0c36ca20620f0759a74e0202620d359de6038d9", 0x62}], 0x1, 0x0, 0x0, 0x4000804}, 0x10) syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x1, 0x0, 0x0, 0x5, 0xb, 0x1, {0x0, 0x0, r6}}, 0x3) 22:10:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 39) 22:10:22 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x100000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x7c00000000000000) 22:10:22 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2841.998487][T23653] FAULT_INJECTION: forcing a failure. [ 2841.998487][T23653] name failslab, interval 1, probability 0, space 0, times 0 [ 2842.011209][T23653] CPU: 1 PID: 23653 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2842.020072][T23653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2842.030242][T23653] Call Trace: [ 2842.033516][T23653] [ 2842.036563][T23653] dump_stack_lvl+0xd6/0x122 [ 2842.041156][T23653] dump_stack+0x11/0x1b [ 2842.045310][T23653] should_fail+0x23c/0x250 [ 2842.049748][T23653] ? xas_create+0x94b/0xb10 [ 2842.054311][T23653] __should_failslab+0x81/0x90 [ 2842.059082][T23653] should_failslab+0x5/0x20 [ 2842.063603][T23653] kmem_cache_alloc+0x4f/0x320 [ 2842.068381][T23653] ? xas_create+0x94b/0xb10 [ 2842.072884][T23653] xas_create+0x94b/0xb10 [ 2842.077219][T23653] xas_store+0x70/0xca0 [ 2842.081382][T23653] ? io_wq_create+0x217/0x6f0 [ 2842.086061][T23653] ? preempt_count_add+0x4e/0x90 [ 2842.091017][T23653] ? _raw_spin_unlock+0x2e/0x50 [ 2842.095934][T23653] __xa_store+0xdb/0x300 [ 2842.100179][T23653] xa_store+0x30/0x50 [ 2842.104173][T23653] io_uring_add_tctx_node+0x1d4/0x2c0 [ 2842.109552][T23653] io_uring_create+0x5cd/0x754 [ 2842.114332][T23653] __x64_sys_io_uring_setup+0x118/0x130 [ 2842.119987][T23653] do_syscall_64+0x44/0xd0 [ 2842.124486][T23653] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2842.130446][T23653] RIP: 0033:0x7f381a103e99 [ 2842.134874][T23653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2842.154565][T23653] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2842.163064][T23653] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2842.171031][T23653] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2842.179038][T23653] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2842.187065][T23653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 22:10:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 40) [ 2842.195051][T23653] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2842.203085][T23653] [ 2842.243973][T23673] FAULT_INJECTION: forcing a failure. [ 2842.243973][T23673] name failslab, interval 1, probability 0, space 0, times 0 [ 2842.256637][T23673] CPU: 0 PID: 23673 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2842.265402][T23673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2842.275462][T23673] Call Trace: [ 2842.278744][T23673] [ 2842.281678][T23673] dump_stack_lvl+0xd6/0x122 [ 2842.286352][T23673] dump_stack+0x11/0x1b [ 2842.290579][T23673] should_fail+0x23c/0x250 [ 2842.294998][T23673] ? xas_create+0x94b/0xb10 [ 2842.299504][T23673] __should_failslab+0x81/0x90 [ 2842.304321][T23673] should_failslab+0x5/0x20 [ 2842.308842][T23673] kmem_cache_alloc+0x4f/0x320 [ 2842.313685][T23673] ? xas_create+0x94b/0xb10 [ 2842.318201][T23673] xas_create+0x94b/0xb10 [ 2842.322537][T23673] xas_store+0x70/0xca0 [ 2842.326745][T23673] ? io_wq_create+0x217/0x6f0 [ 2842.331427][T23673] ? io_wq_create+0x4f8/0x6f0 [ 2842.336149][T23673] __xa_store+0xdb/0x300 [ 2842.340450][T23673] xa_store+0x30/0x50 22:10:23 executing program 1: prlimit64(0x0, 0xd, &(0x7f00000000c0)={0x7, 0x10001}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) prlimit64(0x0, 0x3, &(0x7f0000000080)={0xd5, 0x3e}, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="010c0000000000002e2f66696c653000"]) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, 0x0, 0x0, r4, 0x2) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x2, 0x11, 0x1, 0x7, 0xfffffffffffffff9, 0x100000000, 0xffffffffffffff1f, 0x6, 0x1f}, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r3, 0x10000000) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r6, 0x25, &(0x7f0000000240)={0x0, 0x0, 0x10000, 0x20000000000, 0xffffffffffffffff}) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r7, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) sendmsg$unix(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000340)="1841fa75c9cf91dcb14730d8faf3c901af96f205c7fde75db20343857daf78ab2675d7a4c21b62222ed4aacfe029494fd7dc2d04ffa8232f03784a4ca2960e3864badbc0cd5b7adf317c0dce6e11b0c36ca20620f0759a74e0202620d359de6038d9", 0x62}], 0x1, 0x0, 0x0, 0x4000804}, 0x10) syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x1, 0x0, 0x0, 0x5, 0xb, 0x1, {0x0, 0x0, r6}}, 0x3) prlimit64(0x0, 0xd, &(0x7f00000000c0)={0x7, 0x10001}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) prlimit64(0x0, 0x3, &(0x7f0000000080)={0xd5, 0x3e}, &(0x7f0000000180)) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000", @ANYRES32, @ANYBLOB="010c0000000000002e2f66696c653000"]) (async) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, 0x0, 0x0, r4, 0x2) (async) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x2, 0x11, 0x1, 0x7, 0xfffffffffffffff9, 0x100000000, 0xffffffffffffff1f, 0x6, 0x1f}, 0x0) (async) mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r3, 0x10000000) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r6, 0x25, &(0x7f0000000240)={0x0, 0x0, 0x10000, 0x20000000000, 0xffffffffffffffff}) (async) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) fcntl$lock(r7, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) sendmsg$unix(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000340)="1841fa75c9cf91dcb14730d8faf3c901af96f205c7fde75db20343857daf78ab2675d7a4c21b62222ed4aacfe029494fd7dc2d04ffa8232f03784a4ca2960e3864badbc0cd5b7adf317c0dce6e11b0c36ca20620f0759a74e0202620d359de6038d9", 0x62}], 0x1, 0x0, 0x0, 0x4000804}, 0x10) (async) syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x1, 0x0, 0x0, 0x5, 0xb, 0x1, {0x0, 0x0, r6}}, 0x3) (async) [ 2842.344458][T23673] io_uring_add_tctx_node+0x1d4/0x2c0 [ 2842.349894][T23673] io_uring_create+0x5cd/0x754 [ 2842.354669][T23673] __x64_sys_io_uring_setup+0x118/0x130 [ 2842.360276][T23673] do_syscall_64+0x44/0xd0 [ 2842.364706][T23673] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2842.370610][T23673] RIP: 0033:0x7f381a103e99 [ 2842.375021][T23673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2842.394631][T23673] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2842.403050][T23673] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2842.411021][T23673] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2842.419100][T23673] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2842.427089][T23673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2842.435061][T23673] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:10:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 41) [ 2842.443038][T23673] 22:10:23 executing program 1: prlimit64(0x0, 0xd, &(0x7f00000000c0)={0x7, 0x10001}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 32) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (rerun: 32) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async, rerun: 32) prlimit64(0x0, 0x3, &(0x7f0000000080)={0xd5, 0x3e}, &(0x7f0000000180)) (async, rerun: 32) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) (async, rerun: 64) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="010c0000000000002e2f66696c653000"]) (async, rerun: 64) write$binfmt_elf32(r4, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3f, 0xff, 0x7, 0x80000001, 0x2, 0x6, 0x8001, 0x203, 0x38, 0x191, 0x3, 0x3, 0x20, 0x2, 0x0, 0xb6, 0x3}, [{0x3, 0x100, 0x400, 0x734, 0x15d72fc1, 0x6, 0x3ff, 0x4076}, {0x3, 0x0, 0x9, 0x1, 0x6, 0x101, 0x1ff, 0x80}], "9a2307139ec7f143f80481de83430867145ae5b947036989f1f93c349930bfd44d851791e7d258d435cec0f599688b45aea6e051689d36e6904cc2f9a491d835e754319294b6ffd6077a6ed92ad42989b3bfb1f16d55b1e98e35c2ab13a358c9452972ad68f97ea1972fda3dcb97287a214d974221ac6c73c24469ac76b636d08e8efdab29396e3f3f49c425efca9696699880255934e02be4ffb32935167ff799fb37ab8fff83229f08c19690d2f562b57b308466422724bd53d2fa55dc6b3c4d39f03002cafb0f6199c1deab14a7b828a635c8c305960e6a2fe0bbbb5b4a60baaa401a3205c3e972", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x661) (async, rerun: 64) perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x7f, 0x5, 0x9, 0x0, 0x0, 0xfffffffffffffff7, 0x2e9d4, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x7}, 0x1000, 0x9, 0xf, 0x5, 0xffffffffffffffff, 0x0, 0xddea, 0x0, 0x4, 0x0, 0x6}, 0x0, 0x0, r4, 0x2) (rerun: 64) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x2, 0x11, 0x1, 0x7, 0xfffffffffffffff9, 0x100000000, 0xffffffffffffff1f, 0x6, 0x1f}, 0x0) (async, rerun: 32) r5 = mmap$IORING_OFF_SQES(&(0x7f00006d6000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r3, 0x10000000) (async, rerun: 32) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r6, 0x25, &(0x7f0000000240)={0x0, 0x0, 0x10000, 0x20000000000, 0xffffffffffffffff}) (async) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r7, 0x5, &(0x7f0000000240)={0x0, 0x2, 0xfffffffffffffff8}) (async) sendmsg$unix(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000340)="1841fa75c9cf91dcb14730d8faf3c901af96f205c7fde75db20343857daf78ab2675d7a4c21b62222ed4aacfe029494fd7dc2d04ffa8232f03784a4ca2960e3864badbc0cd5b7adf317c0dce6e11b0c36ca20620f0759a74e0202620d359de6038d9", 0x62}], 0x1, 0x0, 0x0, 0x4000804}, 0x10) (async, rerun: 64) syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd_index=0x1, 0x0, 0x0, 0x5, 0xb, 0x1, {0x0, 0x0, r6}}, 0x3) (rerun: 64) [ 2842.467140][T23685] FAULT_INJECTION: forcing a failure. [ 2842.467140][T23685] name failslab, interval 1, probability 0, space 0, times 0 [ 2842.479907][T23685] CPU: 1 PID: 23685 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2842.488673][T23685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2842.498722][T23685] Call Trace: [ 2842.502059][T23685] [ 2842.505035][T23685] dump_stack_lvl+0xd6/0x122 [ 2842.509681][T23685] dump_stack+0x11/0x1b [ 2842.513938][T23685] should_fail+0x23c/0x250 [ 2842.518434][T23685] ? xas_create+0x94b/0xb10 [ 2842.522944][T23685] __should_failslab+0x81/0x90 [ 2842.527756][T23685] should_failslab+0x5/0x20 [ 2842.532313][T23685] kmem_cache_alloc+0x4f/0x320 [ 2842.537217][T23685] ? xas_create+0x94b/0xb10 [ 2842.541817][T23685] xas_create+0x94b/0xb10 [ 2842.546262][T23685] xas_store+0x70/0xca0 [ 2842.550398][T23685] ? io_wq_create+0x217/0x6f0 [ 2842.555057][T23685] ? io_wq_create+0x4f8/0x6f0 [ 2842.559721][T23685] __xa_store+0xdb/0x300 [ 2842.564010][T23685] xa_store+0x30/0x50 [ 2842.567985][T23685] io_uring_add_tctx_node+0x1d4/0x2c0 [ 2842.573431][T23685] io_uring_create+0x5cd/0x754 [ 2842.578183][T23685] __x64_sys_io_uring_setup+0x118/0x130 [ 2842.583762][T23685] do_syscall_64+0x44/0xd0 [ 2842.588312][T23685] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2842.594404][T23685] RIP: 0033:0x7f381a103e99 [ 2842.599230][T23685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2842.618911][T23685] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2842.627471][T23685] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2842.635507][T23685] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2842.643477][T23685] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2842.651452][T23685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2842.659407][T23685] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:10:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 42) 22:10:23 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}, 0x0) syz_io_uring_submit(r4, r8, &(0x7f0000000080)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x1, 0x0, @fd_index=0x2, 0x3f, 0x0, 0x3, 0x7}, 0x2) [ 2842.667476][T23685] [ 2842.698843][T23719] FAULT_INJECTION: forcing a failure. [ 2842.698843][T23719] name failslab, interval 1, probability 0, space 0, times 0 [ 2842.711559][T23719] CPU: 0 PID: 23719 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2842.720367][T23719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2842.730728][T23719] Call Trace: [ 2842.734007][T23719] [ 2842.736982][T23719] dump_stack_lvl+0xd6/0x122 [ 2842.741908][T23719] dump_stack+0x11/0x1b [ 2842.746051][T23719] should_fail+0x23c/0x250 [ 2842.750463][T23719] ? xas_create+0x94b/0xb10 [ 2842.754951][T23719] __should_failslab+0x81/0x90 [ 2842.759697][T23719] should_failslab+0x5/0x20 [ 2842.764197][T23719] kmem_cache_alloc+0x4f/0x320 [ 2842.769005][T23719] ? xas_create+0x94b/0xb10 [ 2842.773508][T23719] xas_create+0x94b/0xb10 [ 2842.777874][T23719] xas_store+0x70/0xca0 [ 2842.782050][T23719] ? io_wq_create+0x217/0x6f0 [ 2842.786717][T23719] ? io_wq_create+0x4f8/0x6f0 [ 2842.791450][T23719] __xa_store+0xdb/0x300 [ 2842.795745][T23719] xa_store+0x30/0x50 [ 2842.799719][T23719] io_uring_add_tctx_node+0x1d4/0x2c0 [ 2842.805172][T23719] io_uring_create+0x5cd/0x754 [ 2842.809937][T23719] __x64_sys_io_uring_setup+0x118/0x130 [ 2842.815473][T23719] do_syscall_64+0x44/0xd0 [ 2842.819935][T23719] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2842.825892][T23719] RIP: 0033:0x7f381a103e99 [ 2842.830302][T23719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2842.849965][T23719] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2842.858362][T23719] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2842.866340][T23719] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2842.874316][T23719] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2842.882289][T23719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2842.890258][T23719] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 [ 2842.898234][T23719] 22:10:31 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x88}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:10:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}, 0x0) syz_io_uring_submit(r4, r8, &(0x7f0000000080)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x1, 0x0, @fd_index=0x2, 0x3f, 0x0, 0x3, 0x7}, 0x2) 22:10:31 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1f8000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0xffffffff00000000) 22:10:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 43) 22:10:31 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1a) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) [ 2850.199188][T23727] FAULT_INJECTION: forcing a failure. [ 2850.199188][T23727] name failslab, interval 1, probability 0, space 0, times 0 [ 2850.211841][T23727] CPU: 0 PID: 23727 Comm: syz-executor.5 Not tainted 5.16.0-rc7-syzkaller #0 [ 2850.220635][T23727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2850.230687][T23727] Call Trace: [ 2850.233963][T23727] [ 2850.236899][T23727] dump_stack_lvl+0xd6/0x122 [ 2850.241502][T23727] dump_stack+0x11/0x1b [ 2850.245673][T23727] should_fail+0x23c/0x250 [ 2850.250143][T23727] ? xas_create+0x94b/0xb10 [ 2850.254655][T23727] __should_failslab+0x81/0x90 [ 2850.259455][T23727] should_failslab+0x5/0x20 [ 2850.264099][T23727] kmem_cache_alloc+0x4f/0x320 [ 2850.268866][T23727] ? xas_create+0x94b/0xb10 [ 2850.273380][T23727] xas_create+0x94b/0xb10 [ 2850.277782][T23727] xas_store+0x70/0xca0 [ 2850.282036][T23727] ? io_wq_create+0x217/0x6f0 [ 2850.287120][T23727] ? io_wq_create+0x4f8/0x6f0 [ 2850.291902][T23727] __xa_store+0xdb/0x300 [ 2850.296157][T23727] xa_store+0x30/0x50 [ 2850.300147][T23727] io_uring_add_tctx_node+0x1d4/0x2c0 [ 2850.305531][T23727] io_uring_create+0x5cd/0x754 [ 2850.310473][T23727] __x64_sys_io_uring_setup+0x118/0x130 [ 2850.316034][T23727] do_syscall_64+0x44/0xd0 [ 2850.320462][T23727] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2850.326608][T23727] RIP: 0033:0x7f381a103e99 [ 2850.331164][T23727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2850.350770][T23727] RSP: 002b:00007f381927a168 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 2850.359183][T23727] RAX: ffffffffffffffda RBX: 00007f381a216f60 RCX: 00007f381a103e99 [ 2850.367165][T23727] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000005963 [ 2850.375174][T23727] RBP: 00007f381927a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2850.383275][T23727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2850.391247][T23727] R13: 00007ffde74573bf R14: 00007f381927a300 R15: 0000000000022000 22:10:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (fail_nth: 44) 22:10:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}, 0x0) syz_io_uring_submit(r4, r8, &(0x7f0000000080)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x1, 0x0, @fd_index=0x2, 0x3f, 0x0, 0x3, 0x7}, 0x2) [ 2850.399226][T23727] 22:10:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:10:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffb}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) setrlimit(0x1, &(0x7f0000000080)={0xfffffffffffffffa, 0x3}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=0x0) sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x6, 0x4c, 0x1, 0x9, 0xffffffffffffd51c, 0x4, 0x9, 0x7, 0x1000}, 0x0) io_uring_enter(r0, 0x2a72, 0x0, 0x2, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:10:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) 22:10:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffb}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) setrlimit(0x1, &(0x7f0000000080)={0xfffffffffffffffa, 0x3}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=0x0) sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x6, 0x4c, 0x1, 0x9, 0xffffffffffffd51c, 0x4, 0x9, 0x7, 0x1000}, 0x0) io_uring_enter(r0, 0x2a72, 0x0, 0x2, 0x0, 0x0) pipe(&(0x7f0000000040)) [ 2855.748692][T23747] warn_alloc: 1 callbacks suppressed [ 2855.748708][T23747] syz-executor.2: vmalloc error: size 314109952, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2855.770906][T23747] CPU: 0 PID: 23747 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2855.779695][T23747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2855.789829][T23747] Call Trace: [ 2855.793111][T23747] [ 2855.796050][T23747] dump_stack_lvl+0xd6/0x122 [ 2855.800624][T23747] dump_stack+0x11/0x1b [ 2855.804773][T23747] warn_alloc+0x132/0x190 [ 2855.809089][T23747] __vmalloc_node_range+0x58b/0x690 [ 2855.814292][T23747] ? xt_alloc_table_info+0x39/0x70 [ 2855.819466][T23747] __vmalloc_node+0x61/0x70 [ 2855.824091][T23747] ? xt_alloc_table_info+0x39/0x70 [ 2855.829265][T23747] kvmalloc_node+0xd2/0x110 [ 2855.833773][T23747] xt_alloc_table_info+0x39/0x70 [ 2855.838804][T23747] do_ipt_set_ctl+0x649/0x1710 [ 2855.843639][T23747] ? __rcu_read_unlock+0x5c/0x290 [ 2855.848664][T23747] nf_setsockopt+0x1a6/0x1c0 [ 2855.853279][T23747] ip_setsockopt+0x2815/0x2c80 [ 2855.858025][T23747] ? enqueue_entity+0x4bf/0x6c0 [ 2855.863066][T23747] ? reweight_entity+0x22/0xf0 [ 2855.867926][T23747] ? enqueue_task_fair+0x443/0x520 [ 2855.873112][T23747] ? __rcu_read_unlock+0x5c/0x290 [ 2855.878376][T23747] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2855.883837][T23747] ? avc_has_perm+0x70/0x160 [ 2855.888417][T23747] ? avc_has_perm+0xd5/0x160 [ 2855.893005][T23747] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2855.899494][T23747] ? selinux_socket_setsockopt+0x145/0x170 [ 2855.905359][T23747] udp_setsockopt+0x83/0x90 [ 2855.909911][T23747] sock_common_setsockopt+0x5d/0x70 [ 2855.915125][T23747] ? sock_common_recvmsg+0xe0/0xe0 [ 2855.920232][T23747] __sys_setsockopt+0x209/0x2a0 [ 2855.925190][T23747] __x64_sys_setsockopt+0x62/0x70 [ 2855.930221][T23747] do_syscall_64+0x44/0xd0 [ 2855.934623][T23747] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2855.940571][T23747] RIP: 0033:0x7ff9d4f80e99 [ 2855.945041][T23747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2855.964634][T23747] RSP: 002b:00007ff9d40d6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2855.973028][T23747] RAX: ffffffffffffffda RBX: 00007ff9d5094030 RCX: 00007ff9d4f80e99 [ 2855.980979][T23747] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2855.989595][T23747] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2855.997606][T23747] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2856.005596][T23747] R13: 00007fffaa92d4ef R14: 00007ff9d40d6300 R15: 0000000000022000 [ 2856.013640][T23747] [ 2856.016736][T23747] Mem-Info: [ 2856.019858][T23747] active_anon:318 inactive_anon:98634 isolated_anon:0 [ 2856.019858][T23747] active_file:4227 inactive_file:62949 isolated_file:0 [ 2856.019858][T23747] unevictable:0 dirty:0 writeback:0 [ 2856.019858][T23747] slab_reclaimable:5683 slab_unreclaimable:16095 [ 2856.019858][T23747] mapped:27489 shmem:593 pagetables:1188 bounce:0 [ 2856.019858][T23747] kernel_misc_reclaimable:0 [ 2856.019858][T23747] free:1717099 free_pcp:2935 free_cma:0 [ 2856.061078][T23747] Node 0 active_anon:1272kB inactive_anon:394536kB active_file:16908kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2372kB writeback_tmp:0kB kernel_stack:3968kB pagetables:4752kB all_unreclaimable? no [ 2856.087416][T23747] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2856.114321][T23747] lowmem_reserve[]: 0 2896 7874 7874 [ 2856.119698][T23747] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2856.148628][T23747] lowmem_reserve[]: 0 0 4978 4978 [ 2856.153668][T23747] Node 0 Normal free:3887320kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1272kB inactive_anon:394536kB active_file:16908kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:6696kB local_pcp:3332kB free_cma:0kB [ 2856.183905][T23747] lowmem_reserve[]: 0 0 0 0 [ 2856.188500][T23747] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2856.201188][T23747] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2856.217497][T23747] Node 0 Normal: 576*4kB (UME) 411*8kB (UME) 208*16kB (UME) 76*32kB (UME) 34*64kB (UME) 10*128kB (UME) 11*256kB (UME) 68*512kB (UME) 195*1024kB (UME) 53*2048kB (UME) 861*4096kB (UM) = 3887320kB [ 2856.236784][T23747] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2856.246102][T23747] 11690 total pagecache pages [ 2856.250863][T23747] 0 pages in swap cache [ 2856.255012][T23747] Swap cache stats: add 0, delete 0, find 0/0 [ 2856.261238][T23747] Free swap = 0kB [ 2856.264945][T23747] Total swap = 0kB [ 2856.268700][T23747] 2097051 pages RAM [ 2856.272496][T23747] 0 pages HighMem/MovableOnly [ 2856.277156][T23747] 75959 pages reserved 22:10:39 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:10:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x2, 0x2}) 22:10:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffb}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) setrlimit(0x1, &(0x7f0000000080)={0xfffffffffffffffa, 0x3}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=0x0) sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x6, 0x4c, 0x1, 0x9, 0xffffffffffffd51c, 0x4, 0x9, 0x7, 0x1000}, 0x0) io_uring_enter(r0, 0x2a72, 0x0, 0x2, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffb}, &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) setrlimit(0x1, &(0x7f0000000080)={0xfffffffffffffffa, 0x3}) (async) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) (async) sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x6, 0x4c, 0x1, 0x9, 0xffffffffffffd51c, 0x4, 0x9, 0x7, 0x1000}, 0x0) (async) io_uring_enter(r0, 0x2a72, 0x0, 0x2, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:10:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0xffffffffffffffff) 22:10:39 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1b) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:39 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x200000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x3, 0x2}) 22:10:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7f}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:10:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x4, 0x2}) 22:10:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7f}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:10:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x3, 0x6c, 0xffff4988, 0x1, 0x401, 0x20, 0x2, 0x3, 0x1f}, 0x0) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0xf762, 0x3, &(0x7f0000000080)="9490aaae829310ff", 0x4, 0x0, 0x0, {0x3, r4}}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7c92, &(0x7f00000001c0)={0x0, 0xd531, 0x2, 0x2, 0x86}, &(0x7f0000635000/0x2000)=nil, &(0x7f0000634000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280)) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r7 = socket(0x10, 0x3, 0x0) splice(r6, 0x0, r7, 0x0, 0x4ffe0, 0x0) 22:10:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7f}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:10:47 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x0, 0x11}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:10:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x7, 0x2}) 22:10:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x401) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)) 22:10:47 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x801f00) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r3 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x3, 0x6c, 0xffff4988, 0x1, 0x401, 0x20, 0x2, 0x3, 0x1f}, 0x0) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0xf762, 0x3, &(0x7f0000000080)="9490aaae829310ff", 0x4, 0x0, 0x0, {0x3, r4}}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x7c92, &(0x7f00000001c0)={0x0, 0xd531, 0x2, 0x2, 0x86}, &(0x7f0000635000/0x2000)=nil, &(0x7f0000634000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280)) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r7 = socket(0x10, 0x3, 0x0) splice(r6, 0x0, r7, 0x0, 0x4ffe0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) io_uring_setup(0x3b81, &(0x7f00000000c0)) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) (async) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x3, 0x6c, 0xffff4988, 0x1, 0x401, 0x20, 0x2, 0x3, 0x1f}, 0x0) (async) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) (async) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) (async) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0xf762, 0x3, &(0x7f0000000080)="9490aaae829310ff", 0x4, 0x0, 0x0, {0x3, r4}}, 0x1) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) syz_io_uring_setup(0x7c92, &(0x7f00000001c0)={0x0, 0xd531, 0x2, 0x2, 0x86}, &(0x7f0000635000/0x2000)=nil, &(0x7f0000634000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280)) (async) pipe(&(0x7f0000000040)) (async) socket(0x10, 0x3, 0x0) (async) splice(r6, 0x0, r7, 0x0, 0x4ffe0, 0x0) (async) 22:10:47 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) (async) r3 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) (async) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) (async) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x3, 0x6c, 0xffff4988, 0x1, 0x401, 0x20, 0x2, 0x3, 0x1f}, 0x0) (async) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) (async) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0xf762, 0x3, &(0x7f0000000080)="9490aaae829310ff", 0x4, 0x0, 0x0, {0x3, r4}}, 0x1) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) syz_io_uring_setup(0x7c92, &(0x7f00000001c0)={0x0, 0xd531, 0x2, 0x2, 0x86}, &(0x7f0000635000/0x2000)=nil, &(0x7f0000634000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280)) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) (async) r7 = socket(0x10, 0x3, 0x0) splice(r6, 0x0, r7, 0x0, 0x4ffe0, 0x0) 22:10:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x8, 0x2}) 22:10:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) r3 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) (async) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) (async) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) (async) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x401) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)) 22:10:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x42, 0x2}) 22:10:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x64, 0x2}) 22:10:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) r3 = io_uring_setup(0x3b81, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) (async) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r5 = io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x0, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x13, 0x200000ce, r4) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x401) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000180)) [ 2872.118776][T23887] warn_alloc: 1 callbacks suppressed [ 2872.118789][T23887] syz-executor.2: vmalloc error: size 314150912, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2872.140712][T23887] CPU: 0 PID: 23887 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2872.149554][T23887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2872.159592][T23887] Call Trace: [ 2872.162981][T23887] [ 2872.165973][T23887] dump_stack_lvl+0xd6/0x122 [ 2872.170561][T23887] dump_stack+0x11/0x1b [ 2872.174765][T23887] warn_alloc+0x132/0x190 [ 2872.179085][T23887] ? alloc_page_interleave+0x104/0x120 [ 2872.184542][T23887] __vmalloc_node_range+0x58b/0x690 [ 2872.189725][T23887] ? xt_alloc_table_info+0x39/0x70 [ 2872.194820][T23887] __vmalloc_node+0x61/0x70 [ 2872.199337][T23887] ? xt_alloc_table_info+0x39/0x70 [ 2872.204564][T23887] kvmalloc_node+0xd2/0x110 [ 2872.209086][T23887] xt_alloc_table_info+0x39/0x70 [ 2872.214089][T23887] do_ipt_set_ctl+0x649/0x1710 [ 2872.218906][T23887] ? rmqueue_pcplist+0x157/0x1f0 [ 2872.223848][T23887] ? rmqueue+0x4a/0xd20 [ 2872.228041][T23887] ? __rcu_read_unlock+0x5c/0x290 [ 2872.233220][T23887] nf_setsockopt+0x1a6/0x1c0 [ 2872.237791][T23887] ip_setsockopt+0x2815/0x2c80 [ 2872.242563][T23887] ? _raw_spin_unlock+0x2e/0x50 [ 2872.247550][T23887] ? finish_task_switch+0xd0/0x280 [ 2872.252729][T23887] ? __schedule+0x44a/0x6a0 [ 2872.257252][T23887] ? __rcu_read_unlock+0x5c/0x290 [ 2872.262411][T23887] ? schedule+0x8b/0xb0 [ 2872.266572][T23887] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2872.271936][T23887] ? avc_has_perm+0x70/0x160 [ 2872.276523][T23887] ? avc_has_perm+0xd5/0x160 [ 2872.281101][T23887] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2872.287663][T23887] ? selinux_socket_setsockopt+0x145/0x170 [ 2872.293515][T23887] udp_setsockopt+0x83/0x90 [ 2872.298047][T23887] sock_common_setsockopt+0x5d/0x70 [ 2872.303227][T23887] ? sock_common_recvmsg+0xe0/0xe0 [ 2872.308322][T23887] __sys_setsockopt+0x209/0x2a0 [ 2872.313167][T23887] __x64_sys_setsockopt+0x62/0x70 [ 2872.318329][T23887] do_syscall_64+0x44/0xd0 [ 2872.322809][T23887] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2872.328730][T23887] RIP: 0033:0x7ff9d4f80e99 [ 2872.333200][T23887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2872.352795][T23887] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2872.361334][T23887] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2872.369283][T23887] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2872.377232][T23887] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2872.385183][T23887] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2872.393171][T23887] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2872.401127][T23887] [ 2872.404204][T23887] Mem-Info: [ 2872.407304][T23887] active_anon:320 inactive_anon:98710 isolated_anon:0 [ 2872.407304][T23887] active_file:4234 inactive_file:62948 isolated_file:0 [ 2872.407304][T23887] unevictable:0 dirty:0 writeback:0 [ 2872.407304][T23887] slab_reclaimable:5657 slab_unreclaimable:16094 [ 2872.407304][T23887] mapped:27489 shmem:595 pagetables:1199 bounce:0 [ 2872.407304][T23887] kernel_misc_reclaimable:0 [ 2872.407304][T23887] free:1716496 free_pcp:3456 free_cma:0 [ 2872.448523][T23887] Node 0 active_anon:1280kB inactive_anon:394840kB active_file:16936kB inactive_file:251792kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109956kB dirty:0kB writeback:0kB shmem:2380kB writeback_tmp:0kB kernel_stack:3984kB pagetables:4796kB all_unreclaimable? no [ 2872.474868][T23887] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2872.501696][T23887] lowmem_reserve[]: 0 2896 7874 7874 [ 2872.506996][T23887] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2872.535582][T23887] lowmem_reserve[]: 0 0 4978 4978 [ 2872.540692][T23887] Node 0 Normal free:3884908kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1280kB inactive_anon:394840kB active_file:16936kB inactive_file:251792kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:8764kB local_pcp:4588kB free_cma:0kB [ 2872.570996][T23887] lowmem_reserve[]: 0 0 0 0 [ 2872.575554][T23887] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2872.588216][T23887] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2872.604352][T23887] Node 0 Normal: 41*4kB (UE) 17*8kB (E) 198*16kB (ME) 71*32kB (ME) 40*64kB (UME) 20*128kB (UME) 19*256kB (UME) 67*512kB (UME) 195*1024kB (UME) 53*2048kB (UME) 861*4096kB (UM) = 3884908kB [ 2872.622856][T23887] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2872.632179][T23887] 11698 total pagecache pages [ 2872.636834][T23887] 0 pages in swap cache [ 2872.640999][T23887] Swap cache stats: add 0, delete 0, find 0/0 [ 2872.647058][T23887] Free swap = 0kB [ 2872.650918][T23887] Total swap = 0kB [ 2872.654626][T23887] 2097051 pages RAM [ 2872.658411][T23887] 0 pages HighMem/MovableOnly [ 2872.663088][T23887] 75959 pages reserved 22:10:55 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x0, 0x29}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:10:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x6f, 0x2}) 22:10:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1d) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x80, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) syz_io_uring_setup(0x5578, &(0x7f0000000180)={0x0, 0x7a91, 0x1, 0x0, 0x392}, &(0x7f0000634000/0x1000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200)) 22:10:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) getrlimit(0x2, &(0x7f0000000080)) 22:10:55 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:10:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x111, 0x2}) 22:10:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x12e, 0x2}) 22:10:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x80, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) syz_io_uring_setup(0x5578, &(0x7f0000000180)={0x0, 0x7a91, 0x1, 0x0, 0x392}, &(0x7f0000634000/0x1000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200)) 22:10:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x130, 0x2}) 22:10:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x80, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) syz_io_uring_setup(0x5578, &(0x7f0000000180)={0x0, 0x7a91, 0x1, 0x0, 0x392}, &(0x7f0000634000/0x1000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200)) 22:10:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x204, 0x2}) 22:11:04 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x0, 0x88}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:11:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x2e2, 0x2}) 22:11:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) setrlimit(0xd, &(0x7f0000000080)={0x20, 0x8}) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:11:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) getrlimit(0x2, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) socket(0x10, 0x3, 0x0) (async) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) (async) getrlimit(0x2, &(0x7f0000000080)) (async) 22:11:04 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x1e) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:11:04 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x2000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:11:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) setrlimit(0xd, &(0x7f0000000080)={0x20, 0x8}) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) 22:11:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x300, 0x2}) 22:11:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x402, 0x2}) 22:11:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 32) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 32) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) (async) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) getrlimit(0x2, &(0x7f0000000080)) 22:11:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) setrlimit(0xd, &(0x7f0000000080)={0x20, 0x8}) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) setrlimit(0xd, &(0x7f0000000080)={0x20, 0x8}) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) 22:11:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x406, 0x2}) [ 2888.598698][T24006] warn_alloc: 1 callbacks suppressed [ 2888.598710][T24006] syz-executor.2: vmalloc error: size 314175488, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2888.620787][T24006] CPU: 1 PID: 24006 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2888.629612][T24006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2888.639648][T24006] Call Trace: [ 2888.642926][T24006] [ 2888.645878][T24006] dump_stack_lvl+0xd6/0x122 [ 2888.650454][T24006] dump_stack+0x11/0x1b [ 2888.654586][T24006] warn_alloc+0x132/0x190 [ 2888.659440][T24006] ? alloc_page_interleave+0x104/0x120 [ 2888.664884][T24006] __vmalloc_node_range+0x58b/0x690 [ 2888.670063][T24006] ? xt_alloc_table_info+0x39/0x70 [ 2888.675198][T24006] __vmalloc_node+0x61/0x70 [ 2888.679682][T24006] ? xt_alloc_table_info+0x39/0x70 [ 2888.684787][T24006] kvmalloc_node+0xd2/0x110 [ 2888.689280][T24006] xt_alloc_table_info+0x39/0x70 [ 2888.694194][T24006] do_ipt_set_ctl+0x649/0x1710 [ 2888.698940][T24006] ? rmqueue_pcplist+0x157/0x1f0 [ 2888.703855][T24006] ? rmqueue+0x4a/0xd20 [ 2888.708064][T24006] ? __rcu_read_unlock+0x5c/0x290 [ 2888.713135][T24006] nf_setsockopt+0x1a6/0x1c0 [ 2888.717758][T24006] ip_setsockopt+0x2815/0x2c80 [ 2888.722502][T24006] ? _raw_spin_unlock+0x2e/0x50 [ 2888.727392][T24006] ? finish_task_switch+0xd0/0x280 [ 2888.732507][T24006] ? __schedule+0x44a/0x6a0 [ 2888.736992][T24006] ? __rcu_read_unlock+0x5c/0x290 [ 2888.742026][T24006] ? schedule+0x8b/0xb0 [ 2888.746176][T24006] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2888.751536][T24006] ? avc_has_perm+0x70/0x160 [ 2888.756367][T24006] ? avc_has_perm+0xd5/0x160 [ 2888.760936][T24006] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2888.767282][T24006] ? selinux_socket_setsockopt+0x145/0x170 [ 2888.773081][T24006] udp_setsockopt+0x83/0x90 [ 2888.777561][T24006] sock_common_setsockopt+0x5d/0x70 [ 2888.782823][T24006] ? sock_common_recvmsg+0xe0/0xe0 [ 2888.788005][T24006] __sys_setsockopt+0x209/0x2a0 [ 2888.792930][T24006] __x64_sys_setsockopt+0x62/0x70 [ 2888.798060][T24006] do_syscall_64+0x44/0xd0 [ 2888.802509][T24006] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2888.808379][T24006] RIP: 0033:0x7ff9d4f80e99 [ 2888.812771][T24006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2888.832581][T24006] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2888.840974][T24006] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2888.848936][T24006] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2888.856966][T24006] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2888.864922][T24006] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2888.872955][T24006] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2888.880950][T24006] [ 2888.884090][T24006] Mem-Info: [ 2888.887185][T24006] active_anon:322 inactive_anon:98480 isolated_anon:0 [ 2888.887185][T24006] active_file:4239 inactive_file:62949 isolated_file:0 [ 2888.887185][T24006] unevictable:0 dirty:0 writeback:0 [ 2888.887185][T24006] slab_reclaimable:5642 slab_unreclaimable:16070 [ 2888.887185][T24006] mapped:27425 shmem:597 pagetables:1166 bounce:0 [ 2888.887185][T24006] kernel_misc_reclaimable:0 [ 2888.887185][T24006] free:1716908 free_pcp:3344 free_cma:0 [ 2888.928709][T24006] Node 0 active_anon:1288kB inactive_anon:393920kB active_file:16956kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2388kB writeback_tmp:0kB kernel_stack:3936kB pagetables:4664kB all_unreclaimable? no [ 2888.955106][T24006] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2888.981994][T24006] lowmem_reserve[]: 0 2896 7874 7874 [ 2888.987322][T24006] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:1684kB free_cma:0kB [ 2889.015991][T24006] lowmem_reserve[]: 0 0 4978 4978 [ 2889.021077][T24006] Node 0 Normal free:3886556kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1288kB inactive_anon:393920kB active_file:16956kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:8332kB local_pcp:4468kB free_cma:0kB [ 2889.051537][T24006] lowmem_reserve[]: 0 0 0 0 [ 2889.056052][T24006] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2889.068781][T24006] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2889.084860][T24006] Node 0 Normal: 1*4kB (E) 107*8kB (UME) 218*16kB (UME) 75*32kB (UME) 42*64kB (ME) 20*128kB (ME) 19*256kB (UME) 68*512kB (UME) 195*1024kB (UME) 53*2048kB (UME) 861*4096kB (UM) = 3886556kB [ 2889.103468][T24006] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2889.112766][T24006] 11709 total pagecache pages [ 2889.117418][T24006] 0 pages in swap cache [ 2889.121607][T24006] Swap cache stats: add 0, delete 0, find 0/0 [ 2889.127658][T24006] Free swap = 0kB [ 2889.131497][T24006] Total swap = 0kB [ 2889.135199][T24006] 2097051 pages RAM [ 2889.139004][T24006] 0 pages HighMem/MovableOnly [ 2889.143661][T24006] 75959 pages reserved 22:11:12 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x0, 0x0, {0x11}}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:11:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000540)=@file={0x1, './file0\x00'}, 0x6e) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) clock_gettime(0x0, &(0x7f000000db40)={0x0, 0x0}) recvmmsg(r3, &(0x7f000000d8c0)=[{{&(0x7f0000000180)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000340)=""/217, 0xd9}, {&(0x7f0000000480)=""/90, 0x5a}], 0x2, &(0x7f000000dd00)=""/136, 0x83}, 0x728}, {{&(0x7f00000005c0)=@x25={0x9, @remote}, 0x80, &(0x7f0000001980)=[{&(0x7f0000000640)=""/224, 0xe0}, {&(0x7f0000000740)=""/214, 0x44}, {&(0x7f0000000840)=""/65, 0x41}, {&(0x7f00000008c0)=""/181, 0xb5}, {&(0x7f0000000980)=""/4096, 0x1000}], 0x5, &(0x7f0000001a00)=""/33, 0x21}, 0x9}, {{&(0x7f0000001a40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001c80)=[{&(0x7f0000001ac0)=""/162, 0xa2}, {&(0x7f0000001b80)=""/238, 0xee}], 0x2, &(0x7f0000001cc0)=""/4096, 0x1000}, 0x1}, {{&(0x7f0000002cc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000002e40)=[{&(0x7f0000002d40)=""/203, 0xcb}], 0x1, &(0x7f0000002e80)=""/217, 0xd9}, 0x1}, {{&(0x7f000000dbc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000004280)=[{&(0x7f0000003000)=""/60, 0x3c}, {&(0x7f0000003040)=""/4096, 0x1000}, {&(0x7f0000004040)=""/1, 0x1}, {&(0x7f0000004080)=""/193, 0xc1}, {&(0x7f0000004180)=""/214, 0xd6}], 0x5, &(0x7f0000004300)=""/204, 0xcc}, 0x9}, {{&(0x7f0000004400)=@qipcrtr, 0x80, &(0x7f00000066c0)=[{&(0x7f0000004480)=""/213, 0xd5}, {&(0x7f0000004580)=""/195, 0xc3}, {&(0x7f0000004680)=""/21, 0x15}, {&(0x7f00000046c0)=""/4086, 0x1000}, {&(0x7f00000056c0)=""/4096, 0x1000}, {&(0x7f0000006c80)=""/4096, 0x1000}], 0x6}, 0x8000}, {{&(0x7f0000006740)=@can, 0x80, &(0x7f0000008c80)=[{&(0x7f00000067c0)=""/214, 0xd6}, {&(0x7f00000068c0)=""/48, 0x30}, {&(0x7f0000006900)=""/212, 0xd4}, {&(0x7f0000007c80)=""/4096, 0x1000}, {&(0x7f0000006a00)=""/241, 0xf1}, {&(0x7f0000006b00)=""/235, 0xeb}], 0x6, &(0x7f0000008d00)=""/69, 0x45}, 0xc}, {{&(0x7f0000008d80)=@un=@abs, 0x80, &(0x7f000000b140)=[{&(0x7f0000008e00)=""/101, 0x65}, {&(0x7f0000008e80)=""/4096, 0x1000}, {&(0x7f0000006c00)=""/60, 0x3c}, {&(0x7f0000009e80)=""/215, 0xd7}, {&(0x7f0000009f80)=""/4096, 0x1000}, {&(0x7f000000af80)=""/127, 0x7f}, {&(0x7f000000b000)=""/239, 0xef}, {&(0x7f000000b100)=""/55, 0x37}], 0x8, &(0x7f000000b1c0)=""/51, 0x33}, 0x8}, {{&(0x7f000000b200)=@pptp={0x18, 0x2, {0x0, @local}}, 0x80, &(0x7f000000c3c0)=[{&(0x7f000000b280)=""/4096, 0x1000}, {&(0x7f000000c280)=""/136, 0x88}, {&(0x7f000000c340)=""/74, 0x4a}], 0x3, &(0x7f000000c400)=""/4096, 0x1000}, 0x7}, {{0x0, 0x0, &(0x7f000000d800)=[{&(0x7f000000d400)=""/105, 0x69}, {&(0x7f000000d480)=""/205, 0xcd}, {&(0x7f0000000500)=""/49, 0x2a}, {&(0x7f000000d5c0)=""/138, 0x8a}, {&(0x7f000000d680)=""/226, 0xe2}, {&(0x7f000000d780)=""/73, 0x49}], 0x6, &(0x7f0000002f80)=""/46, 0x2e}, 0xffffffff}], 0xa, 0x2002, &(0x7f000000db80)={r6, r7+10000000}) syz_io_uring_submit(r1, r5, &(0x7f0000000080)=@IORING_OP_NOP={0x0, 0x4}, 0xfe3) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:11:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:11:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x604, 0x2}) 22:11:12 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x2040000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:11:12 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x63) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:11:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x700, 0x2}) 22:11:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x1101, 0x2}) 22:11:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x2e01, 0x2}) 22:11:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x3001, 0x2}) 22:11:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x4000, 0x2}) 22:11:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x4200, 0x2}) 22:11:20 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x0, 0x0, {0x29}}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:11:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x6400, 0x2}) 22:11:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) (async) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) 22:11:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async, rerun: 32) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async, rerun: 32) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000540)=@file={0x1, './file0\x00'}, 0x6e) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) clock_gettime(0x0, &(0x7f000000db40)={0x0, 0x0}) recvmmsg(r3, &(0x7f000000d8c0)=[{{&(0x7f0000000180)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000340)=""/217, 0xd9}, {&(0x7f0000000480)=""/90, 0x5a}], 0x2, &(0x7f000000dd00)=""/136, 0x83}, 0x728}, {{&(0x7f00000005c0)=@x25={0x9, @remote}, 0x80, &(0x7f0000001980)=[{&(0x7f0000000640)=""/224, 0xe0}, {&(0x7f0000000740)=""/214, 0x44}, {&(0x7f0000000840)=""/65, 0x41}, {&(0x7f00000008c0)=""/181, 0xb5}, {&(0x7f0000000980)=""/4096, 0x1000}], 0x5, &(0x7f0000001a00)=""/33, 0x21}, 0x9}, {{&(0x7f0000001a40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001c80)=[{&(0x7f0000001ac0)=""/162, 0xa2}, {&(0x7f0000001b80)=""/238, 0xee}], 0x2, &(0x7f0000001cc0)=""/4096, 0x1000}, 0x1}, {{&(0x7f0000002cc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000002e40)=[{&(0x7f0000002d40)=""/203, 0xcb}], 0x1, &(0x7f0000002e80)=""/217, 0xd9}, 0x1}, {{&(0x7f000000dbc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000004280)=[{&(0x7f0000003000)=""/60, 0x3c}, {&(0x7f0000003040)=""/4096, 0x1000}, {&(0x7f0000004040)=""/1, 0x1}, {&(0x7f0000004080)=""/193, 0xc1}, {&(0x7f0000004180)=""/214, 0xd6}], 0x5, &(0x7f0000004300)=""/204, 0xcc}, 0x9}, {{&(0x7f0000004400)=@qipcrtr, 0x80, &(0x7f00000066c0)=[{&(0x7f0000004480)=""/213, 0xd5}, {&(0x7f0000004580)=""/195, 0xc3}, {&(0x7f0000004680)=""/21, 0x15}, {&(0x7f00000046c0)=""/4086, 0x1000}, {&(0x7f00000056c0)=""/4096, 0x1000}, {&(0x7f0000006c80)=""/4096, 0x1000}], 0x6}, 0x8000}, {{&(0x7f0000006740)=@can, 0x80, &(0x7f0000008c80)=[{&(0x7f00000067c0)=""/214, 0xd6}, {&(0x7f00000068c0)=""/48, 0x30}, {&(0x7f0000006900)=""/212, 0xd4}, {&(0x7f0000007c80)=""/4096, 0x1000}, {&(0x7f0000006a00)=""/241, 0xf1}, {&(0x7f0000006b00)=""/235, 0xeb}], 0x6, &(0x7f0000008d00)=""/69, 0x45}, 0xc}, {{&(0x7f0000008d80)=@un=@abs, 0x80, &(0x7f000000b140)=[{&(0x7f0000008e00)=""/101, 0x65}, {&(0x7f0000008e80)=""/4096, 0x1000}, {&(0x7f0000006c00)=""/60, 0x3c}, {&(0x7f0000009e80)=""/215, 0xd7}, {&(0x7f0000009f80)=""/4096, 0x1000}, {&(0x7f000000af80)=""/127, 0x7f}, {&(0x7f000000b000)=""/239, 0xef}, {&(0x7f000000b100)=""/55, 0x37}], 0x8, &(0x7f000000b1c0)=""/51, 0x33}, 0x8}, {{&(0x7f000000b200)=@pptp={0x18, 0x2, {0x0, @local}}, 0x80, &(0x7f000000c3c0)=[{&(0x7f000000b280)=""/4096, 0x1000}, {&(0x7f000000c280)=""/136, 0x88}, {&(0x7f000000c340)=""/74, 0x4a}], 0x3, &(0x7f000000c400)=""/4096, 0x1000}, 0x7}, {{0x0, 0x0, &(0x7f000000d800)=[{&(0x7f000000d400)=""/105, 0x69}, {&(0x7f000000d480)=""/205, 0xcd}, {&(0x7f0000000500)=""/49, 0x2a}, {&(0x7f000000d5c0)=""/138, 0x8a}, {&(0x7f000000d680)=""/226, 0xe2}, {&(0x7f000000d780)=""/73, 0x49}], 0x6, &(0x7f0000002f80)=""/46, 0x2e}, 0xffffffff}], 0xa, 0x2002, &(0x7f000000db80)={r6, r7+10000000}) (async) syz_io_uring_submit(r1, r5, &(0x7f0000000080)=@IORING_OP_NOP={0x0, 0x4}, 0xfe3) (async, rerun: 64) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (rerun: 64) pipe(&(0x7f0000000040)) 22:11:20 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x3000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:11:20 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x162) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:11:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x6f00, 0x2}) 22:11:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) (async) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000100)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) (async) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)) (async) socket(0x10, 0x3, 0x0) (async) splice(r3, 0x0, r4, 0x0, 0x4ffe0, 0x0) (async) 22:11:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0xe202, 0x2}) 22:11:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x400000, 0x2}) 22:11:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_setup(0x4155, &(0x7f0000000180)={0x0, 0xe8e0, 0x1, 0x2, 0x1a3, 0x0, r0}, &(0x7f00006d4000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000240)=@IORING_OP_WRITE_FIXED={0x5, 0x5, 0x6000, @fd_index=0x5, 0x6, 0x6, 0x9, 0x0, 0x1}, 0x2) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r5 = socket(0x10, 0x3, 0x0) splice(r4, 0x0, r5, 0x0, 0x4ffe0, 0x0) [ 2899.825142][T24119] ================================================================== [ 2899.833250][T24119] BUG: KCSAN: data-race in __io_cqring_fill_event / io_drain_req [ 2899.840969][T24119] [ 2899.843295][T24119] write to 0xffff888134f4d200 of 4 bytes by task 24120 on cpu 1: [ 2899.851008][T24119] __io_cqring_fill_event+0xf9/0x380 [ 2899.856291][T24119] io_req_complete_post+0x4b/0x5d0 [ 2899.861403][T24119] io_issue_sqe+0x3d8c/0x53b0 [ 2899.866075][T24119] io_wq_submit_work+0x1c5/0x370 [ 2899.871018][T24119] io_worker_handle_work+0x4ca/0xbd0 [ 2899.876305][T24119] io_wqe_worker+0x1bc/0x4f0 [ 2899.880913][T24119] ret_from_fork+0x1f/0x30 [ 2899.885341][T24119] [ 2899.887660][T24119] read to 0xffff888134f4d200 of 4 bytes by task 24119 on cpu 0: [ 2899.895280][T24119] io_drain_req+0x3a9/0x4e6 [ 2899.899789][T24119] io_submit_sqe+0x44ca/0x47d3 [ 2899.904554][T24119] io_submit_sqes+0x25d/0x670 [ 2899.909224][T24119] __se_sys_io_uring_enter+0x212/0xb00 [ 2899.914681][T24119] __x64_sys_io_uring_enter+0x74/0x80 [ 2899.920053][T24119] do_syscall_64+0x44/0xd0 22:11:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x80ffff, 0x2}) [ 2899.924473][T24119] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2899.930372][T24119] [ 2899.932693][T24119] value changed: 0x000003d7 -> 0x000003d8 [ 2899.938401][T24119] [ 2899.940710][T24119] Reported by Kernel Concurrency Sanitizer on: [ 2899.946856][T24119] CPU: 0 PID: 24119 Comm: syz-executor.1 Not tainted 5.16.0-rc7-syzkaller #0 [ 2899.955612][T24119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2899.965660][T24119] ================================================================== [ 2905.178704][T24121] warn_alloc: 1 callbacks suppressed [ 2905.178719][T24121] syz-executor.2: vmalloc error: size 314085376, page order 0, failed to allocate pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2905.200614][T24121] CPU: 0 PID: 24121 Comm: syz-executor.2 Not tainted 5.16.0-rc7-syzkaller #0 [ 2905.209364][T24121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2905.219413][T24121] Call Trace: [ 2905.222703][T24121] [ 2905.225664][T24121] dump_stack_lvl+0xd6/0x122 [ 2905.230316][T24121] dump_stack+0x11/0x1b [ 2905.234472][T24121] warn_alloc+0x132/0x190 [ 2905.238819][T24121] ? alloc_page_interleave+0x104/0x120 [ 2905.244273][T24121] __vmalloc_node_range+0x58b/0x690 [ 2905.249505][T24121] ? xt_alloc_table_info+0x39/0x70 [ 2905.254672][T24121] __vmalloc_node+0x61/0x70 [ 2905.259185][T24121] ? xt_alloc_table_info+0x39/0x70 [ 2905.264351][T24121] kvmalloc_node+0xd2/0x110 [ 2905.268898][T24121] xt_alloc_table_info+0x39/0x70 [ 2905.273871][T24121] do_ipt_set_ctl+0x649/0x1710 [ 2905.278661][T24121] ? rmqueue_pcplist+0x157/0x1f0 [ 2905.283736][T24121] ? rmqueue+0x4a/0xd20 [ 2905.287950][T24121] ? __rcu_read_unlock+0x5c/0x290 [ 2905.292952][T24121] nf_setsockopt+0x1a6/0x1c0 [ 2905.297550][T24121] ip_setsockopt+0x2815/0x2c80 [ 2905.302368][T24121] ? _raw_spin_unlock+0x2e/0x50 [ 2905.307271][T24121] ? finish_task_switch+0xd0/0x280 [ 2905.312477][T24121] ? __schedule+0x44a/0x6a0 [ 2905.317005][T24121] ? __rcu_read_unlock+0x5c/0x290 [ 2905.322107][T24121] ? schedule+0x8b/0xb0 [ 2905.326269][T24121] ? avc_has_perm_noaudit+0x1c0/0x270 [ 2905.331627][T24121] ? avc_has_perm+0x70/0x160 [ 2905.336206][T24121] ? avc_has_perm+0xd5/0x160 [ 2905.340830][T24121] ? selinux_netlbl_socket_setsockopt+0xd7/0x2c0 [ 2905.347149][T24121] ? selinux_socket_setsockopt+0x145/0x170 [ 2905.352990][T24121] udp_setsockopt+0x83/0x90 [ 2905.357478][T24121] sock_common_setsockopt+0x5d/0x70 [ 2905.362664][T24121] ? sock_common_recvmsg+0xe0/0xe0 [ 2905.367826][T24121] __sys_setsockopt+0x209/0x2a0 [ 2905.372662][T24121] __x64_sys_setsockopt+0x62/0x70 [ 2905.377687][T24121] do_syscall_64+0x44/0xd0 [ 2905.382084][T24121] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2905.388205][T24121] RIP: 0033:0x7ff9d4f80e99 [ 2905.392599][T24121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2905.412185][T24121] RSP: 002b:00007ff9d40f7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2905.420603][T24121] RAX: ffffffffffffffda RBX: 00007ff9d5093f60 RCX: 00007ff9d4f80e99 [ 2905.428567][T24121] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 2905.436613][T24121] RBP: 00007ff9d4fdaff1 R08: 0000000000000358 R09: 0000000000000000 [ 2905.444580][T24121] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000000 [ 2905.452600][T24121] R13: 00007fffaa92d4ef R14: 00007ff9d40f7300 R15: 0000000000022000 [ 2905.460571][T24121] [ 2905.463743][T24121] Mem-Info: [ 2905.466948][T24121] active_anon:296 inactive_anon:98480 isolated_anon:0 [ 2905.466948][T24121] active_file:4245 inactive_file:62949 isolated_file:0 [ 2905.466948][T24121] unevictable:0 dirty:0 writeback:0 [ 2905.466948][T24121] slab_reclaimable:5638 slab_unreclaimable:16122 [ 2905.466948][T24121] mapped:27425 shmem:571 pagetables:1166 bounce:0 [ 2905.466948][T24121] kernel_misc_reclaimable:0 [ 2905.466948][T24121] free:1716758 free_pcp:3504 free_cma:0 [ 2905.508335][T24121] Node 0 active_anon:1184kB inactive_anon:393920kB active_file:16980kB inactive_file:251796kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:109700kB dirty:0kB writeback:0kB shmem:2284kB writeback_tmp:0kB kernel_stack:3936kB pagetables:4664kB all_unreclaimable? no [ 2905.534701][T24121] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2905.561690][T24121] lowmem_reserve[]: 0 2896 7874 7874 [ 2905.567010][T24121] Node 0 DMA32 free:2965716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970760kB mlocked:0kB bounce:0kB free_pcp:5044kB local_pcp:3360kB free_cma:0kB [ 2905.595807][T24121] lowmem_reserve[]: 0 0 4978 4978 [ 2905.600880][T24121] Node 0 Normal free:3885956kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:0KB active_anon:1184kB inactive_anon:393920kB active_file:16980kB inactive_file:251796kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:8972kB local_pcp:3064kB free_cma:0kB [ 2905.631227][T24121] lowmem_reserve[]: 0 0 0 0 [ 2905.635730][T24121] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2905.648337][T24121] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 6*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 722*4096kB (M) = 2965716kB [ 2905.664334][T24121] Node 0 Normal: 179*4kB (UME) 143*8kB (UME) 196*16kB (UME) 88*32kB (UME) 40*64kB (UME) 26*128kB (UME) 20*256kB (UME) 63*512kB (UME) 195*1024kB (UME) 53*2048kB (UME) 861*4096kB (UM) = 3885956kB [ 2905.683510][T24121] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 2905.692819][T24121] 11686 total pagecache pages [ 2905.697478][T24121] 0 pages in swap cache [ 2905.701682][T24121] Swap cache stats: add 0, delete 0, find 0/0 [ 2905.707736][T24121] Free swap = 0kB [ 2905.711445][T24121] Total swap = 0kB [ 2905.715148][T24121] 2097051 pages RAM [ 2905.719128][T24121] 0 pages HighMem/MovableOnly [ 2905.723788][T24121] 75959 pages reserved 22:11:28 executing program 2: set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0xf1d) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x1fffffbf, 0x4800, 0x0, 0x160, 0x160, 0x62020000, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@ip={@loopback=0x7f008e04, @local, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_0\x00'}, 0xb003, 0x130, 0x160, 0x8, {0xf400000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "4bc74c01d6369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa2acab6b1d2cc05060feb70b5bc8c2d4ba3a94a2d2393e3182f64695d7d05fb478c8f56627a5cf905d564eeeb83ff0150ca0f3c44f7fda4d20a55050342ea9685ecc8838e049f1f2e2d081ddda375bb7008adc297a5ece1bb2df53d17bef26bb6f8", 0x0, 0x0, {0x88}}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 22:11:28 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x163) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:11:28 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14}, &(0x7f00000001c0)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f0000000200)=0x40000001, 0x86, 0x0, 0x0, 0x0, 0x4000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 22:11:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x1000000, 0x2}) 22:11:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000540)=@file={0x1, './file0\x00'}, 0x6e) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) (async) clock_gettime(0x0, &(0x7f000000db40)={0x0, 0x0}) recvmmsg(r3, &(0x7f000000d8c0)=[{{&(0x7f0000000180)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000340)=""/217, 0xd9}, {&(0x7f0000000480)=""/90, 0x5a}], 0x2, &(0x7f000000dd00)=""/136, 0x83}, 0x728}, {{&(0x7f00000005c0)=@x25={0x9, @remote}, 0x80, &(0x7f0000001980)=[{&(0x7f0000000640)=""/224, 0xe0}, {&(0x7f0000000740)=""/214, 0x44}, {&(0x7f0000000840)=""/65, 0x41}, {&(0x7f00000008c0)=""/181, 0xb5}, {&(0x7f0000000980)=""/4096, 0x1000}], 0x5, &(0x7f0000001a00)=""/33, 0x21}, 0x9}, {{&(0x7f0000001a40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001c80)=[{&(0x7f0000001ac0)=""/162, 0xa2}, {&(0x7f0000001b80)=""/238, 0xee}], 0x2, &(0x7f0000001cc0)=""/4096, 0x1000}, 0x1}, {{&(0x7f0000002cc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000002e40)=[{&(0x7f0000002d40)=""/203, 0xcb}], 0x1, &(0x7f0000002e80)=""/217, 0xd9}, 0x1}, {{&(0x7f000000dbc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000004280)=[{&(0x7f0000003000)=""/60, 0x3c}, {&(0x7f0000003040)=""/4096, 0x1000}, {&(0x7f0000004040)=""/1, 0x1}, {&(0x7f0000004080)=""/193, 0xc1}, {&(0x7f0000004180)=""/214, 0xd6}], 0x5, &(0x7f0000004300)=""/204, 0xcc}, 0x9}, {{&(0x7f0000004400)=@qipcrtr, 0x80, &(0x7f00000066c0)=[{&(0x7f0000004480)=""/213, 0xd5}, {&(0x7f0000004580)=""/195, 0xc3}, {&(0x7f0000004680)=""/21, 0x15}, {&(0x7f00000046c0)=""/4086, 0x1000}, {&(0x7f00000056c0)=""/4096, 0x1000}, {&(0x7f0000006c80)=""/4096, 0x1000}], 0x6}, 0x8000}, {{&(0x7f0000006740)=@can, 0x80, &(0x7f0000008c80)=[{&(0x7f00000067c0)=""/214, 0xd6}, {&(0x7f00000068c0)=""/48, 0x30}, {&(0x7f0000006900)=""/212, 0xd4}, {&(0x7f0000007c80)=""/4096, 0x1000}, {&(0x7f0000006a00)=""/241, 0xf1}, {&(0x7f0000006b00)=""/235, 0xeb}], 0x6, &(0x7f0000008d00)=""/69, 0x45}, 0xc}, {{&(0x7f0000008d80)=@un=@abs, 0x80, &(0x7f000000b140)=[{&(0x7f0000008e00)=""/101, 0x65}, {&(0x7f0000008e80)=""/4096, 0x1000}, {&(0x7f0000006c00)=""/60, 0x3c}, {&(0x7f0000009e80)=""/215, 0xd7}, {&(0x7f0000009f80)=""/4096, 0x1000}, {&(0x7f000000af80)=""/127, 0x7f}, {&(0x7f000000b000)=""/239, 0xef}, {&(0x7f000000b100)=""/55, 0x37}], 0x8, &(0x7f000000b1c0)=""/51, 0x33}, 0x8}, {{&(0x7f000000b200)=@pptp={0x18, 0x2, {0x0, @local}}, 0x80, &(0x7f000000c3c0)=[{&(0x7f000000b280)=""/4096, 0x1000}, {&(0x7f000000c280)=""/136, 0x88}, {&(0x7f000000c340)=""/74, 0x4a}], 0x3, &(0x7f000000c400)=""/4096, 0x1000}, 0x7}, {{0x0, 0x0, &(0x7f000000d800)=[{&(0x7f000000d400)=""/105, 0x69}, {&(0x7f000000d480)=""/205, 0xcd}, {&(0x7f0000000500)=""/49, 0x2a}, {&(0x7f000000d5c0)=""/138, 0x8a}, {&(0x7f000000d680)=""/226, 0xe2}, {&(0x7f000000d780)=""/73, 0x49}], 0x6, &(0x7f0000002f80)=""/46, 0x2e}, 0xffffffff}], 0xa, 0x2002, &(0x7f000000db80)={r6, r7+10000000}) syz_io_uring_submit(r1, r5, &(0x7f0000000080)=@IORING_OP_NOP={0x0, 0x4}, 0xfe3) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) 22:11:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) (async) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f0000634000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) (async) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index}, 0x0) syz_io_uring_setup(0x4155, &(0x7f0000000180)={0x0, 0xe8e0, 0x1, 0x2, 0x1a3, 0x0, r0}, &(0x7f00006d4000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f0000000200)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000240)=@IORING_OP_WRITE_FIXED={0x5, 0x5, 0x6000, @fd_index=0x5, 0x6, 0x6, 0x9, 0x0, 0x1}, 0x2) (async) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) (async) r5 = socket(0x10, 0x3, 0x0) splice(r4, 0x0, r5, 0x0, 0x4ffe0, 0x0) 22:11:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x2000000, 0x2}) 22:11:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x2040000, 0x2}) 22:11:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x3000000, 0x2}) 22:11:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x4000000, 0x2}) 22:11:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x6040000, 0x2}) 22:11:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) io_uring_setup(0x5963, &(0x7f0000000540)={0x0, 0x7000000, 0x2})